[14403] in bugtraq
Re: Update: Extending the FTP "ALG" vulnerability to any FTP
daemon@ATHENA.MIT.EDU (Hugo.van.der.Kooij@CAIW.NL)
Fri Mar 24 03:15:02 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.LNX.4.10.10003222354590.4195-100000@bastion.hugo.vanderkooij.org>
Date: Wed, 22 Mar 2000 23:55:59 +0100
Reply-To: Hugo.van.der.Kooij@CAIW.NL
From: Hugo.van.der.Kooij@CAIW.NL
X-To: Paul Cardon <paul@MOQUIJO.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <38D79C91.54DD80C8@moquijo.com>
On Tue, 21 Mar 2000, Paul Cardon wrote:
> Lars.Troen@MERKANTILDATA.NO wrote:
> >
> > With Firewall-1 all ports defined in the /etc/services file will be denied
> > connections to during an ftp session. This is defined in the file base.def
> > as follows:
> > // ports which are dangerous to connect to
> > #define NOTSERVER_TCP_PORT(p) {
> > (not
> > (
> > ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0,
> > set sr12 p, set sr1 0, log bad_conn)
>
> Actually, the /etc/services file has nothing to do with it. All
> services of type TCP _defined_within_FW-1_ are added to the tcp_services
> table used in the macro listed above. A default FW-1 install will
> include a certain number of these but the list changes with the addition
> or removal of TCP service definitions in the rule base. The behavior of
> the inspect code can also be modified to make it as strict or open as
> desired.
The services list is actually the list of services defined in the
objects.C file. The services do NOT need to be defined in any rulebase.
Hugo.
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Use of any of my email addresses for unsollicited (commercial)
email is a clear intrusion of my privacy and illegal!
