Bugtraq mailing list archives

RE: Firewall-1 Information leak

From: David Sexton <dave.sexton () sapphire net>
Date: Fri, 20 Jul 2001 15:01:12 +0100

That's not the only way to do it. An 'authenticated' connection can download
the topology data. However, the authentication needed for this to work is a
shared secret or certificate as defined in the 'IKE' properties for the user
(i.e. you can't use things like SecurID for this bit) Once you've got the
topology, there's nothing stopping you re-authenticating with a normal
authentication method. 

We do this with a seperate account set up purely for topology downloads.
This account does not have any access to the network via the rulebase.

Checkpoint have a couple of documents available on how to set this up, they
are not that hard to find, searching for 'unauthenticated topology downlads'
in the Checkpoint knowledge base should do the trick.

        Regards,

Dave

-----Original Message-----
From: Bugtraq Account [SMTP:bugtraq () infosecure com au]
Sent: 19 July 2001 23:02
To:   Haroon Meer
Cc:   bugtraq () securityfocus com
Subject:      Re: Firewall-1 Information leak

On Wed, 18 Jul 2001, Haroon Meer wrote:

        [David Sexton]  <snip>

This is a well-known, and generally accepted, risk associated with running
FWZ SecuRemote VPN's to FireWall-1.  As others have already commented, it
is possible to turn off unauthenticated topology downloads through the
policy properties.  If you do this, you will need to manually distribute a
userc.C file (containing the topology information) to all of your
secuRemote users.  This file should be loaded into the
c:\winnt\fw\database directory on the client.

        [David Sexton]  </snip> 




-----------------------------------------------
Any opinions expressed in this message are those of the individual and not necessarily the company.  This message and 
any files transmitted with it are confidential and solely for the use of the intended recipient.  If you are not the 
intended recipient or the person responsible for delivering to the intended recipient, be advised that you have 
received this message in error and that any use is strictly prohibited.

Sapphire Technologies Ltd
http://www.sapphire.net

Current thread:

Firewall-1 Information leak Haroon Meer (Jul 17)
- RE: Firewall-1 Information leak Lars Troen (Jul 18)
- Re: Firewall-1 Information leak Bugtraq Account (Jul 19)
- <Possible follow-ups>
- Re: Firewall-1 Information leak Christian Herb (Jul 18)
- RE: Firewall-1 Information leak David Sexton (Jul 20)
- RE: Firewall-1 Information leak MALIN, ALEX (PB) (Jul 23)
  - RE: Firewall-1 Information leak Hugo van der Kooij (Jul 23)
    - RE: Firewall-1 Information leak Mariusz Woloszyn (Jul 24)
    - RE: Firewall-1 Information leak Stephen JT Bourike (Jul 24)
    - Re: Firewall-1 Information leak Grzegorz Mucha (Jul 25)