This can only be done with a product that works entirely in kernel space as the entire point is to completely stop userspace.
now anything can be added in the kernel, but if you add to much you just increase the chance that bad code gets into the kernel and at that point the usefulness of this becomes more questionable. I know that AIX has some kernel-space packet filtering in it, I don't know about Solaris, but I think *BSD does everything through userspace tools. David Lang On Sun, 10 Feb 2002, Kim, Cameron wrote: > Date: Sun, 10 Feb 2002 23:44:24 -0800 > From: "Kim, Cameron" <[EMAIL PROTECTED]> > To: 'David Lang' <[EMAIL PROTECTED]>, > "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: RE: running a firewall in halted state > > So After reading the article, Have you heard of anyone doing this with > Solaris or FreeBSD? Or even with a Application layer product like Checkpoint > or Raptor? In theory.. It may be possible > > Cameron Kim > Mitsubishi Digital Electronics America > Voice: 949-465-6099 > Fax: 949-465-6118 > > > -----Original Message----- > From: David Lang [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 08, 2002 6:33 PM > To: David Endler > Cc: [EMAIL PROTECTED] > Subject: Re: running a firewall in halted state > > > yep, been doing it for years. the fun part is explaining to auditors why you > are having to reboot the box when they ask you to show you it's config > :-) > > if you can get away with packet filtering and are willing to go without logs > it sure eases concerns about vunerable services on the box (the only bug > that can bite you is a kernel bug and they are _Very_ rare) > > David Lang > > > On Fri, 8 Feb 2002, David Endler wrote: > > > Date: Fri, 8 Feb 2002 16:21:39 -0500 > > From: David Endler <[EMAIL PROTECTED]> > > To: [EMAIL PROTECTED] > > Subject: running a firewall in halted state > > > > Here's a link to a Sys Admin Magazine article about how to run a linux > > firewall in halted state. pretty cool idea. > > > > http://www.samag.com/documents/s=1824/sam0201d/0201d.htm > > <http://www.samag.com/documents/s=1824/sam0201d/0201d.htm> > > > > David Endler, CISSP > > Director, iDEFENSE Labs > > 14151 Newbrook Drive > > Suite 100 > > Chantilly, VA 20151 > > voice: 703-344-2632 > > fax: 703-961-1071 > > > > [EMAIL PROTECTED] > > www.idefense.com > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
