Firewall Wizards mailing list archives

Re: FW-1: Questions about DHCP and IPX

From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 22 Sep 1998 17:37:34 -0400

Jason L. Snowden wrote:

P.S. I don't know if this affects you or not, but FW1 has quite a bit of
Iraqi-written code in it, and the source code for it was recently published in
the Gov't/Mil circles, so exploits will be soon to follow surely.  It has been
banned for use by Government installations for these reasons.  They seem to
have a problem with a firewall which was written by a nation hostile to the
United States. No clue why. ;)


Uh, Jason, I feel obligated to challenge you to substantiate
this rather grandiose claim.

There have been huge numbers of bogus rumors spread about
FW-1, by unscrupulous vendors and self-aggrandizing consultants.
Nobody has ever come forward with a shred of evidence to the
effect that there is anything untoward in FW-1. 2 years ago
I offered a bounty of $2,000 for *PROOF* that there is a
deliberate trapdoor in FW-1 -- nobody has ever come forward
(though Adam Shostack tried to argue that some of the features
of their secure remote management are so clueless as to
constitute a backdoor) :)

If the source code for it was published in "Gov't/Mil circles"
I would have heard of it, or seen it. I haven't. I'm sure
you're better connected than I am, though, so perhaps you can
point me to someone who's willing to discuss this on or off
the record?? Otherwise I've got to assume that you're a clueless
rumor-monger like all the others. :(

BTW, FW-1 was written by Israelis. The usual rumor is a
Mossad (Israeli secret service) trapdoor, not Iraqi. I'd
be surprised if a bunch of Israelis put trapdoors in their
product at the request of the Iraqis. Detente doesn't
go THAT far!!

Further, you assert that it's been banned for use at Gov't
installations -- WOW that's big news. As someone still involved
in companies that do firewalls, I expect I'd have heard such
huge news. Can you substantiate it? Can you point to a SINGLE
PLACE where such a policy has been issued?? As soon as you do,
we'll all run out and short CHKPF. But not until you can offer
a shred of proof.

Lastly, Israel, the nation in which Checkpoint's product was
written, is not (to my knowledge) overtly hostile to the
United States. Or are you seriously hooked into some privy
diplomatic channels, as well??

mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr

Current thread:

FW-1: Questions about DHCP and IPX Jim Hebert (Sep 15)
- Re: FW-1: Questions about DHCP and IPX Chris Brenton (Sep 17)
- Re: FW-1: Questions about DHCP and IPX Calvin Ng (Sep 17)
- <Possible follow-ups>
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 22)
  - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
    - Re: FW-1: Questions about DHCP and IPX Henry Hertz Hobbit (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Darren Reed (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Joseph S. D. Yao (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 25)
    - Re: FW-1: Questions about DHCP and IPX Kevin Steves (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 29)
  - Re: FW-1: Questions about DHCP and IPX Aaron D. Turner (Sep 23)
- Re: FW-1: Questions about DHCP and IPX ark (Sep 23)
  - BorderManager, was Re: FW-1: Questions about DHCP and IPX Kjell Wooding (Sep 24)

(Thread continues...)