Mikael Olsson wrote:
>
> I'd say "roast 'em over a slow burning bed of coals" if they
> aren't doing (pseudo)reassembly because there's been so many
> problems with illegal fragments that by now the need for it
> should be patently obvious.
The problem is that even if they did, they would not find anything. IMHO
Stateful Inspection has degraded into little more than a stateful packet
filter. Your checking protocol, IP's & ports and not much else. With
this in mind, rebuilding a packet does not get you anything because your
not checking offsets, payload, etc.
This was pretty obvious if you happened to check out the Inspect script
release to prevent WinNuke. Scary stuff that is easy to get around. ;)
HTH,
Chris
--
**************************************
[EMAIL PROTECTED]
* Mastering Cisco Routers
http://www.amazon.com/exec/obidos/ASIN/078212643X/
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
