Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Subject: Gauntlet Rule Interpretation

From: "Zbonski, David" <dzbonski () thrupoint net>
Date: Wed, 13 Feb 2002 15:41:23 -0600
I am not intimately familiar with Gauntlet but I can read, too.  And I agree
with your statement that the rule, with no specific blocking of SNMP (in
another rule), would allow the traffic from the source to the destination.
And while we're talking about blocking SNMP - SANS released a vague alert
saying that SNMP was dangerous.  But they also included a statement saying
that UDP 1993 was dangerous to Cisco's as well.  That was news to me.

David Z

-Message: 9
-From: "Johann van Duyn" <Johann_van_Duyn () bat com>
-To: firewall-wizards () nfr net
-Date: Wed, 13 Feb 2002 15:59:31 +0200
-Subject: [fw-wiz] Gauntlet Rule Interpretation
-
-
-
-Hi there...
-
-I am arguing with our network manager regarding the interpretation of
-Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep,
-but I can read, and I am sure that I am interpreting the rules correctly.
-
-The ruleset says NOTHING specific about SNMP traffic, either by proxy name
-or by port number.
-
However, some of our rules look like this:

=A0 =A0 =A0 =A0 authenIP: permit-forward -if ef1 -proto * -srcaddr
a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport *
-dstport *
=A0 =A0 =A0 =A0 authenIP: permit-forward -if exp0 -proto * -dstaddr
a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport *
-srcport *

Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and
vice-versa? Or am I missing something here?
<DELETED>


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: