Date: Thu, 28 Feb 2002 08:02:03 -0800 From: "Crist J. Clark" <cjc@FreeBSD.ORG> To: "Adam@junik.lv" <adam@junik.lv> Cc: freebsd-ipfw@FreeBSD.ORG Subject: Re: pass tcp from any to any established Message-ID: <20020228080202.H66092@blossom.cjclark.org> In-Reply-To: <174101c1c034$87303380$03cdb6d5@junik.lv>; from adam@junik.lv on Thu, Feb 28, 2002 at 10:47:17AM %2B0200 References: <174101c1c034$87303380$03cdb6d5@junik.lv>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Feb 28, 2002 at 10:47:17AM +0200, Adam@junik.lv wrote:
> Hi,
> I would really appreciate it if you could cast some light upon this issue:
>
> Is it at all possible that the ipfw rule:
> ipfw add pass tcp from any to any established
> can be abused by intruders?
The first think that comes to mind is an ACK (or SYN-ACK) or FIN
scan. It's as easy as the '-sA' and '-sF' options in nmap(1).
--
Crist J. Clark | cjclark@alum.mit.edu
| cjclark@jhu.edu
http://people.freebsd.org/~cjc/ | cjc@freebsd.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020228080202.H66092>