woody firewall broken?
We have used woody to replace an old 2.0.x kernel based firewall.
I have used "nessus" from my home to check the security of our ISP hosts,
enabling all the security plugins, including the dangerous.
I think it is due to the nessus checks that we are getting "Deferring
messages" from the sendmail server; "Deferred: Connection timed out with
mx.terra.es.". What we know by sure is that using again the old firewall the
sendmail server works rightly again.
The report which has raised the nessus checks is: Vulnerability found
on port general/tcp
It was possible
to make the remote server crash
using the 'stream.c' attack.
A cracker may use this attack to
shut down this server, thus
preventing your network from
working properly.
Solution : contact your operating
system vendor for a patch.
Workaround : if you use IP filter,
then add these rules :
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
Risk factor : High
Must we format and reinstall the woody firewall host?, or Do we have only to
add the new firewall rules (See below)?. I think that the new firewall has
been damaged due to I have rebooted it and it doesn't work yet.
How does the below lines translate to iptable rules?
block in quick proto tcp from any to any head 100
pass in quick proto tcp from any to any flags S keep state group 100
pass in all
Regards,
Davi
--
To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: