[31844] in bugtraq
Re: ICMP pokes holes in firewalls...
daemon@ATHENA.MIT.EDU (H D Moore)
Fri Sep 26 15:24:18 2003
Content-Type: text/plain;
charset="iso-8859-1"
From: H D Moore <hdm@digitaloffense.net>, (by way of Lucio <lucio@pixel.it>)
Reply-To: lucio@pixel.it
Date: Fri, 26 Sep 2003 11:54:57 +0000
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-Id: <200309261154.57044.lucio@pixel.it>
Content-Transfer-Encoding: 8bit
Only if these systems are running kernel version 2.2, the 2.4 NAT system
has been rewritten and is not vulnerable.
On Friday 26 September 2003 04:55 am, Lucio wrote:
> > This also applies to Linux NAT gateways.
>
> I'm rellay not an expert in building a firewall with a Linux box, but
> I've tried twice and now I have two customers happy of their
> unexpensive Linux based firewall. These firewalls offer also NAT
> functionality to the respective LANs they protect and use iptables
> rules with stateful inspection to filter the packets. Both customers
> have a DNS in between the linux firewall and the ISP's router. Are they
> vulnerable to any of those attacks?
