Re: Security flaw in iptables

To: debian-firewall@lists.debian.org
Subject: Re: Security flaw in iptables
From: lah@micropp.se (Lars Hallberg)
Date: Sun, 22 Apr 2001 12:06:19 +0200
Message-id: <20010422120619.A23677@albert.micropp.se>
In-reply-to: <3AE226B3.DB7A06BA@ozemail.com.au>; from mdevin@ozemail.com.au on Sun, Apr 22, 2001 at 10:32:51AM +1000
References: <3AE226B3.DB7A06BA@ozemail.com.au>

On Sun, Apr 22, 2001 at 10:32:51AM +1000, Mark wrote:
> 
> Thirdly, If I don't have an ftp server on my computer then does that
> mean that it won't affect me?  Assuming that all users on my side of the
> firewall are totally trusted.

Nobody answered this so I try.

The atack is built around conections related to a FTP conections (statefull
FW thing). So, You don´t need a FTP server on Your machine, but You need 
to allowe FTP conections thru Your FW to be wornible. So blocking all FTP 
conections shuld fix it.

And to be exploited the attacker need some controll on both sides of the 
FW. So the real trobel is if You have more then one protected zone. If 
a server in the DMZ is cracked, it can be used by this to attack Your 
other zoon.

So, You lose the *extra* protection of a DMZ, not more (if the users
inside your firewall is trusted).

/Lars

Reply to:

Follow-Ups:
- Re: Security flaw in iptables
  - From: Bernd Eckenfels <lists@lina.inka.de>

References:
- Security flaw in iptables
  - From: Mark <mdevin@ozemail.com.au>

Prev by Date: Re: Security flaw in iptables
Next by Date: Re: Security flaw in iptables
Previous by thread: Re: Security flaw in iptables
Next by thread: Re: Security flaw in iptables
Index(es):
- Date
- Thread