[3692] in bugtraq
Digital FW2.0 question
daemon@ATHENA.MIT.EDU (Peter Dieth)
Tue Nov 26 23:29:08 1996
Date: Tue, 26 Nov 1996 21:59:22 +0100
Reply-To: Peter Dieth <pd@netlanders.net>
From: Peter Dieth <pd@netlanders.net>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
Hi Netlanders,
today I snooped thru a "DEC FireWall for Unix 2.0" (Altavista) system
running under Digital Unix V3.2c and detected a questionable kernel
setup.
I used iprsetup (tool to display/modify kernel variables)
case 1: firewall activated
--------------------------
# iprsetup -f1 # undocumented switch to enable fw setup
# iprsetup -d
ipforwarding = 1
ipgateway = 1
ipfirewall = 1
ipchkredirects = 1
ipsrcroute = 0
case 2: firewall deactivated
----------------------------
# iprsetup -r # reset values
# iprsetup -d
ipforwarding = 0
ipgateway = 0
ipfirewall = 0
...
Why does dec enable ipforwarding and ipgatewaying in a firewall
configuration with disabled "transparent proxies" ?
Is there a weakness in the screend or networking code regarding ip
frags ?
The box seems to get slower when sending many ip frags to it.
cu,
Peter
BTW: I could crash the system using the "win95ping" and made a dos
using syn atack.
---
LIFE = A fatal condition caused by sexual contact
