In article <9506282219 .
Peter Couvares <pfcouvar @
>If, say, a UDP packet flies from internal host A through a stateful
>packet filter to external host B in such a way that the firewall
>expects a reply from machine B, what's to stop a second, malicious
In general, UDP is a big can of worms. I would hope that
commercial packet filters would come with all UDP services
This kind of attack is possible with any mechanism, application
layer or packet filter, when it comes to UDP, unless you are
examining the data.
>If not, it seems likely that someone could exploit this in order to
>circumvent the firewall--but I can't think of a specific example
>offhand. Is it possible that there are there no common situations
Well, if one were permitting NFS through the firewall... we
get a request a month from customers about how they can do this
kind of thing. (We reluctantly tell them)
:!mcr!: | <A HREF="http://www.milkyway.com/">Milkyway Networks Corporation</A>
Michael Richardson | Makers of the Black Hole firewall
NCF: aa714 || xx714 | +1 613 566-4574 ... mcr @
Home: <A HREF="http://www.sandelman.ocunix.on.ca/People/Michael_Richardson/Bio.html">mcr @
ca</A>. PGP key available.