Firewall Wizards mailing list archives
Re: nmap fun
From: Magosányi Árpád <mag () bunuel tii matav hu>
Date: Fri, 27 Oct 2000 11:06:59 +0200
A levelezőm azt hiszi, hogy Bret Watson a következőeket írta:
Truly this is so - but the interesting bit is that nmap was finding xwindows, SNMP and other 'nice' services that would certainly attract a hacker.. but no proxy on the firewall was set for them.. But you're right - run a netbios probe across a NT Gauntlet and you'll see some interesting info - even if the packet filters are supposed to be set to bar netbios traffic... Yep Marcus was right - by getting transparent proxies we traded a definite level of security and one should always remember that the standard textbook firewall config always includes a screening router (aka packet filter) in front - its there for a reason guys!...
The packet filter is still logically in front. But on the same machine.
Still it makes on truly uncomfortable trying to defend APs against packet filters when they become transparent to nmap..
We are talking about a reasonably good application proxy firewall which is defended by a poor packet filter configured in a braindead manner. This is what NAI did with Gauntlet. But still; if you install a Gauntlet, rip off its various GUIs, harden the underlying OS, use the native packet filter instead the one they have given to you, configure it locally or through ssh using vi, you can get the 3rd or 4th best firewall in the market. It is magnitudes more secure than any of the "market leader firewall"s (which are not even firewalls). -- GNU GPL: csak tiszta forrásból _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: nmap fun Chris Calabrese (Oct 27)
- Re: nmap fun Bret Watson (Oct 27)
- Re: nmap fun Magosányi Árpád (Oct 28)
- <Possible follow-ups>
- FW: nmap fun LeGrow, Matt (Oct 27)
- RE: nmap fun Frank Knobbe (Oct 27)
- RE: nmap fun LeGrow, Matt (Oct 27)
- RE: nmap fun Bret Watson (Oct 28)
- RE: FW: nmap fun LeGrow, Matt (Oct 28)
- Re: nmap fun Bret Watson (Oct 27)