Dynamic routing on firewalls.

• Previous message (by thread): Dynamic routing on firewalls.
• Next message (by thread): Dynamic routing on firewalls.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said:

> On a bridged firewall you can have the behavior you want, whatever it is. Passing packets with firewall is down, but the box still up.

Owen's point is that passing packets if the firewall is down is really poor
security-wise.   If you run in that configuration, I simply DoS your firewall
(probably from one set of IP addresses), and then once it has fallen over and
is being bypassed, I send my *real* malicious traffic from some other IP
address, totally uninspected and unhindered.  Much hilarity, hijinks, and
pwnage ensues.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 848 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20150209/b45b7842/attachment.sig>

• Previous message (by thread): Dynamic routing on firewalls.
• Next message (by thread): Dynamic routing on firewalls.
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]