|
Penetration Testing
Re: port scan to juniper fw Oct 29 2009 02:52AM aditya mukadam (aditya mukadam gmail com) (1 replies) Re: port scan to juniper fw Nov 04 2009 09:19AM Chris Brenton (cbrenton chrisbrenton org) (1 replies) |
|
|
Privacy Statement |
'flow filter' .
Thanks,
Aditya Govind Mukadam
On Wed, Nov 4, 2009 at 2:49 PM, Chris Brenton <cbrenton (at) chrisbrenton (dot) org [email concealed]> wrote:
>
> On Thu, 2009-10-29 at 08:22 +0530, aditya mukadam wrote:
> >
> > Juniper FW Anti-spoofing mechnism's logic is to check the
> > route for the incoming SRC-IP. If the packet with SRC-IP a.b.c.d
> > enters firewall via interface 'X' and the route on the firewall for
> > a.b.c.d is to interface 'Y, this packet will be dropped due to
> > anti-spoofing because it is entering via an interface through which it
> > is not expected to be sent back.
>
> Have you verified this? Last time I tested their anti-spoofing it didn't
> actually drop the packet. It would pass it through and then follow it up
> with a host unreachable (to the target) in order to kill the session.
>
> What was odd was the TTL would get decremented by 2. My best guess is it
> was the single honed IPS code dealing with the spoofing and that was
> introducing an extra routing hop.
>
> I have not tested this for a few years, so they may have rewritten how
> they handle it. Just curious if you have checked this or if you are
> going by the docs.
>
> HTH,
> Chris
> --
> www.chrisbrenton.org
>
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
[ reply ]