[10041] in bugtraq
Re: Possible security hole
daemon@ATHENA.MIT.EDU (Darren Reed)
Tue Mar 30 21:28:15 1999
Date: Tue, 30 Mar 1999 09:13:50 +1000
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: Ryan.Russell@SYBASE.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <88256743.00113951.00@gwwest.sybase.com> from "Ryan Russell" at
Mar 28, 99 07:07:57 pm
In some mail from Ryan Russell, sie said:
>
> >The first 25 packets were lost before the interface's initialization. The
> >packets with sequence number greater than 34 are droped from the firewall.
> >What about the packets with sequence number 25-34? Is it possible that
> >someone can use this time (after the interface's initialization and before
> >the firewall's initialization) to do something bad?
>
> Absolutely. There is a period of time while the FW is booting when the
> OS is up, but the FW software is not. FW-1 makes no attempt to hook
> the IP stack in such a way to prevent this. You MUST secure the
> underlying OS ON YOUR OWN. FW-1 does NOT "harden" the OS..
I think you missed the point here...if the interfaces are UP, then
it's likely to be forwarding packets *through* the box...I don't
know if the NT version of FW-1 has a control ip forwarding option
as does the Solaris one, but it should. (THe poster didn't say if
packets got through or if they even tested that).
Darren
