NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] [fw-1] Instant Messenger bypass FW-1



> All stateful firewalls and packet filtering devices will be vulnerable to
> this type of behavior because they use information contained in the network
> (ip addresses) and transport (tcp/udp/etc) to determine whether or not
> information should go through the firewall.  Any malicious or "slippery"
> software will easily bypass a firewall in the outbound direction.
Only if your policy allows all outbound traffic, which it should not.
(I do this all the time anyway... just pointing out best practices)

> In  some cases, inbound traffic is subject to this as well.  For
> instance, one piece of software used IMCP echo replies to communicate
> with "controlled" machines.
There is almost no reason to allow internal machines to ping out to the
Internet in the first place. Block ICMP both ways and this is not a
problem. Allow echo replies to a single trusted system that you control
and can use for network testing.

-Don

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.