Great Circle Associates Firewalls
(February 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: FW-1 and FIN scanning (was: nmap tool)
From: Steve Birnbaum <sbirn @ security . org . il>
Date: Wed, 04 Feb 1998 13:29:51 +0200
To: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Cc: "'Marek Kubita'" <marek @ corpus . cz>, "'firewalls @ greatcircle . com'" <firewalls @ greatcircle . com>
In-reply-to: Your message of "Wed, 04 Feb 1998 12:21:38 +0100." <43BED8177D10D011A69A0800092C15D70F3520 @ haig . oplab . nmac . ericsson . se>

robert .
 stahlbrand @
 nmac .
 ericsson .
 se said:
> If think this is done with a cache with all current connections. When
> you clear the table (installing a policy) he just puts this cache
> somewhere and after it has been installed lifting the cache back in
> the system. Why should you put in more effort?

I'm not so sure about that.  Like I said, my understanding is that the
connections allowed in are those that might be possible given the outgoing
rules.  That way it can dynamically rebuild the state table without having
to re-establish the connection.  If something claiming to be established
from outsidebox:80 is allowed to insidebox:4005 then if insidebox doesn't
reset the connection but rather responds to it, then it was "surely" part of
an established session, allowing the firewall to add it to the table.

  Steve

-- 
sbirn @
 security .
 org .
 il Phone: +972-2-6795860    (PGP key available)
Fight Internet Spam!  http://www.vix.com/spam/  Disclaimer: My opinions only.


Attachment: pgpk4nGpinqY7.pgp
Description: PGP signature


References:
Indexed By Date Previous: firewall
From: "Chand Basha" <bashacnd @ hotmail . com>
Next: RE: FW-1 and FIN scanning (was: nmap tool)
From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Indexed By Thread Previous: RE: FW-1 and FIN scanning (was: nmap tool)
From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>
Next: RE: FW-1 and FIN scanning (was: nmap tool)
From: Robert Ståhlbrand <robert . stahlbrand @ nmac . ericsson . se>

Google
 
Search Internet Search www.greatcircle.com