[8333] in bugtraq
Re: Firewall-1 Security Advisory
daemon@ATHENA.MIT.EDU (Gary Gaskell)
Wed Oct 28 17:50:46 1998
Date: Wed, 28 Oct 1998 08:02:52 +1000
Reply-To: Gary Gaskell <gaskell@FIT.QUT.EDU.AU>
From: Gary Gaskell <gaskell@FIT.QUT.EDU.AU>
X-To: "David S. Goldberg" <dsg@MITRE.ORG>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <m1br9vtubfm.fsf@blackbird.mitre.org>
Dear Alepha One,
I'm on an internal university email list for bugtraq. Can you pass this
onto the list, as it seems my emails to bugtraq usually get dropped?
Thanks, Gary
------------------cut here-----------------------------------------
And what about the default of the ports 256, 257, 258 and 259 appearing on
every interface? A little concerning, since they are not listed in the
table of ports in the main manual. Even more concerning when I'm told
they are for secure remote support, logging and configuration control!
This obscurity makes one rather nervous.
Cheers, Gary
On Tue, 27 Oct 1998, David S. Goldberg wrote:
>> So the closest thing to a warning, comes not in the manuals that
>> come with the software - but you have to pay to go on a course for
>> this info. I may be wrong about this - if you know of any other
>> place where this is documented please let me know.
>
>The "Managing Firewall-1 Using the Windows GUI" book that comes with
>the firewall (both in hardcopy and pdf on the CD) covers this in
>Chapter 8. In Chapter 9 (page 170 in my copy) they list in order the
>bits a packet is matched against.
>
>Unfortunately, this documentation is insufficient. They don't give
>any advice as to the implications of doing DNS and ICMP before the
>rule base. In spite of what they might consider a complete
>description of how it work, it's easy to miss the security implication
>of their default settings, especially when they declare some things
>essential, making it seem to the administrator that she'd better leave
>the services wide open rather than handle them explicitly in the
>rules.
>
>--
>Dave Goldberg
>Post: The Mitre Corporation\MS B305\202 Burlington Rd.\Bedford, MA 01730
>Phone: 781-271-3887
>Email: dsg@mitre.org
>
Cheers,
Gary
-----------------------------------------------------------
Gary Gaskell
Manager Secure Network Laboratory Phone (07) 3864 1190
Information Security Research Centre Fax (07) 3221 2384
Queensland University of Technology
-----------------------------------------------------------
_--_|\
/ QUT A University for http://www.qut.edu.au/
\_.--._/ the Real World.
v
