Firewall Wizards mailing list archives
Re: FW-1: Questions about DHCP and IPX
From: "Marcus J. Ranum" <mjr () nfr net>
Date: Tue, 22 Sep 1998 17:37:34 -0400
Jason L. Snowden wrote:
P.S. I don't know if this affects you or not, but FW1 has quite a bit of Iraqi-written code in it, and the source code for it was recently published in the Gov't/Mil circles, so exploits will be soon to follow surely. It has been banned for use by Government installations for these reasons. They seem to have a problem with a firewall which was written by a nation hostile to the United States. No clue why. ;)
Uh, Jason, I feel obligated to challenge you to substantiate this rather grandiose claim. There have been huge numbers of bogus rumors spread about FW-1, by unscrupulous vendors and self-aggrandizing consultants. Nobody has ever come forward with a shred of evidence to the effect that there is anything untoward in FW-1. 2 years ago I offered a bounty of $2,000 for *PROOF* that there is a deliberate trapdoor in FW-1 -- nobody has ever come forward (though Adam Shostack tried to argue that some of the features of their secure remote management are so clueless as to constitute a backdoor) :) If the source code for it was published in "Gov't/Mil circles" I would have heard of it, or seen it. I haven't. I'm sure you're better connected than I am, though, so perhaps you can point me to someone who's willing to discuss this on or off the record?? Otherwise I've got to assume that you're a clueless rumor-monger like all the others. :( BTW, FW-1 was written by Israelis. The usual rumor is a Mossad (Israeli secret service) trapdoor, not Iraqi. I'd be surprised if a bunch of Israelis put trapdoors in their product at the request of the Iraqis. Detente doesn't go THAT far!! Further, you assert that it's been banned for use at Gov't installations -- WOW that's big news. As someone still involved in companies that do firewalls, I expect I'd have heard such huge news. Can you substantiate it? Can you point to a SINGLE PLACE where such a policy has been issued?? As soon as you do, we'll all run out and short CHKPF. But not until you can offer a shred of proof. Lastly, Israel, the nation in which Checkpoint's product was written, is not (to my knowledge) overtly hostile to the United States. Or are you seriously hooked into some privy diplomatic channels, as well?? mjr. -- Marcus J. Ranum, CEO, Network Flight Recorder, Inc. work - http://www.nfr.net home - http://www.clark.net/pub/mjr
Current thread:
- FW-1: Questions about DHCP and IPX Jim Hebert (Sep 15)
- Re: FW-1: Questions about DHCP and IPX Chris Brenton (Sep 17)
- Re: FW-1: Questions about DHCP and IPX Calvin Ng (Sep 17)
- <Possible follow-ups>
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 22)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
- Re: FW-1: Questions about DHCP and IPX Henry Hertz Hobbit (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Darren Reed (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Joseph S. D. Yao (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 25)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
- Re: FW-1: Questions about DHCP and IPX Kevin Steves (Sep 29)
- Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 29)
- Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 29)
- BorderManager, was Re: FW-1: Questions about DHCP and IPX Kjell Wooding (Sep 24)