[9640] in bugtraq
Re: NT DoS on FW-1
daemon@ATHENA.MIT.EDU (cbrenton)
Thu Feb 18 17:18:07 1999
Date: Tue, 16 Feb 1999 17:15:14 -0500
Reply-To: cbrenton <cbrenton@SOVER.NET>
From: cbrenton <cbrenton@SOVER.NET>
X-To: Malikai <malikai@INTERACTIVEALIEN.COM>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.05.9902151450270.667-100000@www.interactivealien.com>
On Mon, 15 Feb 1999, Malikai wrote:
> This issue can be fixed by simply implementing a stealthing rule on the
> firewall itself. The problem is in NT's stack, not the FireWalls.
This will *not* fix the problem as any stealth rules are implemented after
the Properties settings. This means that all the FW-1 control ports (9 or
so), ICMP, DNS, etc. etc. are still left open.
Check out:
http://www.geek-speak.net/fw1/fw1_properties.html
You would need to nuke your properties settings before creating a stealth
rule to have it be effective.
Happy hunting,
Chris
--
**************************************
cbrenton@sover.net
* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet
