Carl-Daniel Hailfinger wrote:
I personally have known that using -m state --state
ESTABLISHED,RELATED was not the most secure thing to use for returning
traffic. Namely this will allow you to make a valid connection to a web
server, say to retrieve a picture. Then said web server could send
On Thursday 21 December 2006 09:37, Grant Taylor wrote:
I have read the article. I suspect that my uncertainty has to do
with lack of how the SPI portion of the code works. I am not
qualified to read the source code to make an informed opinion. I was
(mis)believing that the SPI was very
On Sun, 17 Dec 2006 20:51:44 -0600
Grant Taylor [EMAIL PROTECTED] wrote:
I ran across an interesting article
(http://www.heise-security.co.uk/articles/print/82481) (1) that I think
any and all firewall administrators should take a few moments to read.
I personally have known that using -m
Grant Taylor schrieb:
I personally have known that using -m state --state
ESTABLISHED,RELATED was not the most secure thing to use for returning
traffic.
Actually, what the described method accomplishes is not defeating the
firewall part, but the NAT part. If one of the hosts was not behind
a
Grant Taylor wrote:
I ran across an interesting article
(http://www.heise-security.co.uk/articles/print/82481) (1) that I think
any and all firewall administrators should take a few moments to read.
The article only reiterates the same old stories and FUD which have been
known for years.
I
I ran across an interesting article
(http://www.heise-security.co.uk/articles/print/82481) (1) that I think
any and all firewall administrators should take a few moments to read.
I personally have known that using -m state --state
ESTABLISHED,RELATED was not the most secure thing to use for