Hi,
On 18 Apr 2000, at 8:59, Pepmiller, Craig E. wrote:
> I believe the receiving system will send back an error notice. This tells
> the attacker that the system exists and possibly what type of device it is.
> >From there the attacker can try more specific probes and attacks.
>
You�re right. Most TCP/IP implementation answer a forged ACK packet with
an RST which will tell you this port is listening. Or with an icmp
unreachable, correct me if I�m wrong.
This is one thing. On the other hand, stateless static packet filters
just allow rules by looking on the SYN or the ACK bit (most
implementation use the ACK bit).
If you allow for example inbound packets with ACK bit set in any port
range, you can tunnel your firewall. There are patches for TCP/IP stacks
which allow connections to open with SYN and ACK set. If you combine this
with a trojan and it goes to your inside network, you are where don�t
want to be ;-)
Kind Regards / Mit freundlichen Gruessen,
--
Frank M. Heinzius mms Communication AG .~.
mailto:[EMAIL PROTECTED] Eiffestrasse 598 /V\
http://www.mms.de 20537 Hamburg, Germany // \\
Phone: +49 40 211105-40 Fax: +49 40 210 32 210 /( )\
PGP Pingerfrimp: 635E AFB4 6BF0 156E 4615 8C67 F258 C9F6 3595 80ED ^^-^^
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
