> -----Original Message----- > From: netfilter-bounces@xxxxxxxxxxxxxxxxxxx > [mailto:netfilter-bounces@xxxxxxxxxxxxxxxxxxx] On Behalf Of > Jason Noble > Sent: Wednesday, January 25, 2006 9:07 AM > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: Completely Bypassing a Firewall?! > > > We just heard a rumor about our rival company, that they have > developed > a "system" that can completely bypass a > properly-configured/locked-down > firewall (netfilter or any other). > > Is this truly possible? with only external access and no > software that's > already been planted inside the firewall? Depends on how you define "bypass". Can you send SMTP data through port 80? Yes. You can also "bypass" any firewall which filters on source port but not destination port, but this isn't considered properly configured much less locked down. Are you sure they're not talking about I[D|P]Ses? There have been several white papers over the last few years on bypassing those, and some people think that firewall = IPS. Maybe this rival company has been watching too many recent movie previews with Harrison Ford in them. If Harrison Ford works for you (and you happen to be a bank), then I'd be worried. =) Derick Anderson
