Date: Tue, 16 Feb 1999 20:09:07 -0700 From: Dave Richards <dave@richcon.com> To: freebsd-questions@freebsd.org Subject: "established" firewall rule Message-ID: <36CA32D3.FB01EAE5@richcon.com>
next in thread | raw e-mail | index | archive | help
Hi All, I was recently the victim of a security breach on my FreeBSD 2.5 box (the fault of Qualcomm's Qpopper 2.4 daemon, NOT FreeBSD). It was not pretty.. trojan horse programs all over... As a result, I reinstalled with 2.8 and a firewall-enabled kernel. I think it's pretty secure now, except for one question: Can packets matching the "established" firewall rule be forged? I put the following line early in my firewall to improve performance: ipfw allow tcp from any to any established ...but I'm still a little worried that some crackerjack can forge packets by setting the RST or ACK bits in his packets to fool the firewall. Is this do-able??? Thanks for any insights... -- Sincerely, =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= David A Richards, CNE, Network Consultant Denver CO Richards Consulting Unix/Novell/WinNT/Web+Database+CGI E-mail: mailto:dave@richcon.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36CA32D3.FB01EAE5>