Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Gauntlet problems - was nmap fun

From: Bret Watson <lists () ticm com>
Date: Fri, 27 Oct 2000 07:01:50 +0800
At 10:11 AM 26/10/00 +0200, you wrote:


On 24-Oct-00 Bret Watson wrote:
> Whilst we are looking at nmap.. Has anyone noticed that scanning an address 
> range "protected" by Gauntlet 5.x , interesting things appear?
>
> Such as being able to identify all the ports that are open on the hosts
> behind the firewall?

Well, it depends on your addressing scheme routing configuration and of course
also on configuration of your firewall. I'm not here to defend Gauntlet but if: 

this can NEVER happen. Definitely not by portscanning (of any kind). So,
please, describe topology of your network and configuration of the firewall you 
ran the nmap scan against and maybe somebody on this list (maybe me) can spot
some config problems.
Well I'm not talking about internal networks, but machines in the DMZ. Simply put - nmap _should_ be able to see port 80 or 21 on those machines, it should _not_ be able to see port 6000 or 8888 - where there is no proxy (yes any machine with X or Sun's help system running on it in a DMZ is certainly mis-configured!)
It is irritating, if the only ports I got responses from matched the proxies that were installed, then at least I could feel that the probem was managable. But since I can get TCP connect hits against any port at the far end - it means that the firewall itself may be vulnerable to attacks. 

Cheers,

Bret




_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: