NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] WebSite being Hacked!!!



Hello,


>
> Hi, all:
>
>    one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my FW1-4.1
> sp3 has been hacked.

No matter what version of FW-1 you have, as long as the port is open and you
have IIS running I'd say you are vunerable.
IIS 4.0 and 5.0 have major bugs such as remote buffer overflows and
arbitrary command execution. The only way to fix this is to either :
1) change Web server.
2) Upgrade/patch as often as possible your ISS
3) Use your firewall (or other) to check for incorrect URLs that might be a
problem for your IIS.

> I think the hacker used script via IE explorer to hack it.
>   My questions are:
> 1. How to prevent from ports scanning through Internet.
Simply clean your rule base to have the minimum open and log anything else.

> 2. How to prevent from being hacked through port 80.
As long as you allow HTTP traffic, you could still use content servers.
Your defense will only be as good as your Web server or content security

> 3. How can I enable the Intruder Detect system (not only ip spoofing)

you should check your FW-1 config files for CPMAD ($FWDIR/conf/cpmad_conf)
or SYNdefender

>
> Thanx!
>
>

no problem, we're here to help :)



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.