Bugtraq mailing list archives

Re: Check Point response to RDP Bypass

From: "Johan Lindqvist" <jlindq () hotmail com>
Date: Wed, 11 Jul 2001 11:41:23 +0200

The original advisory(http://www.inside-security.de/advisories/fw1_rdp.html) says that aworkaround is to "Deactivate implied rules in the Check Point policy editor(and build your own rules for management connections).". I've not been ableto find any changes in the INSPECT code generated to confirm that not usingthe implied rules from "Policy/properties/Security policy/Impliedrules/Accept VPN-1 & FireWall-1 Control Connection"


Does deactiviating the implied rule stop the vulnerability?

/Johan Lindqvist

--
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/E d+ s: a- C++(+++)$ ULOSI*++(++++)$ P+++$>++++$ L++ E>++$ W+(+++)
N++ o? K-? w---(++)$ O? M-(+) V? PS++ PE-(--) Y++(+) PGP++ t++@ !5-
!X- R tv b++ DI++++ D+ G++ e+++ h---- r+++ y++++
------END GEEK CODE BLOCK------

_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Current thread:

Check Point response to RDP Bypass aleph1 (Jul 09)
- <Possible follow-ups>
- Re: Check Point response to RDP Bypass Johan Lindqvist (Jul 11)
  - Re: Check Point response to RDP Bypass Jochen Bauer (Jul 11)
  - Re: Check Point response to RDP Bypass Hugo van der Kooij (Jul 12)
- RE: Check Point response to RDP Bypass Clarke, Paul [IT] (Jul 15)