Re: iptables with a linux bridge

To: Simon Murcott <simon@murcott.net>
Cc: debian-security@lists.debian.org
Subject: Re: iptables with a linux bridge
From: Attila Nagy <bra@fsn.hu>
Date: Thu, 29 Nov 2001 14:33:18 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.40.0111291431220.1231-100000@scribble.fsn.hu>
In-reply-to: <[🔎] Pine.LNX.4.32.0111291627270.19291-100000@server.murcott.net>

Hello,

> One point you are missing is that it is possible using this kind of
> configuration to create a firewall where you cannot address any of
> it's external interfaces. So how can you do an intrusion attack on a
> firewall that you cannot address?
In theory it is possible. If you can use the packet filter for executing
arbitrary data (for example in an IP packet) you have the ability to get
root. Like with tcpdump. There were remote root exploits, but tcpdump
itself does not listens on any ports. This is the same, but with IP
addresses...

--------------------------------------------------------------------------
Attila Nagy                                    e-mail:  Attila.Nagy@fsn.hu
Budapest Polytechnic (BMF.HU)                   @work: +361 210 1415 (194)
H-1084 Budapest, Tavaszmezo u. 15-17.           cell.: +3630 306 6758

Reply to:

References:
- Re: iptables with a linux bridge
  - From: Simon Murcott <simon@murcott.net>

Prev by Date: Re: iptables with a linux bridge
Next by Date: Re: [d-sec] Fwd: [suse-security-announce] SuSE Security Announcement: wuftpd (SuSE-SA:2001:043)
Previous by thread: Re: iptables with a linux bridge
Next by thread: Re: iptables with a linux bridge
Index(es):
- Date
- Thread