Security flaw in iptables

To: Debian-firewall <debian-firewall@lists.debian.org>
Subject: Security flaw in iptables
From: Mark <mdevin@ozemail.com.au>
Date: Sun, 22 Apr 2001 10:32:51 +1000
Message-id: <3AE226B3.DB7A06BA@ozemail.com.au>

Firstly, I wonder if people are aware of this?

"If an attacker can establish an FTP connection passing through a Linux
2.4.x IPTables firewall with the state options allowing 'related'
connections (almost 100% do), he can insert entries into the firewall's
RELATED ruleset table allowing the FTP Server to connect to any host and
port protected by the firewalls rules, including the firewall
itself...."

Check out this link:
http://www.tempest.com.br/advisories/01-2001.html

Secondly, what is the best way to circumvent this flaw?

Does the 2.4.3 kernel fix it; because I noted that there were a couple
of new modules in it for iptables?

Thirdly, If I don't have an ftp server on my computer then does that
mean that it won't affect me?  Assuming that all users on my side of the
firewall are totally trusted.

Thanks.

Mark.

Reply to:

Follow-Ups:
- Re: Security flaw in iptables
  - From: "Ivan E. Moore II" <rkrusty@tdyc.com>
- Re: Security flaw in iptables
  - From: lah@micropp.se (Lars Hallberg)

Prev by Date: Re: Iptables logging
Next by Date: Re: Security flaw in iptables
Previous by thread: Re: iptables: input / output chains ..
Next by thread: Re: Security flaw in iptables
Index(es):
- Date
- Thread