Bugtraq mailing list archives
Re: Firewall-1 Security Advisory
From: dsg () MITRE ORG (David S. Goldberg)
Date: Tue, 27 Oct 1998 08:35:43 -0500
Paul Sears writes:Instead of completely disabling these rules, I recommend the "enabled" but process it "Last" and have appropriate rules to authorize and log these services...
If you have rules to authorize and log the services handled by the properties, then you might as well (in fact, I'd say you'd be better off to) disable them in the properties since the properties will never come into play, unless your rules are not all encompassing. The exceptions to this are the handling of established session packets and ftp PORT handling (and maybe one or two others that I've forgotten), which is difficult, if not impossible, to handle in the ruleset. -- Dave Goldberg Post: The Mitre Corporation\MS B305\202 Burlington Rd.\Bedford, MA 01730 Phone: 781-271-3887 Email: dsg () mitre org
Current thread:
- Root compromise via zgv Nergal (Oct 19)
- Similar Internet Explorer security problem Harry (Dec 31)
- Re: Firewall-1 Security Advisory David S. Goldberg (Oct 27)
- Re: Root compromise via zgv Alan Cox (Oct 27)