[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ICMP pokes holes in firewalls...

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: ICMP pokes holes in firewalls...
From: H D Moore <hdm@xxxxxxxxxxxxxxxxxx>, (by way of Lucio <lucio@xxxxxxxx>)
Date: Fri, 26 Sep 2003 11:54:57 +0000

Only if these systems are running kernel version 2.2, the 2.4 NAT system
has been rewritten and is not vulnerable.

On Friday 26 September 2003 04:55 am, Lucio wrote:
> > This also applies to Linux NAT gateways.
>
> I'm rellay not an expert in building a firewall with a Linux box, but
> I've tried twice and now I have two customers happy of their
> unexpensive Linux based firewall. These firewalls offer also NAT
> functionality to the respective LANs they protect and use iptables
> rules with stateful inspection to filter the packets. Both customers
> have a DNS in between the linux firewall and the ISP's router. Are they
> vulnerable to any of those attacks?

Follow-Ups:
- Re: ICMP pokes holes in firewalls...
  - From: Darren Reed

Prev by Date: Re: Does VeriSign's SiteFinder service violate the ECPA?
Next by Date: RE: CyberInsecurity: The cost of Monopoly
Previous by thread: RE: ICMP pokes holes in firewalls...
Next by thread: Re: ICMP pokes holes in firewalls...
Index(es):
- Date
- Thread