I did not mean to imply that the reason anything above 1024 wasn't blocked
was because of the 2.2.x kernel.  It is a choice they made, it is in the
configuration documentation, I don't have that in front of me here at work.

The advantage of the 2.4 kernel is the stateful packet inspection.

Thanks,

James Spinti
jspinti at dartdist dot com
952-368-3278 ext. 396
952-368-3255 (fax)
----- Original Message -----
From: "Phil Mendelsohn" <phil at rephil.org>
To: <tclug-list at mn-linux.org>
Sent: Wednesday, January 02, 2002 2:09 PM
Subject: Re: [TCLUG] Floppy based firewall


> On Wed, Jan 02, 2002 at 07:54:30AM -0600, Leif Hvidsten wrote:
> > >The only problem with it is that it runs on kernel 2.2.x, so you don't
have
> > >stateful packet handling.  And, they say right up front that they
simply
> > >pass anything through that is above port 1024, which is of course where
all
> > >the trojans hide :(
> >
> >
> > Thanks for the info...I wasn't aware of this.  Could you tell me where
they
> > say this "up front"?  I seem to have missed it...thanks!  I'm guessing,
> > then, that BBIagent wouldn't have this vulnerability since it's based on
the
> > 2.4 kernel?
>
> Sorry, but if you do a 'ipchains -P forward DENY' before you set up
> any further ipchains or ipmasqadm portfw rules, I don't see that this
> is any sort of problem.  I thought that blocked all forwarding,
> period, end of paragraph.
>
> Either there is no reason for them not to have included it, or I am
> living with a false sense of security.  Can someone enlighten me?
>
> Thanks,
> Phil