Re: [fw-wiz] Use of single port aggregations to enhance security
- From: ArkanoiD <ark@xxxxxxxxx>
- Date: Sat, 9 Jan 2010 11:26:15 +0300
I thought *every* operating system follows the rule "apply
packet filtering first, bring interfaces up later" nowdays?
On Wed, Jan 06, 2010 at 06:12:46AM +1100, Darren Reed wrote:
So what difference can this make?
If you're using an operating system based firewall (Linux,
BSD, Solaris), then depending on the order of the operating
system enabling firewalls capabilities vs networking, there
may be windows where packets are able to reach code paths
that they weren't intended for because nic drivers start
servicing packets quite early.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- References:
- [fw-wiz] Use of single port aggregations to enhance security
- From: Darren Reed
- [fw-wiz] Use of single port aggregations to enhance security
- Prev by Date: Re: [fw-wiz] Use of single port aggregations to enhance security
- Next by Date: [fw-wiz] Volunteers wanted for IPsec configuration experiment
- Previous by thread: Re: [fw-wiz] Use of single port aggregations to enhance security
- Next by thread: Re: [fw-wiz] Use of single port aggregations to enhance security
- Index(es):
Relevant Pages
|
