Bugtraq mailing list archives
Re: Firewall-1 Security Advisory
From: jhorn1 () STARFIRE CI TUCSON AZ US (John Horn)
Date: Wed, 28 Oct 1998 08:03:59 -0700
I took the Firewall-1 course and this was most definitely not covered. As it happens, we filter bi-directionally and do not appear to be affected by this but it is nice to know. On Tue, 27 Oct 1998, Mnemonix wrote:
----------From: Paul Sears <Paul_Sears () NACM COM> To: BUGTRAQ () NETSPACE ORG Subject: Re: Firewall-1 Security Advisory Date: Monday, October 26, 1998 8:58 PM Diligence Risks wrote:Diligence Security Advisory Issue: Checkpoint's Firewall-1 has a "feature" that can allow anexternalintruder to pass through the firewall and attack machines, unihibited,onthe protected side.-SNIP-This is documented in the administration guide and CCSE training classes also cover these.According to Check Point sources this is undocumented. Having also read through the CCSE manuals the only thing close to a caveat I can find is the following (CCSA manual- Page 5-49 - Configuring Control Properties) Begin Quote Currently, the most common errors during implementation of Firewall-1 are made in the Control Properties. The reason for these errors are: 1) Misunderstanding the importance of direction when packets are inspected, and 2) Misunderstanding of how the Control Properties and the Rule Base Matching Order work together. End Quote So the closest thing to a warning, comes not in the manuals that come with the software - but you have to pay to go on a course for this info. I may be wrong about this - if you know of any other place where this is documented please let me know. Cheers, David Litchfield MCP+Internet Information Security Specialist
Regards: John Horn Unix Systems Administrator City of Tucson, Tucson Arizona jhorn1 () starfire ci tucson az us
Current thread:
- Firewall-1 Security Advisory Diligence Risks (Oct 24)
- <Possible follow-ups>
- Re: Firewall-1 Security Advisory Paul Sears (Oct 26)
- Re: Firewall-1 Security Advisory Mnemonix (Oct 27)
- Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Michal Zalewski (Sep 05)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Nick Andrew (Oct 28)
- Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice) brian j. pardy (Oct 28)
- [L0pht Advisory] MacOS - FWB passwords easily bypassed Space Rogue (Oct 30)
- Re: Firewall-1 Security Advisory John Horn (Oct 28)
- rootshell hacked via ssh-1.2.26 Felix von Leitner (Oct 28)
- Sendmail, lynx, Netscape, sshd, Linux kernel (twice) Michal Zalewski (Sep 05)
- Re: Firewall-1 Security Advisory David S. Goldberg (Oct 27)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Ejovi Nuwere (Oct 29)
- Summary of Printer Sharing and M1CR0S0FT Windows98 Paul Leach (Oct 29)
- Re: Firewall-1 Security Advisory Jason Costomiris (Oct 30)
- Firewall-1 insecurity. Darren Reed (Oct 29)
- Bug in Solaris 2.6 ??? Daniel Ezekiel (Oct 29)
- WatchGuard Firewall internal D.O.S Who Wants To Live Forever ... (Oct 29)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Larry Pingree (Oct 27)
(Thread continues...)