Bugtraq mailing list archives
Re: Firewall-1 Security Advisory
From: gaskell () FIT QUT EDU AU (Gary Gaskell)
Date: Wed, 28 Oct 1998 08:02:52 +1000
Dear Alepha One, I'm on an internal university email list for bugtraq. Can you pass this onto the list, as it seems my emails to bugtraq usually get dropped? Thanks, Gary ------------------cut here----------------------------------------- And what about the default of the ports 256, 257, 258 and 259 appearing on every interface? A little concerning, since they are not listed in the table of ports in the main manual. Even more concerning when I'm told they are for secure remote support, logging and configuration control! This obscurity makes one rather nervous. Cheers, Gary On Tue, 27 Oct 1998, David S. Goldberg wrote:
So the closest thing to a warning, comes not in the manuals that come with the software - but you have to pay to go on a course for this info. I may be wrong about this - if you know of any other place where this is documented please let me know.The "Managing Firewall-1 Using the Windows GUI" book that comes with the firewall (both in hardcopy and pdf on the CD) covers this in Chapter 8. In Chapter 9 (page 170 in my copy) they list in order the bits a packet is matched against. Unfortunately, this documentation is insufficient. They don't give any advice as to the implications of doing DNS and ICMP before the rule base. In spite of what they might consider a complete description of how it work, it's easy to miss the security implication of their default settings, especially when they declare some things essential, making it seem to the administrator that she'd better leave the services wide open rather than handle them explicitly in the rules. -- Dave Goldberg Post: The Mitre Corporation\MS B305\202 Burlington Rd.\Bedford, MA 01730 Phone: 781-271-3887 Email: dsg () mitre org
Cheers,
Gary
-----------------------------------------------------------
Gary Gaskell
Manager Secure Network Laboratory Phone (07) 3864 1190
Information Security Research Centre Fax (07) 3221 2384
Queensland University of Technology
-----------------------------------------------------------
_--_|\
/ QUT A University for http://www.qut.edu.au/
\_.--._/ the Real World.
v
Current thread:
- Firewall-1 Security Advisory Diligence Risks (Oct 24)
- <Possible follow-ups>
- Re: Firewall-1 Security Advisory Paul Sears (Oct 26)
- Re: Firewall-1 Security Advisory Mnemonix (Oct 27)
- Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Michal Zalewski (Sep 05)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Nick Andrew (Oct 28)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) brian j. pardy (Oct 28)
- [L0pht Advisory] MacOS - FWB passwords easily bypassed Space Rogue (Oct 30)
- Re: Firewall-1 Security Advisory John Horn (Oct 28)
- rootshell hacked via ssh-1.2.26 Felix von Leitner (Oct 28)
- Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Michal Zalewski (Sep 05)
- Re: Firewall-1 Security Advisory David S. Goldberg (Oct 27)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Ejovi Nuwere (Oct 29)
- Summary of Printer Sharing and M1CR0S0FT Windows98 Paul Leach (Oct 29)
- Re: Firewall-1 Security Advisory Jason Costomiris (Oct 30)
- Firewall-1 insecurity. Darren Reed (Oct 29)
- Bug in Solaris 2.6 ??? Daniel Ezekiel (Oct 29)
- WatchGuard Firewall internal D.O.S Who Wants To Live Forever ... (Oct 29)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Larry Pingree (Oct 27)
- Re: Firewall-1 Security Advisory Simon Finn (Oct 29)
- Re: Firewall-1 Security Advisory Keith Young (Oct 29)