lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3da3d8310601201452q78a97dd5h113871ca82a5d414@mail.gmail.com>
Date: Fri Jan 20 22:52:46 2006
From: degeneracypressure at gmail.com (Eliah Kagan)
Subject: Personal firewalls.

> However I do wish it had the feature that Sygate PRO has, which will
> blackhole a IP if it detects a ports scan coming to it. it then blocks all
> activity from the offending IP for approximately 10 minutes.

Well, it's a feature if the probes are really coming from the computer
Sygate PRO thinks they're coming from.

Suppose X is running Sygate PRO and Y is a legitimate client
connecting to a server running on X. Then Z comes along and sends a
bunch of SYN packets to X, spoofed to have the source IP of Y, waits
10 minutes, and repeats ad infinitum. Now Y can never connect to X.
This seems more like a DoS vulnerability than a feature to me. Am I
missing something?

-Eliah

On 1/20/06, Soderland, Craig wrote:
> Time to thrown my .02 cents in.
>
> Zone - Good product, though it requires much thought and proper
> configuration for successful installs. does not, always save your
> configurations settings when you shutdown. This I find occurs most often
> when you upgrade Zone from one version to another and not use the "clean
> install option." If this occurs you have 2 options.
>
> 1. re-install zone, utilizing the clean install option and then re-enter
> your rules.
> 2. do not re-install zone but when you have made firewall rules changes,
> exit out of the program after making the aforementioned changes, when Zone
> exits, not as part of a shutdown it seems to correctly flush the
> configuration to disk.
>
> Another issue with zone, is that they have not yet fixed the bug in the true
> vector engine. I can can cause true vector, to regularly crash out and leave
> the system unprotected from a remote client. I have notified Zone's
> engineers, specifically how this was done and to date no response from their
> side. To their credit, when this occurs now the system loses all network
> connectivity (with recent update.) and the VSMON service now restarts. So
> even though the bug in True Vector still exists they have worked around it
> so as to not leave your system completely vulnerable as in the 5.x versions.
>
> But other than this it is a good package, very flexible, and powerful though
> requiring a certain level of sophistication to configure it properly.
>
> However I do wish it had the feature that Sygate PRO has, which will
> blackhole a IP if it detects a ports scan coming to it. it then blocks all
> activity from the offending IP for approximately 10 minutes.
>
> It however had a similar problem to zone in that we could easily get the FW
> to crash out, however when it did crash out all connectivity was lost. To
> date this also has not been fixed.
>
> the other firewalls I've played with, all had their own set of feature
> issues, With Black Ice being the worst piece of Garbage, I have had my
> displeasure of ever installing. Just too damn easy to defeat.
>
> in all cases, I would recommend a firewall software, especially if you are
> on a laptop, and might ever be out on he wild wild internet without being
> behind a hardware firewall. Preferably something that will also check on
> programs attempting to make outbound connections. But I would not rely on
> just a software one either.
>
> And with hardware many users/companies make the same mistake, layering
> firewalls all of the same vendor/brand. So that in the event of an exploit
> weakens they're all penetrated.
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter:
> http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ