Re: [fw-wiz] OBSD reaction to CERT advisory
From: Darren Reed (darrenr@reed.wattle.id.au)
Date: 10/10/02
- Next message: Desai, Ashish: "RE: [fw-wiz] Tunnel intruder"
- Previous message: Dragos Ruiu: "Re: [fw-wiz] Tunnel intruder"
- In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Darren Reed <darrenr@reed.wattle.id.au> To: Daniel Hartmeier <daniel@benzedrine.cx> Date: Thu Oct 10 14:56:01 2002
In some email I received from Daniel Hartmeier, sie wrote:
[...]
> Mikael, can you recommend a suitable OS and ftp daemon combination that
> allows testing (the ftp server has commands that quote queries in the
> needed way and the OS' stack does partial retransmissions)?
Tell me what fool would agree to this setup ?
This is like a "Watch me tunnel IP packets over DNS and show you how
your firewall does not stop me hack internal boxes" where someone gets
to pick the DNS server on the inside and outside. Pick a vendor's
distribution that you think will work.
That brings me to another point, that was sorely missed in all the
public material I've seen so far, except maybe by Sun (and in the
wrong way) and that is you need a very special ftp daemon (i.e. not
any of the vendor ones I have tried) before it will stand a chance
of defeating IPFilter.
Darren
- Next message: Desai, Ashish: "RE: [fw-wiz] Tunnel intruder"
- Previous message: Dragos Ruiu: "Re: [fw-wiz] Tunnel intruder"
- In reply to: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Next in thread: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Reply: Daniel Hartmeier: "Re: [fw-wiz] OBSD reaction to CERT advisory"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
