Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] multiple firewalls in serial

To: "'Fw-1-Mailinglist'" <[email protected]>
Subject: [FW1] multiple firewalls in serial
From: "Symon Thurlow" <[email protected]>
Date: Sun, 3 Jun 2001 21:03:42 +0100
Importance: Normal
In-reply-to: <[email protected]>
Reply-to: <[email protected]>
Sender: [email protected]

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

HI all,

Can anyone point me in the direction of a good reference document for
setting up 2 firewalls in serial. Specifically, best practice sort of
stuff, rather than how to's.

Cheers,

Symon Thurlow

- -----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
Amaury de Ville
Sent: 01 June 2001 09:38
To: Felix; Fw-1-Mailinglist
Subject: Re: [FW1] WebSite being Hacked!!!



Hello,


>
> Hi, all:
>
>    one of my web server (IIS4.0 on NT 4.0 SP6a) which is behind my
> FW1-4.1 sp3 has been hacked.

No matter what version of FW-1 you have, as long as the port is open
and you
have IIS running I'd say you are vunerable.
IIS 4.0 and 5.0 have major bugs such as remote buffer overflows and
arbitrary command execution. The only way to fix this is to either :
1) change Web server.
2) Upgrade/patch as often as possible your ISS
3) Use your firewall (or other) to check for incorrect URLs that
might be a
problem for your IIS.

> I think the hacker used script via IE explorer to hack it.
>   My questions are:
> 1. How to prevent from ports scanning through Internet.
Simply clean your rule base to have the minimum open and log anything
else.

> 2. How to prevent from being hacked through port 80.
As long as you allow HTTP traffic, you could still use content
servers.
Your defense will only be as good as your Web server or content
security

> 3. How can I enable the Intruder Detect system (not only ip
> spoofing)  

you should check your FW-1 config files for CPMAD
($FWDIR/conf/cpmad_conf)
or SYNdefender

>
> Thanx!
>
>

no problem, we're here to help :)



======================================================================
==========
     To unsubscribe from this mailing list, please see the
instructions at
               http://www.checkpoint.com/services/mailing.html
======================================================================
==========

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBOxqYHSSR4L/PyJNuEQJ+6QCgrZ/elV1HELME5s5TRg+Czk0GPVkAoKZW
xueIhXks2dF+7PdJZyNK77af
=IS0A
-----END PGP SIGNATURE-----



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- Re: [FW1] WebSite being Hacked!!!
  - From: "Amaury de Ville" <[email protected]>

Prev by Date: RE: [FW1] Websense and FW-1 Nokia
Next by Date: RE: [FW1] Source port based filtering
Previous by thread: Re: [FW1] WebSite being Hacked!!!
Next by thread: RE: [FW1] WebSite being Hacked!!!
Index(es):
- Date
- Thread