On Wed, 4 Apr 2001, [EMAIL PROTECTED] wrote:
> Our firewall is set to deny all inbound connection requests (SYN packets?).
> Am I right in assuming that the worm couldn't get in?
In all these worm cases, yes. It is worth noting that a SYN defense
firewall is not impervious to all types of attacks. I'm not a IP guru, but
I wouldn't put it past one to put two and two together to build a worm
that can penetrate SYN blocking firewalls.
> Also, where should I subscribe for updates to the firewalling software that
> ships with Linux? As this is the first line of defence, I should like to be
> notified in the event that a hole is found in it.
The basic ipfm, ipchains, and iptables are pretty rolled into the kernel's
networking code. If there is a vulnerability there, it will probably be
well publicized on all Linux mailing lists. Iptables used to have a
developers list, but its fallen silent since the move to iptables.
iptables has the netfilter mailing list, but its pretty much for module
developers and netfilter core maintainers.
If you are using a specific firewall product on top of ipfw, ipchains, or
iptables, they hopefully will provide updates if a hole in the rules they
provide or generate is found.
thornton
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
