[11912] in bugtraq
Re: Default configuration in WatchGuard Firewall
daemon@ATHENA.MIT.EDU (Matt Bruce)
Wed Sep 15 05:04:58 1999
Mime-Version: 1.0
Content-Type: text/plain; charset="windows-1252"
Message-Id: <EA0466720A21D211B6C800104B2B75E201662EDE@herculis.alphawest.com.au>
Date: Wed, 15 Sep 1999 12:21:01 +0800
Reply-To: Matt Bruce <Matt.Bruce@ALPHAWEST.COM.AU>
From: Matt Bruce <Matt.Bruce@ALPHAWEST.COM.AU>
X-To: "BUGTRAQ@securityfocus.com" <BUGTRAQ@securityfocus.com>
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I concur with the Watchguard Rapid Response Team's findings, based
upon my experience with Firebox-II installations.
Each Firebox-II with SMS 3.3 (with and without SP1) that I have done
has had ping Disabled on Inbound (denied/logged) and Enabled on
Outbound (any-to-any) by default. While there may be a (somewhat
subjective or contentious) issue about allowing everyone outbound
pinging by default, it certainly didn't allow any ping traffic from
the External to the Trusted networks unless I explictly allowed it.
I can't speak for FB-10/-100 boxes or versions of SMS prior to 3.3,
however.
HTH and regards,
- --
Matt Bruce <matt.bruce@alphawest.com.au>
Internet & Security Engineer
AlphaWest - http://www.alphawest.com.au/
>-----Original Message-----
>From: Steve Fallin [mailto:steve.fallin@WATCHGUARD.COM]
>Sent: Tuesday, 14 September 1999 4:37 am
>
>The poster, Sr. Alfonso Lazaro stated that, by default, the
>WatchGuard Firebox allowed ping traffic from any interface to
>any interface...
>In the absence of any further information from Sr. Lazaro,
>we believe that his report of a vulnerability in Firebox
>default configuration files is in error.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
Comment: Get my public key from ldap://certserver.pgp.com
iQA/AwUBN96ukxmtSClHdI5CEQJOYACfT00ME4V+Mw/VfVTSt+PXqXHP5UUAoMVZ
6qsxAWTtzEh3dWWeNQYdn/0h
=qJcF
-----END PGP SIGNATURE-----
