Bugtraq mailing list archives
Firewall-1 Information leak
From: Haroon Meer <haroon () sensepost com>
Date: Wed, 18 Jul 2001 03:29:28 +0200 (SAST)
Hi. Checkpoint Firewall-1 makes use of a piece of software called SecureRemote to create encrypted sessions between users and FW-1 modules. Before remote users are able to communicate with internal hosts, a network topology of the protected network is downloaded to the client. While newer versions of the FW-1 software have the ability to restrict these downloads to only authenticated sessions, the default setting allows unauthenticated requests to be honoured. This gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions) The attached file will connect to the firewall, and download the toplogy (if SecureRemote is running) (it is a tiny perl file, which needs only Socket, so avoids the hassle of having to install the SecureRemote client <or booting windows> to test a firewall-1) --snip-- SensePost# perl sr.pl firewall.victim.com Testing on port 256 :val ( :reply ( : (-SensePost-dotcom-.hal9000-19.3.167.186 :type (gateway) :is_fwz (true) :is_isakmp (true) :certificates () :uencapport (2746) :fwver (4.1) :ipaddr (19.3.167.186) :ipmask (255.255.255.255) :resolve_multiple_interfaces () :ifaddrs ( : (16.3.167.186) : (12.20.240.1) : (16.3.170.1) : (29.203.37.97) ) :firewall (installed) :location (external) :keyloc (remote) :userc_crypt_ver (1) :keymanager ( :type (refobj) :refname ("#_-SensePost-dotcom-") ) :name (-SensePost-dotcom-Neo16.3.167.189) :type (gateway) :ipaddr (172.29.0.1) :ipmask (255.255.255.255) ) --snip-- Haroon Meer +27 837866637 haroon () sensepost com http://www.sensepost.com
Attachment:
sr.pl
Description:
Current thread:
- Firewall-1 Information leak Haroon Meer (Jul 17)
- RE: Firewall-1 Information leak Lars Troen (Jul 18)
- Re: Firewall-1 Information leak Bugtraq Account (Jul 19)
- <Possible follow-ups>
- Re: Firewall-1 Information leak Christian Herb (Jul 18)
- RE: Firewall-1 Information leak David Sexton (Jul 20)
- RE: Firewall-1 Information leak MALIN, ALEX (PB) (Jul 23)
- RE: Firewall-1 Information leak Hugo van der Kooij (Jul 23)
- RE: Firewall-1 Information leak Mariusz Woloszyn (Jul 24)
- RE: Firewall-1 Information leak Stephen JT Bourike (Jul 24)
- Re: Firewall-1 Information leak Grzegorz Mucha (Jul 25)
- RE: Firewall-1 Information leak Hugo van der Kooij (Jul 23)