[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.GSO.4.43.0304010942270.3315-100000@tundra.winternet.com>
From: dufresne at winternet.com (Ron DuFresne)
Subject: RFC 3514 released
And others are right up on it's implications and options:
From: Mikael Olsson <mikael.olsson@...vister.com>
Subject: [fw-wiz] Clavister Proudly Announces RFC3514 Compliance
Organization: Clavister AB
Date: Tue, 01 Apr 2003 13:23:30 +0200
To: fw-wiz <firewall-wizards@...or.icsalabs.com>
An innovative security initiative ?rnsk?ldsvik, Sweden
-------------------------------- April 1, 2003
Clavister AB is proud to present the world's first RFC3514
compliant network firewall product. In a proactive move,
Clavister implemented the "IPRF" consistency check five
years ago, making its firewall software RFC3514 compliant
before the fact.
With the release of the innovative security initiative
outlined in ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt ,
Clavister will rename this setting to "IPEvilFlag" and change
its configurable set from "Ignore", "Strip" and "Drop" to
"Drop" and "HALT" in the new feature release scheduled
for April 31.
"We foresee a huge demand for the added HALT functionality.
With it, a firewall administrator will be able to cause the
firewall's CPU to immediately halt and cease forwarding traffic
when it sees evil IP datagrams", says Mikael Olsson, R&D Manager
at Clavister. "At this point, the administrator can connect to
the in-kernel debugger via XMLRPC and fully examine the state
of the state table as well as the packet buffers, and carefully
consider whether the firewall should continue to execute or
simply keep it halted until the attack has blown past."
"This represents a great leap forward in security for IP networks.
We applaud Steve Bellovin's ingeniousness in engineering this
fundamental change to the IP protocol.", concludes John Vestberg,
Vice President, Security.
Thanks,
Ron DuFresne
--
On Tue, 1 Apr 2003, John Cartwright wrote:
> Hi
>
> Steve Bellovin has released an important new RFC:
>
> RFC 3514: The Security Flag in the IPv4 Header
> ftp://ftp.rfc-editor.org/in-notes/rfc3514.txt
>
> - John
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists