[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

woody firewall broken?



We have used woody to replace an old 2.0.x kernel based firewall.

I have used "nessus" from my home to check the security of our ISP hosts,
enabling all the security plugins, including the dangerous.

I think it is due to the nessus checks that we are getting "Deferring
messages" from the sendmail server; "Deferred: Connection timed out with
mx.terra.es.". What we know by sure is that using again the old firewall the
sendmail server works rightly again.

    The report which has raised the nessus checks is:  Vulnerability found
on port general/tcp

    It was possible
    to make the remote server crash
    using the 'stream.c' attack.

    A cracker may use this attack to
    shut down this server, thus
    preventing your network from
    working properly.

    Solution : contact your operating
    system vendor for a patch.

    Workaround : if you use IP filter,
    then add these rules :

    block in quick proto tcp from any to any head 100
    pass in quick proto tcp from any to any flags S keep state group 100
    pass in all

    Risk factor : High


Must we format and reinstall the woody firewall host?, or Do we have only to
add the new firewall rules (See below)?. I think that the new firewall has
been damaged due to I have rebooted it and it doesn't work yet.

How does the below lines translate to iptable rules?
    block in quick proto tcp from any to any head 100
    pass in quick proto tcp from any to any flags S keep state group 100
    pass in all



Regards,
Davi



-- 
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: