[8343] in bugtraq
Re: Firewall-1 Security Advisory
daemon@ATHENA.MIT.EDU (Simon Finn)
Fri Oct 30 14:51:37 1998
Date: Thu, 29 Oct 1998 11:28:50 -0000
Reply-To: Simon Finn <simon_finn@AMP.COM.AU>
From: Simon Finn <simon_finn@AMP.COM.AU>
X-To: Gary Gaskell <gaskell@FIT.QUT.EDU.AU>
To: BUGTRAQ@NETSPACE.ORG
>
>And what about the default of the ports 256, 257, 258 and 259 appearing on
>every interface? A little concerning, since they are not listed in the
>table of ports in the main manual. Even more concerning when I'm told
>they are for secure remote support, logging and configuration control!
>This obscurity makes one rather nervous.
>
<snip>
This was addressed a while ago in the only other security bulletin I have
seen for Firewall 1 in over a year (the latest being along the same lines
except for DNS). The default is to allow Firewall Control Connections -
First. This being snmp has obvious implications. The ports it uses are
defined in the services objects. If you have trouble understanding the was
the First/Before Last/Last options it actually explains it in the under
"Enable ICMP" in the "Security Policy" section.
Basically as a rule put everything as "Last" in the security policy tab,
that way everything is either logged, explicitly allowed/dropped or
explicity not logged.
I personally dont think the "default" settings to be a bug. The default
settings has no policy. The policy is what you build.
Simon Finn
