Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Subject: Gauntlet Rule Interpretation

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 13 Feb 2002 23:36:18 -0500 (EST)

CERTS advisory seemed more specific:

"http://www.cert.org/advisories/CA-2002-03.html";>CERT Advisory
CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple
Network Management Protocol (SNMP)

Hope that fills in the blanks.

Thanks,

Ron DuFresne


On Wed, 13 Feb 2002, Zbonski, David wrote:


I am not intimately familiar with Gauntlet but I can read, too.  And I agree
with your statement that the rule, with no specific blocking of SNMP (in
another rule), would allow the traffic from the source to the destination.
And while we're talking about blocking SNMP - SANS released a vague alert
saying that SNMP was dangerous.  But they also included a statement saying
that UDP 1993 was dangerous to Cisco's as well.  That was news to me.

David Z

-Message: 9
-From: "Johann van Duyn" <Johann_van_Duyn () bat com>
-To: firewall-wizards () nfr net
-Date: Wed, 13 Feb 2002 15:59:31 +0200
-Subject: [fw-wiz] Gauntlet Rule Interpretation
-
-
-
-Hi there...
-
-I am arguing with our network manager regarding the interpretation of
-Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep,
-but I can read, and I am sure that I am interpreting the rules correctly.
-
-The ruleset says NOTHING specific about SNMP traffic, either by proxy name
-or by port number.
-
However, some of our rules look like this:

=A0 =A0 =A0 =A0 authenIP: permit-forward -if ef1 -proto * -srcaddr
a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport *
-dstport *
=A0 =A0 =A0 =A0 authenIP: permit-forward -if exp0 -proto * -dstaddr
a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport *
-srcport *

Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and
vice-versa? Or am I missing something here?
<DELETED>


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards



-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: