[prev in list] [next in list] [prev in thread] [next in thread]
List: firewalls-gc
Subject: Re: Cisco Access Lists and NetFlow
From: Marc Mosko <marc () tear ! com>
Date: 1996-09-20 13:04:47
[Download RAW message or body]
A flow is the complete source IP/port destination IP/port address.
Netflow is no less secure than regular security lists. It is vulerable
to IP spoofing just like regular lists.
The idea is that once a source IP/port is authorized for a destination
IP/port address, it does not need to be checked each time. If nothing
changes -- the access list and the IP/port addresses -- then why check
every time?
I am not sure of the exact mechanics when an access list changes. This
is what I would be worried about. One would hope that all flows
pertaining to that list (and only those flows) would be re-authorized.
gary flynn wrote:
> "With Netflow Switching, only the first packet in a flow follows
> this process. If the first packet in a flow passes through these
> filters, an entry is added to the Netflow Switching cache. Subsequent
> packets in the same flow are then switched based on this cache
> entry, without needing to be matched against the complete set of
> access lists."
>
> Has anyone analyzed the security implications of this when the
> router is being used in a firewall application? It sounds great
> for performance but off-hand, it also sounds like there is room
> for abuse.
--
Marc Mosko Email: marc@tear.com
Web: http://www.tear.com/
"If anyone knocks out another's eye, he shall pay him
sixty-six shillings, six pence, and a third of a penny."
-- Leges Henrici Primi (13th century)
PGP Key available via Public Servers and
http://www.tear.com/pgp-key.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic