Firewall Wizards mailing list archives

Re: FW-1: Questions about DHCP and IPX

From: Henry Hertz Hobbit <hhhobbit () icarus weber edu>
Date: Wed, 23 Sep 1998 19:02:17 -0600 (MDT)

On Tue, 22 Sep 1998, Marcus J. Ranum wrote:

Jason L. Snowden wrote:

P.S. I don't know if this affects you or not, but FW1 has quite a bit of
Iraqi-written code in it, and the source code for it was recently published in
the Gov't/Mil circles, so exploits will be soon to follow surely.  It has been
banned for use by Government installations for these reasons.  They seem to
have a problem with a firewall which was written by a nation hostile to the
United States. No clue why. ;)


Uh, Jason, I feel obligated to challenge you to substantiate
this rather grandiose claim.


<BIG SNIP>


Further, you assert that it's been banned for use at Gov't
installations -- WOW that's big news. As someone still involved
in companies that do firewalls, I expect I'd have heard such
huge news. Can you substantiate it? Can you point to a SINGLE
PLACE where such a policy has been issued?? As soon as you do,
we'll all run out and short CHKPF. But not until you can offer
a shred of proof.


I know of two major government institutions using FW1, one of
which recently switched to it from Gauntlet. No, I can't tell
you how I found out,  or even who they are. From the last thing
I heard they have no intention of changing.

Lastly, Israel, the nation in which Checkpoint's product was
written, is not (to my knowledge) overtly hostile to the
United States. Or are you seriously hooked into some privy
diplomatic channels, as well??


Overtly hostile, no. But tacitly not *always* in accord with what
the United States wants, yes. As for Mossad, the fact that they have
a serious problem with human rights abuses, who can tell what they
are up to? I have a feeling that even the Israeli government doesn't
know what they are doing 90% of the time, just like our government
doesn't know what the FBI or CIA are doing most of the time.

As to the source code being available to certain sources in this
country, it stands to reason that it would be available to some
government site if they are using it. Any major user of a product
can frequently ask for and get this, not just the government. If
one vendor doesn't give it to them, they will go some place else
where they will get it.


HHH

Current thread:

FW-1: Questions about DHCP and IPX Jim Hebert (Sep 15)
- Re: FW-1: Questions about DHCP and IPX Chris Brenton (Sep 17)
- Re: FW-1: Questions about DHCP and IPX Calvin Ng (Sep 17)
- <Possible follow-ups>
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 22)
  - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 23)
    - Re: FW-1: Questions about DHCP and IPX Henry Hertz Hobbit (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Darren Reed (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Joseph S. D. Yao (Sep 24)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 25)
    - Re: FW-1: Questions about DHCP and IPX Kevin Steves (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Adam Shostack (Sep 29)
    - Re: FW-1: Questions about DHCP and IPX Marcus J. Ranum (Sep 29)
  - Re: FW-1: Questions about DHCP and IPX Aaron D. Turner (Sep 23)
- Re: FW-1: Questions about DHCP and IPX ark (Sep 23)
  - BorderManager, was Re: FW-1: Questions about DHCP and IPX Kjell Wooding (Sep 24)
- Re: FW-1: Questions about DHCP and IPX Jason L. Snowden (Sep 23)