On 24-Aug-99 Woody Weaver wrote:
> I don't think that is what was meant. I think the idea is that the card
> itself has some smarts independent of the kernel. If one were to
> compromise the card, there exists the possibility of going port to port on
> the card itself without going through the routing engine (hence not through
> the protections afforded by the firewall).
This is what he meant. He was pretty adamant that an intruder could gain
access to the card and from there get into the internal subnet. The implication
was that someone could do this without first gaining root on the firewall. At
the time, I assumed he was just smoking crack, but, again, wanted to check with
the experts. Now that various people have given their opinions, I'm convinced
the guy was smoking crack.
Thanks to everyone for their help.
Corbett Waddingham
E-greetings Network Data Wrangler
415-536-1861
http://www.egreetings.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
