Bugtraq mailing list archives

Re: NT DoS on FW-1

From: cbrenton () SOVER NET (cbrenton)
Date: Tue, 16 Feb 1999 17:15:14 -0500


On Mon, 15 Feb 1999, Malikai wrote:

This issue can be fixed by simply implementing a stealthing rule on the
firewall itself. The problem is in NT's stack, not the FireWalls.


This will *not* fix the problem as any stealth rules are implemented after
the Properties settings. This means that all the FW-1 control ports (9 or
so), ICMP, DNS, etc. etc. are still left open.

Check out:
http://www.geek-speak.net/fw1/fw1_properties.html

You would need to nuke your properties settings before creating a stealth
rule to have it be effective.

Happy hunting,
Chris
--
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet

Current thread:

Re: NT DoS on FW-1 Malikai (Feb 15)
- Canc0n99/2k HWA Staff (Feb 16)
- Quake client killer Tim Fletcher (Feb 16)
  - Quakeworld client killer followup Tim Fletcher (Feb 18)
- Re: NT DoS on FW-1 cbrenton (Feb 16)
- <Possible follow-ups>
- Re: NT DoS on FW-1 Matt Hargett (Feb 21)