>From the context of the original question, I assumed the poster was talking
about using the 'established' keyword with a Cisco router access-list, not
the 'established' command on a Cisco PIX. One has nothing to do with the
other.
However, you are correct about using the permit and permitfrom with the
established command on the PIX. It's just not relevant to what the poster
was asking.
-Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 31, 2001 9:45 AM
To: Kent Hundley; [EMAIL PROTECTED]
Subject: Re: ACL - TCP established [7:17297]
it is highly recommended that u use permit to and permitfrom with the
established command
----- Original Message -----
From: "Kent Hundley"
To:
Sent: Friday, August 31, 2001 12:45 AM
Subject: RE: ACL - TCP established [7:17297]
> First, there are security risks in everything. Nothing is 100% secure and
> given enough skill, time and effort any security countermeasure can be
> bypassed. What one person builds another person can break, etc., etc.
>
> Now, as to whether the ACK or RST flag can be manipulated, yes they can.
If
> one wants to, they can write code to create packets that have whatever
bits
> you want set, whatever options, whatever addresses, etc.
>
> If a machine recieves a packet with an ACK bit set that it does not have a
> session with, the stack should do something logical with it such as drop
the
> packet or send a RST. (I don't recall what the RFC says to do)
>
> However, IP stacks are just software written by humans and humans make
> mistakes. There's no guarantee that a stack won't do something illogical
> with an illogical packet, so yes, there's some risk involved. There's
also
> the fact that the 'established' command is only good for TCP streams, so
> lots of UDP attacks will not be blocked at all.
>
> HTH,
> Kent
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> phyrz
> Sent: Saturday, August 25, 2001 11:34 PM
> To: [EMAIL PROTECTED]
> Subject: ACL - TCP established [7:17297]
>
>
> When using the established key word at the end of an ACL statement, are
> there any security risks?
>
> Can the ACK or RST flag in a segment header be set from a source terminal
> to trick the ACL, making it look like the segment is responding to a
> request?
> If so, I would think that anything that received the segment would ignore
> it. Any thoughts?
>
> Phyrz
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18115&t=17297
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
