Firewalls: Re: TCP options and firewalls1

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: TCP options and firewalls1
From:	Oliver Friedrichs <oliverf @ silence . secnet . com>
Date:	Wed, 15 Oct 1997 17:17:45 -0600 (MDT)
To:	Darren Reed <avalon @ coombs . anu . edu . au>
Cc:	Peter Ford <peterf @ microsoft . com>, Firewalls Mailing List <Firewalls @ GreatCircle . COM>
In-reply-to:	<199710151357 . GAA14013 @ mycroft . GreatCircle . COM>


On Wed, 15 Oct 1997, Darren Reed wrote:

> So far, there aren't any TCP header options which pose a threat to
> security, so one might argue there is no reason to check them for
> flagging a packet to drop.  But I wouldn't put it past a firewall to
> check that the TCP options present are recognised - an interesting

Unless you consider denial of service a security problem, in which case
all sorts of routers will fall over due to invalid TCP options.

- Oliver

 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
   Secure Networks Incorporated.  Calgary, Alberta, Canada, (403) 262-9211

References:

Re: TCP options and firewalls1
From: Darren Reed <avalon @ coombs . anu . edu . au>

Indexed By Date	Previous:	Firewall From: "helen liu" <Helen_Liu @ smtpgate . pericom . com>
Indexed By Date	Next:	ipsilon From: "Marcelo Diaz"<mdiaz @ tandem . cl>
Indexed By Thread	Previous:	Re: TCP options and firewalls1 From: Darren Reed <avalon @ coombs . anu . edu . au>
Indexed By Thread	Next:	Re: TCP options and firewalls From: Eric Vyncke <evyncke @ cisco . com>