My claim is that some folks, perhaps with vested
interests in seeing leading SPF vendors lose market,
have been trying to make people think that state tables
are prone to corruption without providing any examples.
If you've got details on the problem you've mentioned, I'd
love to hear them.
Ryan
Stepken <stepken @
edina .
xnc .
com> on 04/05/98 01:29:57 PM
To: Ryan Russell/SYBASE
cc: Christopher Zarcone <czarcone @
vf .
lmco .
com>, firewalls @
GreatCircle .
COM
Subject: Re: socks versus fw-1 stateful inspection vulnerabilities
Ryan Russell wrote:
> >I can't speak from experience, but I've also read stories of state
tables
> >becoming corrupt, usually with interesting consequences.
>
> No, you haven't. What you've heard is AG vendors claim that this could
> happen.
> The same vendors fail to point out that they suffer from the same issue
if
> the
> very similar TCP connection tables built into the OS that they rely on
> become corrupt. If your hardware flakes out, all bets are off on the
> security
> software.
I did some very stressing tests on firewalls with SPF and dynamic rules.
I was able to cause some memory overflow, which can be exploited as
buffer overflow, depending on the memory model of the OS.
Very often they use some well known hashfunctions (e.g. GNU), which also
have collisions. Such attacks are very special ones, but theycan be
done.
regards, Guido Stepken
|
|
