Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Firewall-1 Security Advisory
From: jhorn1 () STARFIRE CI TUCSON AZ US (John Horn)
Date: Wed, 28 Oct 1998 08:03:59 -0700

I took the Firewall-1 course and this was most definitely not covered.
As it happens, we filter bi-directionally and do not appear to be
affected by this but it is nice to know.

On Tue, 27 Oct 1998, Mnemonix wrote:

From: Paul Sears <Paul_Sears () NACM COM>
Subject: Re: Firewall-1 Security Advisory
Date: Monday, October 26, 1998 8:58 PM

Diligence Risks wrote:

Diligence Security Advisory

Issue: Checkpoint's Firewall-1 has a "feature" that can allow an
intruder to pass through the firewall and attack machines, unihibited,
the protected side.


This is documented in the administration guide and CCSE training
classes also cover these.

According to Check Point sources this is undocumented. Having also read
through the CCSE manuals the only thing close to a caveat I can find is the
(CCSA manual- Page 5-49 - Configuring Control Properties)

Begin Quote

Currently, the most common errors during implementation of Firewall-1 are
made in the Control Properties. The reason for these errors are:

1) Misunderstanding the importance of direction when packets are inspected,
2) Misunderstanding of how the Control Properties and the Rule Base
Matching Order work together.

End Quote

So the closest thing to a warning, comes not in the manuals that come with
the software - but you have to pay to go on a course for this info. I may
be wrong about this - if you know of any other place where this is
documented please let me know.

David Litchfield
Information Security Specialist


John Horn
Unix Systems Administrator
City of Tucson, Tucson Arizona
jhorn1 () starfire ci tucson az us

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]