lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0304010942270.3315-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: RFC 3514 released

And others are right up on it's implications and options:

From: Mikael Olsson <mikael.olsson@...vister.com>
Subject: [fw-wiz] Clavister Proudly Announces RFC3514 Compliance
Organization: Clavister AB
Date: Tue, 01 Apr 2003 13:23:30 +0200
To: fw-wiz <firewall-wizards@...or.icsalabs.com>


An innovative security initiative                  ?rnsk?ldsvik, Sweden
--------------------------------                          April 1, 2003

Clavister AB is proud to present the world's first RFC3514
compliant network firewall product. In a proactive move,
Clavister implemented the "IPRF" consistency check five
years ago, making its firewall software RFC3514 compliant
before the fact.

With the release of the innovative security initiative
outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt ,
Clavister will rename this setting to "IPEvilFlag" and change
its configurable set from "Ignore", "Strip" and "Drop" to
"Drop" and "HALT" in the new feature release scheduled
for April 31.

"We foresee a huge demand for the added HALT functionality.
With it, a firewall administrator will be able to cause the
firewall's CPU to immediately halt and cease forwarding traffic
when it sees evil IP datagrams", says Mikael Olsson, R&D Manager
at Clavister. "At this point, the administrator can connect to
the in-kernel debugger via XMLRPC and fully examine the state
of the state table as well as the packet buffers, and carefully
consider whether the firewall should continue to execute or
simply keep it halted until the attack has blown past."

"This represents a great leap forward in security for IP networks.
We applaud Steve Bellovin's ingeniousness in engineering this
fundamental change to the IP protocol.", concludes John Vestberg,
Vice President, Security.



Thanks,

Ron DuFresne

--



On Tue, 1 Apr 2003, John Cartwright wrote:

> Hi
>
> Steve Bellovin has released an important new RFC:
>
> RFC 3514: The Security Flag in the IPv4 Header
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
>
> - John
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
	***testing, only testing, and damn good at it too!***

OK, so you're a Ph.D.  Just don't touch anything.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ