[10036] in bugtraq
Re: Possible security hole
daemon@ATHENA.MIT.EDU (Ryan Russell)
Mon Mar 29 17:26:04 1999
Date: Sun, 28 Mar 1999 19:07:57 -0800
Reply-To: Ryan Russell <Ryan.Russell@SYBASE.COM>
From: Ryan Russell <Ryan.Russell@SYBASE.COM>
X-To: Christoforos Karatzinis <chka@SOLUTIONS.IE>
To: BUGTRAQ@NETSPACE.ORG
>The first 25 packets were lost before the interface's initialization. The
>packets with sequence number greater than 34 are droped from the firewall.
>What about the packets with sequence number 25-34? Is it possible that
>someone can use this time (after the interface's initialization and before
>the firewall's initialization) to do something bad?
Absolutely. There is a period of time while the FW is booting when the
OS is up, but the FW software is not. FW-1 makes no attempt to hook
the IP stack in such a way to prevent this. You MUST secure the
underlying OS ON YOUR OWN. FW-1 does NOT "harden" the OS..
As for pings being dropped.. it's not unusual for some OSes
(IOS included) to respond to pings, and then not, and then
respond again during a boot. The second time not responding
may be when the FW software kicked it, depending on the rules
set.
Ryan
