Great Circle Associates Firewalls
(April 1998)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: socks versus fw-1 stateful inspection vulnerabilities
From: "Ryan Russell" <ryanr @ sybase . com>
Date: Sun, 5 Apr 1998 17:09:36 -0700
To: Stepken <stepken @ edina . xnc . com>
Cc: firewalls @ GreatCircle . COM

My claim is that some folks, perhaps with vested
interests in seeing leading SPF vendors lose market,
have been trying to make people think that state tables
are prone to corruption without providing any examples.

If you've got details on the problem you've mentioned, I'd
love to hear them.

                         Ryan





Stepken <stepken @
 edina .
 xnc .
 com> on 04/05/98 01:29:57 PM

To:   Ryan Russell/SYBASE
cc:   Christopher Zarcone <czarcone @
 vf .
 lmco .
 com>, firewalls @
 GreatCircle .
 COM
Subject:  Re: socks versus fw-1 stateful inspection vulnerabilities




Ryan Russell wrote:

> >I can't speak from experience, but I've also read stories of state
tables
> >becoming corrupt, usually with interesting consequences.
>
> No, you haven't.  What you've heard is AG vendors claim that this could
> happen.
> The same vendors fail to point out that they suffer from the same issue
if
> the
> very similar TCP connection tables built into the OS that they rely on
> become corrupt.  If your hardware flakes out, all bets are off on the
> security
> software.
I did some very stressing tests on firewalls with SPF and dynamic rules.
I was able to cause some memory overflow, which can be exploited as
buffer overflow, depending on the memory model of the OS.
Very often they use some well known hashfunctions (e.g. GNU), which also
have collisions. Such attacks are very special ones, but theycan be
done.

regards, Guido Stepken






Indexed By Date Previous: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Stepken <stepken @ edina . xnc . com>
Next: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Bernd Eckenfels <lists @ lina . inka . de>
Indexed By Thread Previous: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Bernd Eckenfels <lists @ lina . inka . de>
Next: Re: socks versus fw-1 stateful inspection vulnerabilities
From: Christopher Zarcone <czarcone @ vf . lmco . com>

Google
 
Search Internet Search www.greatcircle.com