Whitepaper titled Filtering Of ICMP Error Messages.
3e111b9620bd24f49f6ac3d44f4883f748b6d8dff7a2b8c51a80de079578dd84
Relevant Technologies product review paper on InsideOut Firewall Reporter by Stonylake Solutions. This product is a Java-based server application that runs on both Windows and Linux and has a demo version available.
4931f309c78c79b5d634d31e379a0bfcb5ecd85736eb5c0787b5279f4e9b4f04
Combating reverse telnet using OpenBSD Packet Filter (pf) - This paper goes into detail on how to set up a firewall properly to disallow outbound traffic from reverse telnet attacks from compromised machines.
b8b0f85c10f344cc6143603c25ef79a8379bb05a1625ef6cbb3755e44d03971c
Bypassing firewalls through protocol stenography - You can often bypass firewalls by using trojans that send commands over port 80.
f685fd1b46ed2b24b119f2bd1cb2183c29efd76645c61dc4ade029b9bf0c8d4d
OS/2 Packet Filtering - OS/2 machines are good for firewalls and the packet filtering code is not documented.
b29e4d725b175185aff3453a96c66cfee2d5f61236360843bd74d04b2b96b862
This howto walks you through building a FreeBSD-STABLE firewall with IPFILTER. This is a checklist that walks you through the entire process from beginning to end: installing FreeBSD-stable, recompiling the kernel, OpenSSH security, TCP-wrappers, VESA video modes, and special syslog logging for your firewall.
90a89638a1bb7a689710c7cb260fddd1887bc75eeb83cc49e93d7f7220e9ce8a
How to use Iptables - Explains the new features, how to use them, how to write rulesets, and includes a sample firewall script.
4466b2b5cdbeb6765ffa0cab3810925ead1ec435fdc75b1f44b3f4c9267bad2d
A Stateful Inspection of FireWall-1 - In this advisory we summarize our findings from BlackHat 2000 on Checkpoint Firewall-1. It is susceptible to several trivial attacks against its inter-module authentication protocols, IP address verification has flaws, FWN1 and FWA1 is vulnerable to a replay attack, Fastmode vulnerabilities, FWZ Encapsulation vulnerabilities, and Stateful Inspection problems, and much more. Included in the tarball is the presentation in two formats, the technical documentation for the vulnerabilities, and the source code used in the demonstation.
2307e3b4992373126506a9e8ddec37a8bb211d7837d390f321905d5f799474dd
Linux Firewalling - Insights and Explainations. Covers basic IPchains firewall building, advanced IPchains firewalling, and linux firewall related insights and recommendations on which traffic to allow.
3c23ede6fcac5322c286ef9c78317b9d2dc6080d3c8bd5f2c70e41c164ec7673
Benchmarking Terminology for Firewall Performance - This document defines terms used in measuring the performance of firewalls. It extends the terminology already used for benchmarking routers and switches with definitions specific to firewalls.
1cfc1222f7893059f65761a05327b55cd6dcf9da670c0a6f2191bca669e20d84
This document answers the question: I've seen <something> on my firewall; what does it mean? Firewall administrators regularly see strange behaviour showing up in their logfiles. This document describes some of the common things seen on these firewalls, and what they mean. Note that this document is intended both for owners of personal firewalls as well as corporate firewalls. Version 0.3.0. (Jan 15, 2000)
0f9d506725f5715da96a427909935e2c9a22e31de26dddb943b9b3da64e90b49
FAQ: Firewall Admins Guide to Porn version 1.0.1 (Jan 15, 2000). One of the more frequent problem security administrators will face is porn. It is a popular Internet application, and even when restrictions are put into place, users find ways of getting around them. At the same time, users tend to be clueless as to the knowledge firewall admins have of their surfing habits. Every administrator of a large company that I know of has had to confront this issue, but not much is discussed about the topic in the literature. This document is intended as a guide for firewall admins in this area.
c7e8e4ee97eecd6b0034d5f1d436c7d88a12892ca8b83350f168f72896e95e5c
Building Your Firewall Rulebase - One of the largest risks with a firewall is a misconfigured rulebase. The most expenseive firewall in the world does not help you if you have a rule misconfigured. "Building Your Firewall Rulebase" helps to address this problem. The paper focuses on the concepts of how to build a secure rulebase. It goes step by step through the design process, explaining each rule and it signifigance. The paper is focused for beginner/intermediate firewall admins, but even the gurus can hopefully learn a trick or two (I know I did).
9dde1b219909aac384fb5e8cfec30116ca44bb073137d65a24699e4dc861a70e
How to build a BSD firewall using ipfilter. Covers everything from kernel config to allowing traffic.
7ef17b8f3be0ebf946657d20db530371d6075ec0acf5158a91879c273096abb5
Packet Filtering in an IP Router: A description of how the packet filtering facility in the Telebit NetBlazer was designed and developed.
a4677a8605e298637a1368b1d3ef1ea5983f6b8ee2ca0113a8e0fa8ba68a1a37
A Network Firewall: A description of Digital Equipment Corporation's network firewall between its corporate network and the Internet.
73db854903bbb885daac477d144a5874838a4a203f804ded4733ceaafa4df583
Thinking About Firewalls: A description of some of the considerations and trade-offs in designing network firewalls.
354e9098225cd71c585f2ae1f222a7df59e115bb0a5844f33feba7f2f7766af1
An Internet Gatekeeper: A description of how to construct an Internet firewall
671808d0a012bdfacec964ce161ff165a2fc9055011009556cd0724dab2ba474
A Network Perimeter With Secure External Access: A description of the firewall in use at whitehousegov
2a0f0711b46a6fae3725b69d6340fabe2aa888202189559596ef0f5b0fc9a166
Packets Found on an Internet: A description of the types of packets, particularly the anomalous ones, that appeared at the AT&T firewall
0782bb46cc3a2d49f5caee720db3b3e9152c6c3aca33321facefa33fd87a67ec
Simple and Flexible Datagram Access Controls for Unix-based Gateways: A description of the screend packet filtering system
c6b928d53154a2d039d7915496eafae44c6eb2811972815d8aede35470ffa3ac
TCP Wrapper: Network Monitoring, Access Control, and Booby Traps (Text): A description of the author's tcpwrapper software
d44f20c55d0c3b17d00d293c08b6d6d3e725b0f5a8ef3ca65ec457c9c90f527a
A Toolkit and Methods for Internet Firewalls: A description of the Trusted Information Systems Firewall Toolkit
93c1ebf8fe4a4659f171072ae580911886ef89c2a09cbe8cf2a36d84aee90970
An Architectural Overview of UNIX Network Security: A description of a number of UNIX-related components of network security, particularly as they pertain to firewalls
b8137d398ea221d6e35205753e2d90f696ea4f29c7a0189eb5e27f57dd36725f
X Through the Firewall, and Other Application Relays: A description of how to create application-specifc relays to pass traffic through a network firewall
ae0b4ec27cde2a993d39dc16f3e5ff1a08df6dc86b879025a0e775fb3de6144e