Re: Security flaw in iptables
On Sun, Apr 22, 2001 at 10:32:51AM +1000, Mark wrote:
>
> Thirdly, If I don't have an ftp server on my computer then does that
> mean that it won't affect me? Assuming that all users on my side of the
> firewall are totally trusted.
Nobody answered this so I try.
The atack is built around conections related to a FTP conections (statefull
FW thing). So, You don´t need a FTP server on Your machine, but You need
to allowe FTP conections thru Your FW to be wornible. So blocking all FTP
conections shuld fix it.
And to be exploited the attacker need some controll on both sides of the
FW. So the real trobel is if You have more then one protected zone. If
a server in the DMZ is cracked, it can be used by this to attack Your
other zoon.
So, You lose the *extra* protection of a DMZ, not more (if the users
inside your firewall is trusted).
/Lars
Reply to: