Bugtraq mailing list archives

Re: Check Point response to RDP Bypass

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Thu, 12 Jul 2001 08:42:15 +0200 (CEST)

On Wed, 11 Jul 2001, Johan Lindqvist wrote:

The original advisory
(http://www.inside-security.de/advisories/fw1_rdp.html) says that a
workaround is to "Deactivate implied rules in the Check Point policy editor
(and build your own rules for management connections).". I've not been able
to find any changes in the INSPECT code generated to confirm that not using
the implied rules from "Policy/properties/Security policy/Implied
rules/Accept VPN-1 & FireWall-1 Control Connection"


If you run nmap against FW-1 you will notice different behaviour.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.

Current thread:

Check Point response to RDP Bypass aleph1 (Jul 09)
- <Possible follow-ups>
- Re: Check Point response to RDP Bypass Johan Lindqvist (Jul 11)
  - Re: Check Point response to RDP Bypass Jochen Bauer (Jul 11)
  - Re: Check Point response to RDP Bypass Hugo van der Kooij (Jul 12)
- RE: Check Point response to RDP Bypass Clarke, Paul [IT] (Jul 15)