Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)

[Colin Campbell <sgcccdc () citec qld gov au>]

Hi,

It is (or at least I thought it was) well known that an http-gw in both
Gauntlet and the fwtk should NEVER listen on the external address. On a
Gauntlet system use the bind-address directive to make sure it doesn't
listen. To be doubly sure set up the appropriate packet filters to stop
incoming connections. On a fwtk system I don't recall the bind-address
directive being present so I always used packet filters to block incoming
connections.

If you must "reverse proxy", use plug-gw. Better still put a proxy outside
the firewall and plug it through the firewall to the real server.

On Thu, 28 Feb 2002, Rashed Alabbar wrote:

> Hi all,
>
>     I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
> 4. These vulnerabilities were found in other firewalls, specifically
> proxy firewalls, and I tried them on the Gauntlet, it worked.

Colin