Firewall Wizards mailing list archives
RE: Subject: Gauntlet Rule Interpretation
From: "Zbonski, David" <dzbonski () thrupoint net>
Date: Wed, 13 Feb 2002 15:41:23 -0600
I am not intimately familiar with Gauntlet but I can read, too. And I agree with your statement that the rule, with no specific blocking of SNMP (in another rule), would allow the traffic from the source to the destination. And while we're talking about blocking SNMP - SANS released a vague alert saying that SNMP was dangerous. But they also included a statement saying that UDP 1993 was dangerous to Cisco's as well. That was news to me. David Z -Message: 9 -From: "Johann van Duyn" <Johann_van_Duyn () bat com> -To: firewall-wizards () nfr net -Date: Wed, 13 Feb 2002 15:59:31 +0200 -Subject: [fw-wiz] Gauntlet Rule Interpretation - - - -Hi there... - -I am arguing with our network manager regarding the interpretation of -Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep, -but I can read, and I am sure that I am interpreting the rules correctly. - -The ruleset says NOTHING specific about SNMP traffic, either by proxy name -or by port number. - However, some of our rules look like this: =A0 =A0 =A0 =A0 authenIP: permit-forward -if ef1 -proto * -srcaddr a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport * -dstport * =A0 =A0 =A0 =A0 authenIP: permit-forward -if exp0 -proto * -dstaddr a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport * -srcport * Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and vice-versa? Or am I missing something here? <DELETED> _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Subject: Gauntlet Rule Interpretation Zbonski, David (Feb 13)
- RE: Subject: Gauntlet Rule Interpretation R. DuFresne (Feb 14)
- <Possible follow-ups>
- RE: Subject: Gauntlet Rule Interpretation ark (Feb 15)