On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said:

> On a bridged firewall you can have the behavior you want, whatever it is. 
> Passing packets with firewall is down, but the box still up.

Owen's point is that passing packets if the firewall is down is really poor
security-wise.   If you run in that configuration, I simply DoS your firewall
(probably from one set of IP addresses), and then once it has fallen over and
is being bypassed, I send my *real* malicious traffic from some other IP
address, totally uninspected and unhindered.  Much hilarity, hijinks, and
pwnage ensues.

Attachment: pgpj2227UOXur.pgp
Description: PGP signature

Reply via email to