[21475] in bugtraq
Re: Check Point response to RDP Bypass
daemon@ATHENA.MIT.EDU (Hugo van der Kooij)
Thu Jul 12 03:31:08 2001
Date: Thu, 12 Jul 2001 08:42:15 +0200 (CEST)
From: Hugo van der Kooij <hvdkooij@vanderkooij.org>
To: <bugtraq@securityfocus.com>
In-Reply-To: <F108146KXzQt1aP5N1l0000fc89@hotmail.com>
Message-ID: <Pine.LNX.4.33.0107120841260.8187-100000@hvdkooij.xs4all.nl>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Wed, 11 Jul 2001, Johan Lindqvist wrote:
> The original advisory
> (http://www.inside-security.de/advisories/fw1_rdp.html) says that a
> workaround is to "Deactivate implied rules in the Check Point policy editor
> (and build your own rules for management connections).". I've not been able
> to find any changes in the INSPECT code generated to confirm that not using
> the implied rules from "Policy/properties/Security policy/Implied
> rules/Accept VPN-1 & FireWall-1 Control Connection"
If you run nmap against FW-1 you will notice different behaviour.
Hugo.
--
All email send to me is bound to the rules described on my homepage.
hvdkooij@vanderkooij.org http://hvdkooij.xs4all.nl/
Don't meddle in the affairs of sysadmins,
for they are subtle and quick to anger.
