Bugtraq mailing list archives
Re: Firewall-1 Information leak
From: Bugtraq Account <bugtraq () infosecure com au>
Date: Thu, 19 Jul 2001 14:01:38 -0800 (GMT+8)
On Wed, 18 Jul 2001, Haroon Meer wrote:
Checkpoint Firewall-1 makes use of a piece of software called SecureRemote to create encrypted sessions between users and FW-1 modules. Before remote users are able to communicate with internal hosts, a network topology of the protected network is downloaded to the client. While newer versions of the FW-1 software have the ability to restrict these downloads to only authenticated sessions, the default setting allows unauthenticated requests to be honoured. This gives a potential attacker a wealth of information including ip addresses, network masks (and even friendly descriptions)
This is a well-known, and generally accepted, risk associated with running FWZ SecuRemote VPN's to FireWall-1. As others have already commented, it is possible to turn off unauthenticated topology downloads through the policy properties. If you do this, you will need to manually distribute a userc.C file (containing the topology information) to all of your secuRemote users. This file should be loaded into the c:\winnt\fw\database directory on the client.
From start to finish, the procedure should go something like this:
1. Set up you firewall gateway for VPN, with the "Respond to unauthenticated topology requests" enabled. 2. Set up a sample secuRemote client, and download the site topology. 3. Turn off "Respond to unauthenticated topology requests". 4. Securely distribute the file userc.C from the sample client to all secuRemote users. You will need to send out an updated userc.C any time there is a change to the encryption domain or keying info. Regards, Dave Taylor
Current thread:
- Firewall-1 Information leak Haroon Meer (Jul 17)
- RE: Firewall-1 Information leak Lars Troen (Jul 18)
- Re: Firewall-1 Information leak Bugtraq Account (Jul 19)
- <Possible follow-ups>
- Re: Firewall-1 Information leak Christian Herb (Jul 18)
- RE: Firewall-1 Information leak David Sexton (Jul 20)
- RE: Firewall-1 Information leak MALIN, ALEX (PB) (Jul 23)
- RE: Firewall-1 Information leak Hugo van der Kooij (Jul 23)
- RE: Firewall-1 Information leak Mariusz Woloszyn (Jul 24)
- RE: Firewall-1 Information leak Stephen JT Bourike (Jul 24)
- Re: Firewall-1 Information leak Grzegorz Mucha (Jul 25)
- RE: Firewall-1 Information leak Hugo van der Kooij (Jul 23)