On May 10, 2011, at 4:42 PM, Pete Smith wrote: > if an attacker initiates a connection dest port higher than 2048 (to some > other server the attacker controls) and source port of 80 that will pass > through an ACL without issues, this would not be so on a stateful firewall.
If the attacker's in a position to generate an outbound connection sourced from a well-known port (which presumably is supposed to have an httpd attached to it), there's nothing a stateful firewall can do to improve matters. ----------------------------------------------------------------------- Roland Dobbins <rdobb...@arbor.net> // <http://www.arbornetworks.com> The basis of optimism is sheer terror. -- Oscar Wilde _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/