I would like to open a discussion on attacks thru various firewall
implementations, in particularly Linux/FreeBSD boxes with either IP
Filter or ipfirewall.c doing filtering and masquerading and then
redirecting pors to local ports to handle some more complex proxies. I
have a 2.0.X Linux kernel running this now and am looking at putting
together a system I can use as a firewall with some reliability. here
are some ideas of possible attacks and I would like comments ontheir
feasability and wether they are being performed presently and if their
are fixes:
1. Fragmenting packets so that port information is passed in second
packet and the filter only looks at first so it lets it go thru. I
know this is a possibility with various packet filtering firewalls on
the market now. Linux 2.0 has an option to re-assemble all fragmented
packets going thru it before applying the filter which stops it.
2. A sequence number guessing attack (what kidn of sequence number
generators do the various OSs have?)
3. Stupid use of gets()
Stoopid configurations don't really count either 8)
Craig Brozefsky cosmo @
ebs .
net
System Administrator vox: 312-226-1675
EBS.NET fax: 312-226-1677
Network Consulting http://www.ebs.net
Follow-Ups:
|
|
