[11783] in bugtraq
Re: Default configuration in WatchGuard Firewall
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Thu Sep 9 12:36:03 1999
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <19990905130309.19B.0@bobanek.nowhere.cz>
Date: Sun, 5 Sep 1999 13:07:58 +0200
Reply-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
From: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
X-To: Alfonso Lazaro <altellez@IP6SEGURIDAD.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <19990902131536.F21023@ip6seguridad.com>
On Thu, 2 Sep 1999, Alfonso Lazaro wrote:
> So if our firebox is defending our internal network ( 192.168.x.x ... )
> and our WG Firewall is a proxie with an external ip in internet ( 100.100.100.100 hipotetic ip address ) the atacker can change his/her routes like so :
>
> # route add -net 192.168.0.0 netmask 255.255.255.0 gw 100.100.100.100
I am afraid this will work only if either of these conditions is true:
1. the attacker is connected directly to the firebox's external interface
2. the attacker's OS will source route such packets and every intermediate
router will honor the specified source routing
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
