RE: Blocking scanning from outside

[ozgurd () koc net]

Hello,
Maybe on the rule 0 (i.e. from FW-1 gui Policy/Properties) the default
accept ICMP traffic check is not removed and therefore your scanner is able
to see the addresses behind the firewall. This is because rule 0 is checked
before all other user defined rule definitions.
Hope this helps…
Ozgur Danisman
Network Security Specialist
Koc Net
Tel +902164541300 ext 1660      
Fax +902164541361
http://www.koc.net <http://www.koc.net>         

        -----Original Message-----
        From:   James Wilson [mailto:netsurf () sersol com]
        Sent:   Tuesday, January 18, 2000 5:16 PM
        To:     firewall-wizards () nfr net
        Subject:        Blocking scanning from outside

        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        We have a FW-1 box set up at the perimeter with a rule that blocks
any
        any from outside, but when I run a scan using WinSockPingProPack it
        appears to see individual addresses behind the firewall.  It does
not
        see any information on them such as ports open etc. but it does list
        the IP as there.  Is there a special rule needed to make those
        invisible, or is private addressing the only way to block this
(since
        they don't route from outside)?

        - -
        James D. Wilson, CCDA, MCP
        "non sunt multiplicanda entia praeter necessitatem"
        William of Ockham (1285-1347/49)
        -----BEGIN PGP SIGNATURE-----
        Version: PGP 6.0.2
        Comment: I live for the sound ... of nothing but net

        iQA/AwUBOISDqSavYwibXjmcEQLFiACffJTqn59kuFtqzFz9Ik5p1/NH0swAoKXu
        urpBUQU/TfszioxUCuE9yagj
        =a8jQ
        -----END PGP SIGNATURE-----