Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] SP3 fixes...

To: "Cihan Subasi \(Garanti Teknoloji\)" <[email protected]>, <[email protected]>
Subject: RE: [FW1] SP3 fixes...
From: [email protected] (Carl E. Mankinen)
Date: Sat, 23 Dec 2000 12:19:29 -0500
Importance: Normal
In-reply-to: <[email protected]>
Sender: [email protected]

Explain to me how you would exploit this:

1) firewall is extremely hardened. With fw services turned off, it's a black hole.
Virtually every component of the O/S that is not needed for running FW services
is quarantined. (dll's, exe's, subsystems, etc etc)
2) public addressing is all accomplished via NAT and local.arp entries so
any Internet routable address is only arp'd for by the firewall which must do
NAT in order for it to route within the firewall.
3) when firewall service is BRIEFLY stopped, no NAT occurs, no ARP occurs,
so no routing of packets occurs. No RFC1918 address are allowed from border
routers via access lists...
4) The firewall is plugged into Cisco switches and we shutdown all interfaces
that are connected to the FW before doing work on it. So again, nowhere for
traffic to go.

Okay, you tell me stopping/starting the fw service in a time period of only a
couple seconds when no traffic is going anywhere is a HUGE security risk? 

What WOULD you have me do, purchase a new firewall everytime I run into some
stupid bug in CheckPoint software? Run out of money fast that way...

You have a LOT worse things to worry about than performing an outtage
like the above. Personally, I am hoping for much much more advanced IDS
software to become available shortly. Software like RealSecure and Snort are
pretty basic and just rely on canned attack signatures. I want software
that uses genetic algorithms and agents that learn what the normal traffic
flows are and detect changes from the norm, along with traditional IDS.

-----Original Message-----
From: Cihan Subasi (Garanti Teknoloji) [mailto:[email protected]]
Sent: Friday, December 22, 2000 4:04 AM
To: '[email protected]'; Cihan Subasi (Garanti Teknoloji);
[email protected]
Subject: RE: [FW1] SP3 fixes...


I would'nt do same thing, stopping the firewall!!!!!!

-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Thursday, December 21, 2000 5:29 PM
To: Cihan Subasi (Garanti Teknoloji);
[email protected]
Subject: Re: [FW1] SP3 fixes...



That last problem I have also seen with 4.1 and 4.1 SP2 a couple times.

In my case, what I did to fix it was stop the fw services, restart them, and
then reload the policy. It looked to me more like the fw was just not taking
the new policy into affect even though everything compiled okay and claimed
to have transferred from the management server to the enforcement server.
Every time this has happened, just stopping the enforcement fw service and
restarting fixed it.

I must be lucky, never had any GUI problems.

----- Original Message ----- 
From: "Cihan Subasi (Garanti Teknoloji)" <[email protected]>
To: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Sent: Thursday, December 21, 2000 2:00 AM
Subject: [FW1] SP3 fixes...


> 
> 
> With SP2 so we had two problems (for me they were very
> annoying).....One was with gui, when I tried to install a new policy after
> saving the policy GUI do not give any response and I should stop the tast
> from Task manager start again and load the policy and this happens very
> frequently...Second is on thefirewall eventhough there is a rule, module
> does see it and packet hits the last rule (deny all) and is denied, I have
> to negate that rule install the policy then disable the negate and install
> it again in order fw see that rule and allow the traffic...My questionis I
> checked the fixes of SP3 and did not see anything related to that issues,
I
> am wondering, am I the only one having those porblems or not? Thanks for
> your replies....
> 
> Merry Xmas and happy New Year....
> 
> *******************************************************************
> Cihan Subasi
> Garanti Technology-Istanbul
> Work phone: +(90)> Cellular       : +(90)> mailto:[email protected]
> http://www.garanti.com.tr
> ********************************************************************
> 
> 
> 
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
> 



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- RE: [FW1] SP3 fixes...
  - From: "Cihan Subasi (Garanti Teknoloji)" <[email protected]>

Prev by Date: RE: Re: [FW1] ftp server using random high ports and checkpoint
Next by Date: [FW1] IKE VPN Success w/ISPO 3.3 and Cisco PixOS 5.212
Previous by thread: RE: [FW1] SP3 fixes...
Next by thread: RE: [FW1] SP3 fixes...
Index(es):
- Date
- Thread