Re: Linux firewall/IDS/NAT suggestions

From: Seth Arnold (sarnold_at_wirex.com)
Date: 06/03/03

  • Next message: Mark Hazell: "Re: Linux firewall/IDS/NAT suggestions"
    Date: Tue, 3 Jun 2003 09:50:20 -0700
    To: focus-linux@securityfocus.com
    
    
    

    On Sat, May 31, 2003 at 12:12:44PM -0300, carrion@ravel.ufrj.br wrote:
    > What's the advantage of having the Firewall/NAT rules written on a CD-R media?

    A very simple convenience factor. If the firewall is cracked in some form,
    a simple reboot will re-initialize it, forcing the attacker to re-crack
    it, if he or she wishes to retain control of it. If the attacker was a
    rather casual peruser, he or she may not bother re-cracking, and your
    life can go on as normal for a few days while you build a new firewall
    that is not vulnerable to whatever was used in the attack.

    Of course, this assumes the attacker was noisy enough for you to notice
    it. If he or she does his or her job well enough, you'll never notice,
    and you're right -- there is practically zero benefit to having the
    rules be on a CD-R at that point. :)

    -- 
    "It seems the power has been robbed from the founding fathers and is now
    firmly in the hand of the funding fathers." -- Rik van Riel
    
    



  • Next message: Mark Hazell: "Re: Linux firewall/IDS/NAT suggestions"

    Relevant Pages

    • RE: Is this as bad as it seems?
      ... The network being protected by the router or firewall is still vulnerable to ... > circumvented - the administrator has explicitly allowed HTTP traffic on ... this exploit has the effect of allowing the attacker to send *INBOUND* HTTP ... The HTTP server (located on the internal network or anywhere else that is ...
      (Security-Basics)
    • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
      ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
      (Securiteam)
    • [VulnWatch] vulnerabilities in fortigate firewall webinterface
      ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
      (VulnWatch)
    • [Full-Disclosure] vulnerabilities in fortigate firewall webinterface
      ... Several vulnerabilities in web interface of Fortigate firewall of which ... attacker to obtain a username and password of the Fortigate. ... Username and MD5 hash of password are stored in cookie. ... WEB FILTER LOG PARSES UNFILTERED SESSION DETAILS ...
      (Full-Disclosure)
    • Next-hop scanning for open firewall ports
      ... a router after the firewall, ... Given a target computer protected by a firewall, ... where it's beneficial to push the filtering as far ... R1 will send back ICMP expired messages, but the attacker won't ...
      (Bugtraq)