Firewall Wizards mailing list archives
RE: Subject: Gauntlet Rule Interpretation
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Wed, 13 Feb 2002 23:36:18 -0500 (EST)
CERTS advisory seemed more specific: "http://www.cert.org/advisories/CA-2002-03.html">CERT Advisory CA-2002-03 Multiple Vulnerabilities in Many Implementations of the Simple Network Management Protocol (SNMP) Hope that fills in the blanks. Thanks, Ron DuFresne On Wed, 13 Feb 2002, Zbonski, David wrote:
I am not intimately familiar with Gauntlet but I can read, too. And I agree with your statement that the rule, with no specific blocking of SNMP (in another rule), would allow the traffic from the source to the destination. And while we're talking about blocking SNMP - SANS released a vague alert saying that SNMP was dangerous. But they also included a statement saying that UDP 1993 was dangerous to Cisco's as well. That was news to me. David Z -Message: 9 -From: "Johann van Duyn" <Johann_van_Duyn () bat com> -To: firewall-wizards () nfr net -Date: Wed, 13 Feb 2002 15:59:31 +0200 -Subject: [fw-wiz] Gauntlet Rule Interpretation - - - -Hi there... - -I am arguing with our network manager regarding the interpretation of -Gauntlet (on BSD Unix) rulesets. My knowledge of Gauntlet is not very deep, -but I can read, and I am sure that I am interpreting the rules correctly. - -The ruleset says NOTHING specific about SNMP traffic, either by proxy name -or by port number. - However, some of our rules look like this: =A0 =A0 =A0 =A0 authenIP: permit-forward -if ef1 -proto * -srcaddr a.b.c.d:255.255.255.255 -dstaddr w.x.y.z:255.255.255.255 -srcport * -dstport * =A0 =A0 =A0 =A0 authenIP: permit-forward -if exp0 -proto * -dstaddr a.b.c.d:255.255.255.255 -srcaddr w.x.y.z:255.255.255.255 -dstport * -srcport * Surely such a rule would let SNMP traffic from a.b.c.d to w.x.y.z and vice-versa? Or am I missing something here? <DELETED> _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Subject: Gauntlet Rule Interpretation Zbonski, David (Feb 13)
- RE: Subject: Gauntlet Rule Interpretation R. DuFresne (Feb 14)
- <Possible follow-ups>
- RE: Subject: Gauntlet Rule Interpretation ark (Feb 15)