Great Circle Associates Firewalls
(June 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: How good is "stateful inspection"? (fwd)
From: "Paul M. Cardon" <pmarc @ fnbc . com>
Date: Fri, 28 Jun 96 05:58:05 -0500
To: "Ronald L. Sharp" <rls @ neptune . att . com>
Cc: Ryan . Russell @ sybase . com, firewalls @ greatcircle . com
In-reply-to: <9606272146 . AB27615 @ ig4 . att . att . com>
References: <9606272146 . AB27615 @ ig4 . att . att . com>
Reply-to: pmarc @ fnbc . com 
My MUA insists that "Ronald L. Sharp" wrote:
> Some poorly written programs, and there are many, will
> use the wrong C commands and an overflow of the field's buffer can
> allow an attacker to place instructions on the execution stack. The
> result is obvious.
> 
> A standard proxy application should be able to prevent this by its
> very nature. It will use the proper c commands with fixed buffer
> sizes and will truncate the data to the proper size before passing
> it on. 

How does the proxy know the size of the buffer being used by the client or server at either end?  That may vary from one implementation to another.  The author of the proxy cannot know what buffer size will be correct for all situations.

---
Paul M. Cardon - System Officer
Capital Markets Systems - First Chicago NBD Corporation
pmarc @
 cmg .
 fcnbd .
 com - (312) 732-7392

I never give them hell.  I just tell the truth and they think it's hell.    - H. Truman

MD5 (/dev/null) = d41d8cd98f00b204e9800998ecf8427e
Follow-Ups:
References:
Indexed By Date Previous: Re: How good is "stateful inspection"?
From: Todd Hooper <todd @ momentum . com . au>
Next: [no subject]
From: dehtpnmk @ ibmmail . com
Indexed By Thread Previous: Re: How good is "stateful inspection"? (fwd)
From: "Ronald L. Sharp" <rls @ neptune . att . com>
Next: Re: How good is "stateful inspection"? (fwd)
From: Darren Reed <avalon @ coombs . anu . edu . au>
Google
 
Search Internet Search www.greatcircle.com