[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] [fw-1] Instant Messenger bypass FW-1
> All stateful firewalls and packet filtering devices will be vulnerable to > this type of behavior because they use information contained in the network > (ip addresses) and transport (tcp/udp/etc) to determine whether or not > information should go through the firewall. Any malicious or "slippery" > software will easily bypass a firewall in the outbound direction. Only if your policy allows all outbound traffic, which it should not. (I do this all the time anyway... just pointing out best practices) > In some cases, inbound traffic is subject to this as well. For > instance, one piece of software used IMCP echo replies to communicate > with "controlled" machines. There is almost no reason to allow internal machines to ping out to the Internet in the first place. Block ICMP both ways and this is not a problem. Allow echo replies to a single trusted system that you control and can use for network testing. -Don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|