On Mon, 09 Feb 2015 12:56:37 -0200, Patrick Tracanelli said: > > On 09/02/2015, at 12:14, valdis.kletni...@vt.edu wrote: > > On Mon, 09 Feb 2015 11:54:04 -0200, Patrick Tracanelli said: > >> On a bridged firewall you can have the behavior you want, whatever it is. > >> Passing packets with firewall is down, but the box still up. > > > > Owen's point is that passing packets if the firewall is down is really poor > > security-wise. If you run in that configuration, I simply DoS your > > firewall > > (probably from one set of IP addresses), and then once it has fallen over > > and > > is being bypassed, I send my *real* malicious traffic from some other IP > > address, totally uninspected and unhindered. Much hilarity, hijinks, and > > pwnage ensues. > > Hello Valdis, > > If this is really the point, I donât know what system you are talking about
The one *you* mentioned - "passing packets with firewall is down". Owen was pointing out that is a silly configuration: On 08/02/2015, at 22:48, Owen DeLong <o...@delong.com> wrote: > Technically true, but bridged firewalls are pretty much passe these days in > the > real world. As a general rule, when the firewall is shut down, one usually > doesnât want the packets flowing past un-hindered. The fact that this is > kind > of the default of what happens with bridged firewalls is just one of the many > reasons hardly anyone still uses such a thing.
pgpgqJrUj6Fgp.pgp
Description: PGP signature
