Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Nimda rule rejects disinfected clients ???

To: [email protected]
Subject: Re: [FW-1] Nimda rule rejects disinfected clients ???
From: Joe Pampel <[email protected]>
Date: Mon, 3 Dec 2001 12:50:12 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

If it's the bug I'm thinking of, the FW URI rules choke on URL's with the @ sign in them.  Easiest way
around this is just to make sure your hosts are clean (be a good neighbor!) and then remove the outbound URI rule (unless your users are hosting webs servers!)  If your net is clean, you are really only concerned with incoming bad stuff - so just block inbound. You users are making outbound requests for websites so they will be unaffected.
This should resolve your problem while affording you some protection from NIMDA, CodeRed, etc.
Your rule is just:

any      MyNet      Bad-HTTP     Drop   (or log)
mynet    any          HTTP           accept(or accounting if you track this stuff)

HTH,

Joe

>>> Sam Denton <[email protected]> 12/03/01 11:04AM >>>
The same thing happened to me. I got in contact with Checkpoint. They say it
is a known bug and there is nothing they can do about it. There are no plans
to 'fix' the error either. Its a pain I know but we all have to live with
it. I recommend removing the rule and not adding any uri resources this
seams to stop it happening.

Thanx

Sam

-----Original Message-----
From: Sero Sero [mailto:[email protected]]
Sent: Monday, December 03, 2001 3:30 PM
To: [email protected]
Subject: [FW-1] Nimda rule rejects disinfected clients ???


Hi,
When i enable the Nimda rule , some of my Web connections rejected from
firewall but this situation isnt stable, sometimes occurs, sometimes  NOT. I
check my machine but there is no Nimda.. Is there anybody who did see this
error ?

Thankz..
--

_______________________________________________
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup


1 cent a minute calls anywhere in the U.S.!

http://www.getpennytalk.com/cgi-bin/adforward.cgi?p_key=RG9853KJ&url=http://
www.getpennytalk.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: [FW-1] running bash shell on IPSO
Next by Date: [FW-1] AW: [FW-1] --- Checkpoint FW1 on FreeBSD ---
Previous by thread: Re: [FW-1] Nimda rule rejects disinfected clients ???
Next by thread: [FW-1] --- Checkpoint FW1 on FreeBSD ---
Index(es):
- Date
- Thread