First, there are security risks in everything. Nothing is 100% secure and
given enough skill, time and effort any security countermeasure can be
bypassed. What one person builds another person can break, etc., etc.
Now, as to whether the ACK or RST flag can be manipulated, yes they can. If
one wants to, they can write code to create packets that have whatever bits
you want set, whatever options, whatever addresses, etc.
If a machine recieves a packet with an ACK bit set that it does not have a
session with, the stack should do something logical with it such as drop the
packet or send a RST. (I don't recall what the RFC says to do)
However, IP stacks are just software written by humans and humans make
mistakes. There's no guarantee that a stack won't do something illogical
with an illogical packet, so yes, there's some risk involved. There's also
the fact that the 'established' command is only good for TCP streams, so
lots of UDP attacks will not be blocked at all.
HTH,
Kent
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
phyrz
Sent: Saturday, August 25, 2001 11:34 PM
To: [EMAIL PROTECTED]
Subject: ACL - TCP established [7:17297]
When using the established key word at the end of an ACL statement, are
there any security risks?
Can the ACK or RST flag in a segment header be set from a source terminal
to trick the ACL, making it look like the segment is responding to a
request?
If so, I would think that anything that received the segment would ignore
it. Any thoughts?
Phyrz
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=17942&t=17297
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
