Showing posts with label openbsd. Show all posts
Showing posts with label openbsd. Show all posts
Tuesday, June 19, 2007
Redundant firewalls with OpenBSD, CARP and pfsync
I finally found a good description of redundant network configuration here. Too bad I can't apply it in practice.
Wednesday, May 30, 2007
Smashing The Kernel Stack For Fun And Profit
After reading the great Firewall Spotting with broken CRC I continued reading Phrack #60. Surprisenly, there is another OpenBSD article Smashing The Kernel Stack For Fun And Profit. I enjoyed it even more.
Interesting OpenBSD commits
http://www.undeadly.org/cgi?action=article&sid=20070528213858
Especially this comment:
> Check protocol (TCP/UDP/ICMP/ICMP6) checksums of all incoming packets, > and drop packets with invalid checksums. Without such a check, pf would > return RST/ICMP errors even for packets with invalid checksums, which > could be used to detect the presence of the firewall, reported by > "Ed White" in http://www.phrack.org/phrack/60/p60-0x0c.txt.The link above is broken, please go to http://www.phrack.org/issues.html?issue=60&id=12#article, very intersting reading.
Subscribe to:
Posts (Atom)