On Thu, 2002-07-25 at 11:40, Richard Stevenson wrote:
On Thu, 25 Jul 2002, Simon Byrnand wrote:
At 21:37 24/07/02 +1200, Craig Whitmore wrote:
http://www.idg.net.nz/webhome.nsf/UNID/4AA2988B4A1835C5CC256BFF0014A6A8!ope ndocument
I don't know about other people, but the level of ignorance shown by the banks "security specialists" astounds me.
What surprises me is that it hasn't been widely mentioned before; it's a widespread problem in the banking industry, and has been for ages.
Because the majority of people probably call their ISPs helpdesk, who try it from their 1500 byte MTU ethernet connection, and say "works fine for me, try such and such.". The banks only get reports from "power users" who "tweak stuff", because they're the only people who realise the correct place to complain is the bank, not their ISP, who can't really do anything about it. How about getting a bunch of facts together, talking to IDG, and seeing if they can't be shamed into fixing it? <soundbyte> "Their ignorance of the path MTU discovery issue does not inspire much confidence in their overall security abilities." </soundbyte> It's not like they can't afford decent firewalls that can look at an ICMP message and only allow it if it relates to a known connection. Hell, the Linux ip_conntrack stuff is perfectly capable of that. Regards, Nic. P.S. Sorry to Richard Stevenson for the duplicate; I'm overly-used to lists with reply-to. - To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog