Hi Jochen,
--On Donnerstag, 29. Juli 2004 13:48 +0200 Jochen Vogel <jvogel AT IT-SEC DOT
DE>
wrote:
Is there any vulnerability if i doesn´t use aggresive mode?
My interpretation is "YES" - but I'm also not sure about this.
The difference is that you need to have a "real communication". The
one-packet attack with aggressive mode is also possible with spoofed source
addresses because you don't need any reply from the FW to arrive at your
end.
regards
Joachim Bassmann, DELOS AG, Stuttgart, Germany
------------------------------------------------------------
Erst wenn das letzte Counterstrike indiziert, der letzte Videofilm verboten,
und das Internet geschlossen ist, werdet Ihr merken, daß Ihr Eure Kinder
doch erziehen müsst. - ChaosWarrior AT AreaDVD DOT de
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
