Bugtraq mailing list archives
Re: Default configuration in WatchGuard Firewall
From: Matt.Bruce () ALPHAWEST COM AU (Matt Bruce)
Date: Wed, 15 Sep 1999 12:21:01 +0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I concur with the Watchguard Rapid Response Team's findings, based upon my experience with Firebox-II installations. Each Firebox-II with SMS 3.3 (with and without SP1) that I have done has had ping Disabled on Inbound (denied/logged) and Enabled on Outbound (any-to-any) by default. While there may be a (somewhat subjective or contentious) issue about allowing everyone outbound pinging by default, it certainly didn't allow any ping traffic from the External to the Trusted networks unless I explictly allowed it. I can't speak for FB-10/-100 boxes or versions of SMS prior to 3.3, however. HTH and regards, - -- Matt Bruce <matt.bruce () alphawest com au> Internet & Security Engineer AlphaWest - http://www.alphawest.com.au/
-----Original Message----- From: Steve Fallin [mailto:steve.fallin () WATCHGUARD COM] Sent: Tuesday, 14 September 1999 4:37 am The poster, Sr. Alfonso Lazaro stated that, by default, the WatchGuard Firebox allowed ping traffic from any interface to any interface... In the absence of any further information from Sr. Lazaro, we believe that his report of a vulnerability in Firebox default configuration files is in error.
-----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 Comment: Get my public key from ldap://certserver.pgp.com iQA/AwUBN96ukxmtSClHdI5CEQJOYACfT00ME4V+Mw/VfVTSt+PXqXHP5UUAoMVZ 6qsxAWTtzEh3dWWeNQYdn/0h =qJcF -----END PGP SIGNATURE-----
Current thread:
- Default configuration in WatchGuard Firewall Alfonso Lazaro (Sep 02)
- Re: Default configuration in WatchGuard Firewall Chris Brenton (Sep 04)
- Re: Default configuration in WatchGuard Firewall Pavel Kankovsky (Sep 05)
- <Possible follow-ups>
- Re: Default configuration in WatchGuard Firewall Ryan Russell (Sep 04)
- Disabling everything Dr. Joel M. Hoffman (Sep 09)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 07)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 13)
- Re: Default configuration in WatchGuard Firewall Matt Bruce (Sep 14)