| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: RFC 3514 released And others are right up on it's implications and options: From: Mikael Olsson <mikael.olsson@...vister.com> Subject: [fw-wiz] Clavister Proudly Announces RFC3514 Compliance Organization: Clavister AB Date: Tue, 01 Apr 2003 13:23:30 +0200 To: fw-wiz <firewall-wizards@...or.icsalabs.com> An innovative security initiative ?rnsk?ldsvik, Sweden -------------------------------- April 1, 2003 Clavister AB is proud to present the world's first RFC3514 compliant network firewall product. In a proactive move, Clavister implemented the "IPRF" consistency check five years ago, making its firewall software RFC3514 compliant before the fact. With the release of the innovative security initiative outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt , Clavister will rename this setting to "IPEvilFlag" and change its configurable set from "Ignore", "Strip" and "Drop" to "Drop" and "HALT" in the new feature release scheduled for April 31. "We foresee a huge demand for the added HALT functionality. With it, a firewall administrator will be able to cause the firewall's CPU to immediately halt and cease forwarding traffic when it sees evil IP datagrams", says Mikael Olsson, R&D Manager at Clavister. "At this point, the administrator can connect to the in-kernel debugger via XMLRPC and fully examine the state of the state table as well as the packet buffers, and carefully consider whether the firewall should continue to execute or simply keep it halted until the attack has blown past." "This represents a great leap forward in security for IP networks. We applaud Steve Bellovin's ingeniousness in engineering this fundamental change to the IP protocol.", concludes John Vestberg, Vice President, Security. Thanks, Ron DuFresne -- On Tue, 1 Apr 2003, John Cartwright wrote: > Hi > > Steve Bellovin has released an important new RFC: > > RFC 3514: The Security Flag in the IPv4 Header > ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt > > - John > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists