>I suggest Stateful inspection f
traffic into you web server, simple TCP handshakes
>and state analysis will
prevent fragments arriving and therefore remove this potential
Good idea. This server is actually in my
dirty DMZ between my border Cisco 2501 without firewalling code and my actual
firewall. I can move it into the firewall DMZ and thus apply stateful
inspection.
>If using windows (post 2k) close off
the ports not required on the server,
>using the advanced
networks settings.
I’m already there.
>With Cisco router before server,
control the flow of ports both INTO and OUT from the server,
I’m already there, minus the
reflexive part. I do have ingress and egress filters.
>I personally like the TCP established
ACL
I use that one, too.
My instinct says these are not dangerous
packets, but they are mighty curious nonetheless.
--Eric
-----Original Message-----
From: Robinson, Eric
[mailto:eric@xxxxxxxxx]
Sent: 05 November 2004 09:56
To: ethereal-users; rlug
Subject: [Ethereal-users] Covert
Channel Detected? (Quick Follow-Up)
Okay, before anybody zaps me for saying "class
C," I meant it is a C-sized CIDR block.
--
Eric Robinson
--
This message has been scanned for viruses and dangerous
content by the NorMAN MailScanner Service and is believed
to be clean.
The NorMAN MailScanner Service is operated by Information
Systems and Services, University
of Newcastle upon Tyne.