Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Possible NT IpForwarding Security Issue.

To: <[email protected]>, <[email protected]>
Subject: RE: [FW1] Possible NT IpForwarding Security Issue.
From: "Sumit" <[email protected]>
Date: Thu, 18 Jan 2001 13:44:10 -0800
Importance: Normal
In-reply-to: <852569D8.00721458.00@btg_hub01.bombardier.com>
Sender: [email protected]

No.

FireWall-1 has two parts: a device driver component and user-level
processes. When you type fwstop (or do an "fw unload"), what happens is that
the security policy is unloaded and IP Forwarding is disabled. On Unix, it
is done automatically by disabling it in the TCP/IP stack directly (AIX
being the notable exception here). On Windows NT, the kernel driver (which
sits between the TCP/IP stack and the NIC driver) prevents the forwarding of
packets.

If the FireWall-1 processes terminates abnormally (as listed in Services or
the fwd/fwm processes under Unix), the device driver is still allowing
packets to flow through the firewall according to the security policy.
However, logging and anything that otherwise relies on the security servers
or the fwd/fwm processes will not function. If the FireWall-1 Device Driver
crashes, it should cause the entire system to crash.

-Sumit

-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Thursday, January 18, 2001 12:46 PM
To: [email protected]
Subject: [FW1] Possible NT IpForwarding Security Issue.





Hi,

One question has been occupied us for the past day:

If the Firewall service goes down or is stop by mistake, Windows NT is Still
Alive
and IPforwarding is enable, would the nt server route packet to the
protected
server in the internal network or in the DMZ ?

Sylvain






============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Possible NT IpForwarding Security Issue.
  - From: [email protected]

Prev by Date: [FW1] FW-1 100% cpu usage
Next by Date: RE: [FW1] Cable/DSL Router/Firewalls
Previous by thread: Re: [FW1] Possible NT IpForwarding Security Issue.
Next by thread: Re: [FW1] Possible NT IpForwarding Security Issue.
Index(es):
- Date
- Thread