[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security flaw in iptables

On Sun, Apr 22, 2001 at 10:32:51AM +1000, Mark wrote:
> Thirdly, If I don't have an ftp server on my computer then does that
> mean that it won't affect me?  Assuming that all users on my side of the
> firewall are totally trusted.

Nobody answered this so I try.

The atack is built around conections related to a FTP conections (statefull
FW thing). So, You don´t need a FTP server on Your machine, but You need 
to allowe FTP conections thru Your FW to be wornible. So blocking all FTP 
conections shuld fix it.

And to be exploited the attacker need some controll on both sides of the 
FW. So the real trobel is if You have more then one protected zone. If 
a server in the DMZ is cracked, it can be used by this to attack Your 
other zoon.

So, You lose the *extra* protection of a DMZ, not more (if the users
inside your firewall is trusted).


Reply to: