[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-ipchains
Subject: [Ipchains] Re: [Ipchains] IPCHAINS Information
From: Paul Rusty Russell <Paul.Russell () rustcorp ! com ! au>
Date: 1999-06-28 9:21:46
[Download RAW message or body]
In message <000d01bec0f0$ef295520$4c0115ac@sean.cmsis.com> you write:
> Good Evening,
>
> I am developing information for the IPCHAINS firewall solution. I had a
> couple of questions.
>
> o If the Filter Engine discontinues to operate for some reason will the
> forwarding engine continue to forward packets through without protection?
> o If not why not, if so what is suggested to protect from this situation?
Each packet passes the filter engine; it is inside the kernel. It is
possible that a freak gamma ray would flip a bit and null out your
rules, but then a highly trained pygmy chimpanzee could disguise
itself as a toaster and infiltrate your organization.
Failure modes for security devices must tend towards Denial of
Service.
Rusty.
--
Tridge, Raster, DaveM, Cort, maddog... Where will you be 9-11 July 1999?
http://www.linux.org.au/projects/calu
----------------------------------------------
To unsubscribe to this list, write an email to
ipchains-request@rustcorp.com with a body of
'unsubscribe'.
www.rustcorp.com - web site
ftp.rustcorp.com - ftp site
Mail Archives:
http://www.starshadow.com/pipermail/ipchains
http://www.progressive-comp.com/Lists/?l=linux-ipchains&r=1&w=2#linux-ipchains
----------------------------------------------
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic