Re: recommend Linux firewalls for non-profit

From: Ginger Git (gingergit_at_PleaseRemoveNOSPAM.)
Date: 04/28/03


Date: Mon, 28 Apr 2003 18:19:55 +0000 (UTC)

Please explain how you are going to contact the Bridge from an internal
address if it has no IP address and is just a Bridge!!!!!

"Kasper Dupont" <kasperd@daimi.au.dk> wrote in message
news:3EACC203.D5AF748C@daimi.au.dk...
> Ginger Git wrote:
> >
> > but if the bridge has no IP address and therefore cannot be accessed
remotly
> > then there for it is secure!
>
> Wrong again.
>
> If you send packets to a host behind the bridge, they will go through the
> bridge. So the bridge will see such packets, which is enough to abuse a
> potential vulnurability in the bridge. Of course the simpler the bridge
> is, the less chance of a vulnurability. Possibly some clever internal
> design can protect vulnurabilities in interpretation of one protocol
> from affecting any other protocol.
>
> --
> Kasper Dupont -- der bruger for meget tid på usenet.
> For sending spam use mailto:aaarep@daimi.au.dk
> for(_=52;_;(_%5)||(_/=5),(_%5)&&(_-=2))putchar(_);

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.474 / Virus Database: 272 - Release Date: 18/04/2003


Relevant Pages

  • Re: VPN
    ... interfaces in a bridge group with the tunnel endpoints. ... This one tends to suggest that the low end cisco modems I had in mind ... You could then change to some other file sharing protocol that can use ... packets Peter is requesting. ...
    (comp.sys.acorn.networking)
  • Re: brouter - bridging non routable (layer 3?!) addresses - terminology question
    ... that without storing all the X'0800' packets not addressed to ... Some can router or bridge IP, router or bridge Appletalk, ... These comps use this layer 3 protocol, ...
    (comp.dcom.lans.ethernet)
  • Re: recommend Linux firewalls for non-profit
    ... If you send packets to a host behind the bridge, ... the less chance of a vulnurability. ... from affecting any other protocol. ...
    (comp.os.linux.security)
  • Re: Security of Cisco TKIP implementation on older products
    ... feature that prevents attacks on encrypted packets called bit-flip ... # Temporal Key Integrity Protocol -- TKIP, also known as WEP key ... the initialization vector in encrypted packets to calculate the WEP ... One end of the link (root bridge) supports a maximum of 1 association and accepts association only from the other bridge, and has MAC address filter enabled. ...
    (comp.dcom.sys.cisco)
  • Re: PF, bridge, states and window scaling problem
    ... My problem comes with the filter rules. ... the bridge use TCP window scaling. ... but not matched by the rest of the packets ... statefull firewall has an unpredictable behaviour on bridges. ...
    (freebsd-questions)