it is highly recommended that u use permit to and permitfrom with the
established command
----- Original Message -----
From: "Kent Hundley"
To:
Sent: Friday, August 31, 2001 12:45 AM
Subject: RE: ACL - TCP established [7:17297]
> First, there are security risks in everything. Nothing is 100% secure and
> given enough skill, time and effort any security countermeasure can be
> bypassed. What one person builds another person can break, etc., etc.
>
> Now, as to whether the ACK or RST flag can be manipulated, yes they can.
If
> one wants to, they can write code to create packets that have whatever
bits
> you want set, whatever options, whatever addresses, etc.
>
> If a machine recieves a packet with an ACK bit set that it does not have a
> session with, the stack should do something logical with it such as drop
the
> packet or send a RST. (I don't recall what the RFC says to do)
>
> However, IP stacks are just software written by humans and humans make
> mistakes. There's no guarantee that a stack won't do something illogical
> with an illogical packet, so yes, there's some risk involved. There's
also
> the fact that the 'established' command is only good for TCP streams, so
> lots of UDP attacks will not be blocked at all.
>
> HTH,
> Kent
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> phyrz
> Sent: Saturday, August 25, 2001 11:34 PM
> To: [EMAIL PROTECTED]
> Subject: ACL - TCP established [7:17297]
>
>
> When using the established key word at the end of an ACL statement, are
> there any security risks?
>
> Can the ACK or RST flag in a segment header be set from a source terminal
> to trick the ACL, making it look like the segment is responding to a
> request?
> If so, I would think that anything that received the segment would ignore
> it. Any thoughts?
>
> Phyrz
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=18111&t=17297
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
