[13489] in bugtraq
Re: Crafted Packets Handling by Firewalls - FW-1 case
daemon@ATHENA.MIT.EDU (Darren Reed)
Fri Jan 21 19:55:11 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <200001210039.LAA13838@cairo.anu.edu.au>
Date: Fri, 21 Jan 2000 11:39:09 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: ofir@packet-technologies.com
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <000501bf6310$49893aa0$0f05a8c0@packettechnologies.com> from
"Ofir Arkin" at Jan 20, 2000 08:33:38 AM
In some mail from Ofir Arkin, sie said:
>
> I will try to focus more on the subject.
>
> FW-1 do accept: ACK, SYN-ACK, NULL, FIN-ACK (and more) as valid
> traffic if they match the rule base, even if no connection establishment
> was in progress and no session state was in the firewalls table.
[...]
FW-1's behaviour in this respect has been discussed at length in the
past and last year a patch was released by them for their base INSPECT
code which changed the behaviour to not be this way. A patch, which
fixes this problem, was made available due to DoS problems. I believe
this URL will help you:
http://www.checkpoint.com/techsupport/alerts/ackdos.html
Darren
