lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
From: whiplash at (whiplash)
Subject: Stateful Packet Inspection

Goetz Von Berlichingen wrote:

>   The original message has some merit with respect to netfilter - the 
> Linux kernel firewall is capable of looking at headers only.

Really funny.
Try and explain, then, how Linux netfilter correctly recognizes, nats and keeps state
of protocols like ftp, irc/dcc, h323, pptp and so on.

> This does 
> allow some stateful packet inspection - one can discriminate against 
> incoming connection attempts with --syn, for instance.

Do you have any idea of what stateful means?

> This isn't 
> really stateful, however, since the firewall does not retain any 
> knowledge of the state of a connection.

Yeah, of course.
I suppose that

#lsmod | grep track
ip_conntrack_ftp        5216   1  [ip_nat_ftp]
ip_conntrack_irc        4256   1  [ip_nat_irc]
ip_conntrack           41332   4  (autoclean) [ip_nat_ftp ip_conntrack_ftp ip_nat_irc ip_conntrack_irc ipt_MASQUERADE iptable_nat ipt_state]

is just the output of some allucination of mine. <g>

> iptables is pretty much useless agains covert channels such as Loki, Q, or any of the various tunneling 
> packages.

A good advice for you, absolutely for free: shutdown -h now (do you know what it means, at least? <g>)

Powered by blists - more mailing lists