[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security flaw in iptables

On Sun, Apr 22, 2001 at 12:06:19PM +0200, Lars Hallberg wrote:
> So, You lose the *extra* protection of a DMZ, not more (if the users
> inside your firewall is trusted).

Actually there was a malformed-url-attack which allowed a public web page to
list a URL which will call the firewall to open an inbound connection if one
of your internal users where clicking on that url. This was due to very
simple protoocl parsing. I think that special case does ot work with the
iptables exploit but it clearly shows you, that you cant expect your users
are trusted if they can be tricked to send such data out of your net.

  (OO)      -- Bernd_Eckenfels@Wendelinusstrasse39.76646Bruchsal.de --
 ( .. )  ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/
  o--o     *plush*  2048/93600EFD  eckes@irc  +497257930613  BE5-RIPE
(O____O)  When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!

Reply to: