[8335] in bugtraq
Re: Firewall-1 Security Advisory
daemon@ATHENA.MIT.EDU (John Horn)
Wed Oct 28 18:10:42 1998
Date: Wed, 28 Oct 1998 08:03:59 -0700
Reply-To: John Horn <jhorn1@STARFIRE.CI.TUCSON.AZ.US>
From: John Horn <jhorn1@STARFIRE.CI.TUCSON.AZ.US>
X-To: Mnemonix <mnemonix@GLOBALNET.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BE018E.D4BE7CF0@JUPITER>
I took the Firewall-1 course and this was most definitely not covered.
As it happens, we filter bi-directionally and do not appear to be
affected by this but it is nice to know.
On Tue, 27 Oct 1998, Mnemonix wrote:
> ----------
> > From: Paul Sears <Paul_Sears@NACM.COM>
> > To: BUGTRAQ@NETSPACE.ORG
> > Subject: Re: Firewall-1 Security Advisory
> > Date: Monday, October 26, 1998 8:58 PM
> >
> > Diligence Risks wrote:
> >
> > > Diligence Security Advisory
> > >
> > > Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
> external
> > > intruder to pass through the firewall and attack machines, unihibited,
> on
> > > the protected side.
> > >
>
> -SNIP-
>
>
> >This is documented in the administration guide and CCSE training
> > classes also cover these.
>
> According to Check Point sources this is undocumented. Having also read
> through the CCSE manuals the only thing close to a caveat I can find is the
> following
> (CCSA manual- Page 5-49 - Configuring Control Properties)
>
> Begin Quote
>
> Currently, the most common errors during implementation of Firewall-1 are
> made in the Control Properties. The reason for these errors are:
>
> 1) Misunderstanding the importance of direction when packets are inspected,
> and
> 2) Misunderstanding of how the Control Properties and the Rule Base
> Matching Order work together.
>
> End Quote
>
> So the closest thing to a warning, comes not in the manuals that come with
> the software - but you have to pay to go on a course for this info. I may
> be wrong about this - if you know of any other place where this is
> documented please let me know.
>
> Cheers,
> David Litchfield
> MCP+Internet
> Information Security Specialist
>
Regards:
John Horn
Unix Systems Administrator
City of Tucson, Tucson Arizona
jhorn1@starfire.ci.tucson.az.us
