Hello Everybody!,
I'm having a torrid time with our security guys at the moment. They are
extremely suspicious of the Linux firewall (running on RedHat 7.2) and I
need some information/proof to throw at them (along with a couple of
handgrenades!! :-)))) .
Here are my list of questions. If anybody could help, or point me towards
some documentation, I'd be eternally grateful.
1) How does netfilter maintain it's state table? I understand that one can
view it in the /proc/ip_conntrack file, but does this give me a full picture
of the state table?
2) Does the state stable keep things like IP sequence numbers so that
session hijacking can be avoided, and an interface label (e.g eth0) that the
state is for?
3) How would one go about confirming that netfilter does FULL stateful
checking?
4) Is there any way to alter the default session timeout periods without
having to recompile the kernel?
Thanks tons in advance,
Fionn.
___________________________________________________________________________________________________
The views expressed in this email are, unless otherwise stated, those of the author
and not those
of the FirstRand Banking Group or its management. The information in this e-mail is
confidential
and is intended solely for the addressee. Access to this e-mail by anyone else is
unauthorised.
If you are not the intended recipient, any disclosure, copying, distribution or any
action taken or
omitted in reliance on this, is prohibited and may be unlawful.
Whilst all reasonable steps are taken to ensure the accuracy and integrity of
information and data
transmitted electronically and to preserve the confidentiality thereof, no liability
or
responsibility whatsoever is accepted if information or data is, for whatever reason,
corrupted
or does not reach its intended destination.
________________________________
