[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] multiple firewalls in serial
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HI all, Can anyone point me in the direction of a good reference document for setting up 2 firewalls in serial. Specifically, best practice sort of stuff, rather than how to's. Cheers, Symon Thurlow - -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of Amaury de Ville Sent: 01 June 2001 09:38 To: Felix; Fw-1-Mailinglist Subject: Re: [FW1] WebSite being Hacked!!! Hello, > > Hi, all: > > one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my > FW1-4.1 sp3 has been hacked. No matter what version of FW-1 you have, as long as the port is open and you have IIS running I'd say you are vunerable. IIS 4.0 and 5.0 have major bugs such as remote buffer overflows and arbitrary command execution. The only way to fix this is to either : 1) change Web server. 2) Upgrade/patch as often as possible your ISS 3) Use your firewall (or other) to check for incorrect URLs that might be a problem for your IIS. > I think the hacker used script via IE explorer to hack it. > My questions are: > 1. How to prevent from ports scanning through Internet. Simply clean your rule base to have the minimum open and log anything else. > 2. How to prevent from being hacked through port 80. As long as you allow HTTP traffic, you could still use content servers. Your defense will only be as good as your Web server or content security > 3. How can I enable the Intruder Detect system (not only ip > spoofing) you should check your FW-1 config files for CPMAD ($FWDIR/conf/cpmad_conf) or SYNdefender > > Thanx! > > no problem, we're here to help :) ====================================================================== ========== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ====================================================================== ========== -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBOxqYHSSR4L/PyJNuEQJ+6QCgrZ/elV1HELME5s5TRg+Czk0GPVkAoKZW xueIhXks2dF+7PdJZyNK77af =IS0A -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|