Re: Bridging Firewalls

From: Eirik Seim (eirik@mi.uib.no)
Date: 05/29/02

• Next message: Bernd Eckenfels: "Re: what ports does sendmail /popper use?"
• Previous message: Martin Hepworth: "Re: secure UNIX log server"
• In reply to: Dave Pimlott: "Re: Bridging Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: eirik@mi.uib.no (Eirik Seim)
Date: 29 May 2002 11:42:44 GMT

On Wed, 29 May 2002 10:03:09 +0000, Dave Pimlott wrote:
> Bob Yeaw wrote:
> >
> > I have been reading alot about bridging firewalls using OpenBSD and PF
> > or IPF and it seems like a great idea. Does anyone know of any
> > gotchas or problems with this approach? What attacks are possible on
> > a Packet filter with no IP address?
> >
>
> the only vulnerabilities I can think of are Ethernet attacks rather than
> TCP/IP attacks, e.g. MAC broadcast storms (which are hard to do
> remotely...)
> In terms of gotchas I can't think of any! In situations like this I
> "suck it and see".

Agreed. I think tunnelling and masquerading as legitimate traffic, i.e.
not attacking the firewall itself, as it can be truly invisible unless
on the same LAN (not touching the TTL), is a much greater threat than
the firewall itself beeing compromised.

One possible scenario could perhaps be if the filtering software can be
crashed. The filtering bridge is nothing but a bridge until the filtering
is applied, so I would assume it would be wide open if the filtering
software suddenly dies for some reason. Beeing more or less integrated into
the kernel, I would be very interested to see if anyone has experience
from this. Is it possibly for pf, ipf or even ipfw to crash in some
spectacular new way, leaving the networks unprotected?

Posting (and FUT) to comp.security.firewalls also, as I assume Berk and
possibly others there have opinions about this :)

- Eirik

-- 
New and exciting signature!

---

• Next message: Bernd Eckenfels: "Re: what ports does sendmail /popper use?"
• Previous message: Martin Hepworth: "Re: secure UNIX log server"
• In reply to: Dave Pimlott: "Re: Bridging Firewalls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Bridging Firewalls ... What attacks are possible on ... the firewall itself beeing compromised. ... One possible scenario could perhaps be if the filtering software can be ... ipf or even ipfw to crash in some ... (comp.security.firewalls) Re: Bridging Firewalls ... What attacks are possible on ... the firewall itself beeing compromised. ... One possible scenario could perhaps be if the filtering software can be ... ipf or even ipfw to crash in some ... (comp.security.firewalls) Re: Bridging Firewalls ... What attacks are possible on ... the firewall itself beeing compromised. ... One possible scenario could perhaps be if the filtering software can be ... ipf or even ipfw to crash in some ... (comp.security.unix) Re: [fw-wiz] Phrack #60: "Java tears down the Firewall" ... (Because recognition of a known pattern in a tcp traffic with packet filters is ... I was imlpying those attacks where you should do some communication ... >> level firewall, as it can match against signatures in the data channel. ... >> traffic filtering routers are not firewalls. ... (Firewall-Wizards) Re: ipf stopped working on 5.3 ... firewall immediately, ... > seeing the attacks where bots of some sort would try to break in ... I had tried, but ipf ... To unsubscribe, ... (FreeBSD-Security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.unix  > 2002-05