Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] CERT Advisory and SecuRemote

To: "'[email protected]'" <[email protected]>
Subject: Re: [FW1] CERT Advisory and SecuRemote
From: Patrick Lotti <[email protected]>
Date: Thu, 12 Jul 2001 08:42:35 +0200
Organization: ISION Internet AG
References: <[email protected]>
Sender: [email protected]

No, there's no problem with "any firewall [service] allow" rules.
(Ok, it's possible to attack your firewall with many IKE requests,
and RDP packets. But there's no way to send data through the firewall,
from any source to any destination.)

I just wondered why there was an "any any rdp allow" rule in the
implied rules, as everybody nows that "any any [service] allow"
is a bad idea and can be always avoided. So I just disabled the
implied rules, not thinking to open up a case...

With or without patch, stupid guys (in this case the developers)
can always add "any any [service] allow" rules to the rulebase,
and fw-1 won't even complain about such rules. I think the next
patch should completely reject such rules.

Patrick


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] CERT Advisory and SecuRemote
  - From: "C. Regis Wilson" <[email protected]>

References:
- [FW1] CERT Advisory and SecuRemote
  - From: Joel Turoff <[email protected]>

Prev by Date: [FW1] Stopping StoneBeat log
Next by Date: RE: [FW1] New Checkpoint vulnerability - Important!!!
Previous by thread: [FW1] CERT Advisory and SecuRemote
Next by thread: RE: [FW1] CERT Advisory and SecuRemote
Index(es):
- Date
- Thread