Bugtraq mailing list archives
WinGate Intermediary Fix/Update
From: mike () WEB2000 NET (Mike Zimmerman)
Date: Thu, 26 Mar 1998 03:00:01 -0500
Apologies for any information repeated. As of WinGate release 2.1b, the default behavior of the program is to not accept proxy connections on the "real" IP address of the machine by default. Since the damage has already been done with the mass use of the earlier versions, I threw together a simple stopgap fix for Cisco routers. Adding the following lines to your access lists gives a simple and effective fix for the majority of the problem: router#config t Enter configuration commands, one per line. End with CNTL/Z. router(config)#access-list <n> deny tcp any <user space address> <user space hostmask> eq 1080 router(config)#access-list <n> permit ip any any router(config)#int <ethernet interface> rouetr(config-if)#ip access-group <n> in <n>=a number between 100-199 <user space address>/<user space hostmask>=The addresses of your dialup users. Please noted that access list hostmasks are backwards from normal convention, so a 255.255.255.0 subnetmask would be 0.0.0.255. <ethernet interface>=the interface of the network segment your dialup users are on. The last two commands can be repeated for multiple interfaces. What this does: This blocks the standard SOCKS Proxy port for all machines inside the specified network mask. Since there are VERY few instances where an ISP would find it desirable for a user to run a proxy on their dialup connection, this shouldn't disrupt any of your services. Also, please note that there is an article posted to http://www.wingate.net/secure-wingate.htm on how to secure open WinGate's. Hope this helps, Mike Zimmerman mike () web2000 net
Current thread:
- Re: MySQL Security, (continued)
- Re: MySQL Security Aleph One (Mar 29)
- Eudora Pro 4.0 attachment/long filename problem whiz (Mar 29)
- mysql: MySQL Security Michael Widenius (Mar 29)
- wtmpx utility for solaris Ryan (Mar 30)
- Re: wtmpx utility for solaris Mikael Brandstrom (Mar 31)
- HPSBUX9803-077 Security Vulnerability with inetd on HP-UX Aleph One (Mar 30)
- pset Buffer Overrun Vulnerability SGI Security Coordinator (Mar 26)
- Netscape Navigator Security Vulnerabilities SGI Security Coordinator (Mar 26)
- Re: Trivial mSQL/MySQL DoS method? Nigel Reed (Mar 26)