Re: Update: Extending the FTP "ALG" vulnerability to any FTP client

[Hugo.van.der.Kooij () CAIW NL (Hugo.van.der.Kooij () CAIW NL)]

On Tue, 21 Mar 2000, Paul Cardon wrote:

> Lars.Troen () MERKANTILDATA NO wrote:
> > With Firewall-1 all ports defined in the /etc/services file will be denied
> > connections to during an ftp session. This is defined in the file base.def
> > as follows:
> > // ports which are dangerous to connect to
> > #define NOTSERVER_TCP_PORT(p) {
> >       (not
> >           (
> >              ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0,
> >               set sr12 p, set sr1 0, log bad_conn)
>
> Actually, the /etc/services file has nothing to do with it.  All
> services of type TCP _defined_within_FW-1_ are added to the tcp_services
> table used in the macro listed above.  A default FW-1 install will
> include a certain number of these but the list changes with the addition
> or removal of TCP service definitions in the rule base.  The behavior of
> the inspect code can also be modified to make it as strict or open as
> desired.

The services list is actually the list of services defined in the
objects.C file. The services do NOT need to be defined in any rulebase.

Hugo.

--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij () caiw nl     http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Use of any of my email addresses for unsollicited (commercial)
    email is a clear intrusion of my privacy and illegal!