Bugtraq mailing list archives
Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)
From: Colin Campbell <sgcccdc () citec qld gov au>
Date: Fri, 1 Mar 2002 12:57:48 +1000 (EST)
Hi, It is (or at least I thought it was) well known that an http-gw in both Gauntlet and the fwtk should NEVER listen on the external address. On a Gauntlet system use the bind-address directive to make sure it doesn't listen. To be doubly sure set up the appropriate packet filters to stop incoming connections. On a fwtk system I don't recall the bind-address directive being present so I always used packet filters to block incoming connections. If you must "reverse proxy", use plug-gw. Better still put a proxy outside the firewall and plug it through the firewall to the real server. On Thu, 28 Feb 2002, Rashed Alabbar wrote:
Hi all, I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT 4. These vulnerabilities were found in other firewalls, specifically proxy firewalls, and I tried them on the Gauntlet, it worked.
Colin
Current thread:
- NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Rashed Alabbar (Feb 28)
- Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Colin Campbell (Mar 01)