Bugtraq mailing list archives

Re: Default configuration in WatchGuard Firewall

From: steve.fallin () WATCHGUARD COM (Steve Fallin)
Date: Mon, 13 Sep 1999 13:36:43 -0700


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On September 4th, a message was posted to Bugtraq describing a
potential problem with the WatchGuard Firebox default configuration
file. The poster, Sr. Alfonso Lazaro stated that, by default, the
WatchGuard Firebox allowed ping traffic from any interface to any
interface. When the WatchGuard Rapid Response Team saw the post, we
began trying both to contact Sr. Lazaro and to verify his
observations. We reviewed our source code and currently shipping
versions of the default configuration file as well as code and files
several generations back. To date, we have been unsuccessful
contacting Sr. Lazaro. We completed our review of the relevant files
and code and were unable to locate anything to support the
observations Sr. Lazaro described in his post. In the absence of any
further information from Sr. Lazaro, we believe that his report of a
vulnerability in Firebox default configuration files is in error.

Steve Fallin
Sr. Network Security Analyst
WatchGuard Technologies

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.0.2

iQA/AwUBN91hnU3Vi9lbkWzpEQKTjwCg6BdeU2WWGcnFGFJZcdJrq+Q/K/kAn1js
GUk8UKaWrlmx/yp7b7sDqEH8
=n2LT
-----END PGP SIGNATURE-----

Current thread:

Default configuration in WatchGuard Firewall Alfonso Lazaro (Sep 02)
- Re: Default configuration in WatchGuard Firewall Chris Brenton (Sep 04)
- Re: Default configuration in WatchGuard Firewall Pavel Kankovsky (Sep 05)
- <Possible follow-ups>
- Re: Default configuration in WatchGuard Firewall Ryan Russell (Sep 04)
  - Disabling everything Dr. Joel M. Hoffman (Sep 09)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 07)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 13)
- Re: Default configuration in WatchGuard Firewall Matt Bruce (Sep 14)