From owner-freebsd-security Thu Oct 29 10:08:25 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA25124 for freebsd-security-outgoing; Thu, 29 Oct 1998 10:08:25 -0800 (PST) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from witch.xtra.co.nz (witch.xtra.co.nz [202.27.184.8]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA25117 for ; Thu, 29 Oct 1998 10:08:22 -0800 (PST) (envelope-from junkmale@pop3.xtra.co.nz) Received: from wocker (210-55-210-87.ipnets.xtra.co.nz [210.55.210.87]) by witch.xtra.co.nz (8.9.1/8.9.1) with SMTP id HAA15796; Fri, 30 Oct 1998 07:07:49 +1300 (NZDT) Message-Id: <199810291807.HAA15796@witch.xtra.co.nz> From: "Dan Langille" Organization: DVL Software Limited To: Mike Jenkins Date: Fri, 30 Oct 1998 07:07:59 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Connections succeed even though denied by IPFW Reply-to: junkmale@xtra.co.nz CC: freebsd-security@FreeBSD.ORG In-reply-to: <199810291642.KAA12888@carp.gbr.epa.gov> References: <19981029143547.A15193@cityip.co.za> X-mailer: Pegasus Mail for Win32 (v3.01b) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On 29 Oct 98, at 10:42, Mike Jenkins wrote: > Brings back memories of the classic packet filtering paper by Brent > Chapman entitled "Network (In)Security Through IP Packet Filtering". > Things have improved with packet filters but it can still be difficult to > get it right. Of course, you might run a scanner (nmap) to see if your > rules are working. Is it correct to assume that firewall proxies are not suspectible the same problem? I don't think so. That's why I'm curious as to why Chapman mentions packet filtering, not proxies. -- Dan Langille The FreeBSD Diary - my [mis]adventures http://www.FreeBSDDiary.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message