Re: [fw-wiz] Firewalls that generate new packets..

J. Oquendo wrote:

...
On the flip side of this whole argument right here... Coming from an attack
vector, I've pretty much shut down (local and remotely) three of the five
firewalls I mentioned with a DoS tool I wrote that is being looked at by 2
of the five mentioned. Isn't that ironic... Here they are protecting, yet
here they are all vulnerable at the bottom of it all. I cannot, will not
post any coding probably ever because I do not believe there are fixes
(legacy TCP thing I believe). PSIRT has tinkered with it for the past 60+
days without a resolution. The other vendor solely sent a generic "eye eye
Spock we will look at it!" but my guess is they'd rather spend money on
inviting us all to continental breakfast and a movie (hey you got that
too!)

To be fair to firewall vendors about this attack though, it pretty much
shuts down anything connected period, from a DSL --> DS3 goodbye. So I
guess it would be fair to state that as opposed to seeming as if I'm
pointing a finger at the entire firewall industry.



This kind of attitude really annoys the heck out of me.

There are more people that care about hearing about these styles
of problems than those 5 companies.

Put up or shut up - at present, what you're describing sounds like
something you can talk about to make yourself seem clever as
there is no acknowledgement from anyone else that what you've
thought of works.

It's highly doubtful that you've run across something that nobody
else has and email like this does nothing except spread FUD.

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Relevant Pages

  • Re: [fw-wiz] Firewalls that generate new packets..
    ... easily verify that the traffic going through the firewall agreed with what i ... The other vendor solely sent a generic "eye eye ... To be fair to firewall vendors about this attack though, ...
    (Firewall-Wizards)
  • RE: [Full-Disclosure] Sidewinder G2
    ... Secure Computing Sidewinder G2 Firewall Stops New High-Profile Sendmail ... Technology Prevents Sendmail Attack Warned About in CERT Advisory ...
    (Full-Disclosure)
  • RE: Thinking about Security rules...
    ... > Subject: Re: Thinking about Security rules... ... >>rules for the IDS. ... by which you attack. ... firewalls in series isn't nearly as nice as a stateful firewall coupled ...
    (Vuln-Dev)
  • Re: Can I protect myself against network attacks?
    ... > I guess that was one purpose of the attack. ... > had happened if you just used the SP2 firewall which does not warn you ... back, I've seen the firewall crash before my eyes, without warning. ... network attacks, or trojans. ...
    (comp.security.firewalls)
  • Re: Firewall security: Re: Problems with simple Samba file share
    ... >>million doesn't change my action of deploying a firewall ONCE. ... They keys can be obtained ... > What I suspect is that you think a special attack will be developed ... the firewall helps protect us. ...
    (comp.os.linux.misc)