From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Interesting article about punching holes in firewalls...
Date: Thu, 21 Dec 2006 15:37:24 +0000 [thread overview]
Message-ID: <458AAA34.6010201@riverviewtech.net> (raw)
In-Reply-To: <45860240.2040102@riverviewtech.net>
Carl-Daniel Hailfinger wrote:
>> I personally have known that using "-m state --state
>> ESTABLISHED,RELATED" was not the most secure thing to use for returning
>> traffic. Namely this will allow you to make a valid connection to a web
>> server, say to retrieve a picture. Then said web server could send
>> malicious traffic back to your computer and pass through your firewall.
>> This is because the traffic coming from the web server to your computer
>> is now deemed as RELATED. Previously I have written this off as not
>
> This is wrong on so many levels. Please reread the article. Then read
> the source code of your favourite firewalling system. All of those
> "attacks" require cooperation from your side. And if you (or someone
> using the computer you try to protect) are actively cooperating with
> the attacker, "fixing" the firewall should be the least important of
> your problems.
I have read the article. I suspect that my uncertainty has to do with
lack of how the SPI portion of the code works. I am not qualified to
read the source code to make an informed opinion. I was (mis)believing
that the SPI was very simple in the fact that it would classify any
returning traffic coming back from a host as related. Now, I'm getting
the impression that this is not the case and that only specific packets
are considered related.
Can / will someone that is more versed in programming / reading source
code please give me a brief overview of how the kernel decides what is
and is not related.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2006-12-21 15:37 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-18 2:51 [LARTC] Interesting article about punching holes in firewalls Grant Taylor
2006-12-18 2:51 ` Grant Taylor
2006-12-18 7:26 ` Cedric Blancher
2006-12-19 9:42 ` Martijn Lievaart
2006-12-19 11:05 ` Cedric Blancher
2006-12-19 18:53 ` Martijn Lievaart
2006-12-20 3:42 ` Cedric Blancher
2006-12-19 11:07 ` Jozsef Kadlecsik
2006-12-19 11:46 ` Pascal Hambourg
2006-12-18 22:34 ` Martijn Lievaart
2006-12-18 22:50 ` Pascal Hambourg
2006-12-20 21:23 ` [LARTC] " Stephen Hemminger
2006-12-20 21:23 ` Stephen Hemminger
2006-12-21 7:10 ` [LARTC] " Peter Surda
2006-12-21 7:57 ` Carl-Daniel Hailfinger
2006-12-21 7:57 ` Carl-Daniel Hailfinger
2006-12-25 21:43 ` [LARTC] " Torsten Luettgert
2006-12-21 15:37 ` Grant Taylor [this message]
2006-12-21 15:55 ` /dev/rob0
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=458AAA34.6010201@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.