[24479] in bugtraq
Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT
daemon@ATHENA.MIT.EDU (Colin Campbell)
Fri Mar 1 03:16:00 2002
Date: Fri, 1 Mar 2002 12:57:48 +1000 (EST)
From: Colin Campbell <sgcccdc@citec.qld.gov.au>
To: Rashed Alabbar <rashed.alabbar@datafort.net>
Cc: <bugtraq@securityfocus.com>
In-Reply-To: <000a01c1c064$e26643e0$423a84d5@alfaromeo>
Message-ID: <Pine.BSF.4.33.0203011253400.12185-100000@guru.citec.qld.gov.au>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi,
It is (or at least I thought it was) well known that an http-gw in both
Gauntlet and the fwtk should NEVER listen on the external address. On a
Gauntlet system use the bind-address directive to make sure it doesn't
listen. To be doubly sure set up the appropriate packet filters to stop
incoming connections. On a fwtk system I don't recall the bind-address
directive being present so I always used packet filters to block incoming
connections.
If you must "reverse proxy", use plug-gw. Better still put a proxy outside
the firewall and plug it through the firewall to the real server.
On Thu, 28 Feb 2002, Rashed Alabbar wrote:
> Hi all,
>
> I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
> 4. These vulnerabilities were found in other firewalls, specifically
> proxy firewalls, and I tried them on the Gauntlet, it worked.
>
Colin
