Le dimanche 17 décembre 2006 à 20:51 -0600, Grant Taylor a écrit : > I personally have known that using "-m state --state > ESTABLISHED,RELATED" was not the most secure thing to use for returning > traffic. Namely this will allow you to make a valid connection to a web > server, say to retrieve a picture. Then said web server could send > malicious traffic back to your computer and pass through your firewall. > This is because the traffic coming from the web server to your > computer is now deemed as RELATED. How ? Afaik RELATED is used for two types of packets: . ICMP errors matching previously seen IP flow . First packet of expectations created through a helper HTTP does not have any helper, this let ICMP goes through. Is it a vuln ? I don't think so. However, remote server can refuse to close connection and send further data using ESTABLISHED state. Well, how do you prevent that from the firewall perspective ? I must admit I quite don't see your point here. Can you elaborate a bit please ? Thx. -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread!
