Hey Fionn How are you doing?
The answer to your questions (me thinks) can best be found in the kernel (netfilter) source code. Ray 02/05/03 01:52:02, "Williamson, Fionn" <[EMAIL PROTECTED]> wrote: >Hello Everybody!, > >I'm having a torrid time with our security guys at the moment. They are >extremely suspicious of the Linux firewall (running on RedHat 7.2) and I >need some information/proof to throw at them (along with a couple of >handgrenades!! :-)))) . > >Here are my list of questions. If anybody could help, or point me towards >some documentation, I'd be eternally grateful. > >1) How does netfilter maintain it's state table? I understand that one can >view it in the /proc/ip_conntrack file, but does this give me a full picture >of the state table? > >2) Does the state stable keep things like IP sequence numbers so that >session hijacking can be avoided, and an interface label (e.g eth0) that the >state is for? > >3) How would one go about confirming that netfilter does FULL stateful >checking? > >4) Is there any way to alter the default session timeout periods without >having to recompile the kernel? > > >Thanks tons in advance, > >Fionn. > > > >___________________________________________________________________________________________________ > > >The views expressed in this email are, unless otherwise stated, those of the author >and not those >of the FirstRand Banking Group or its management. The information in this e-mail is >confidential >and is intended solely for the addressee. Access to this e-mail by anyone else is >unauthorised. >If you are not the intended recipient, any disclosure, copying, distribution or any >action taken or >omitted in reliance on this, is prohibited and may be unlawful. >Whilst all reasonable steps are taken to ensure the accuracy and integrity of >information and data >transmitted electronically and to preserve the confidentiality thereof, no liability >or >responsibility whatsoever is accepted if information or data is, for whatever reason, >corrupted >or does not reach its intended destination. > > ________________________________ > ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za ICQ:153663421 Tel: +27-11-444-5006 Fax: +27-11-444-5007 "No matter where you go, there you are." ----------------------------------------
