Bugtraq mailing list archives
Re: Firewall-1 Security Advisory
From: simon_finn () AMP COM AU (Simon Finn)
Date: Thu, 29 Oct 1998 11:28:50 -0000
And what about the default of the ports 256, 257, 258 and 259 appearing on every interface? A little concerning, since they are not listed in the table of ports in the main manual. Even more concerning when I'm told they are for secure remote support, logging and configuration control! This obscurity makes one rather nervous.
<snip> This was addressed a while ago in the only other security bulletin I have seen for Firewall 1 in over a year (the latest being along the same lines except for DNS). The default is to allow Firewall Control Connections - First. This being snmp has obvious implications. The ports it uses are defined in the services objects. If you have trouble understanding the was the First/Before Last/Last options it actually explains it in the under "Enable ICMP" in the "Security Policy" section. Basically as a rule put everything as "Last" in the security policy tab, that way everything is either logged, explicitly allowed/dropped or explicity not logged. I personally dont think the "default" settings to be a bug. The default settings has no policy. The policy is what you build. Simon Finn
Current thread:
- rootshell hacked via ssh-1.2.26, (continued)
- rootshell hacked via ssh-1.2.26 Felix von Leitner (Oct 28)
- Re: Firewall-1 Security Advisory David S. Goldberg (Oct 27)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Ejovi Nuwere (Oct 29)
- Summary of Printer Sharing and M1CR0S0FT Windows98 Paul Leach (Oct 29)
- Re: Firewall-1 Security Advisory Jason Costomiris (Oct 30)
- Firewall-1 insecurity. Darren Reed (Oct 29)
- Bug in Solaris 2.6 ??? Daniel Ezekiel (Oct 29)
- WatchGuard Firewall internal D.O.S Who Wants To Live Forever ... (Oct 29)
- Re: Firewall-1 Security Advisory Gary Gaskell (Oct 27)
- Re: Firewall-1 Security Advisory Larry Pingree (Oct 27)
- Re: Firewall-1 Security Advisory Simon Finn (Oct 29)
- Re: Firewall-1 Security Advisory Keith Young (Oct 29)