mailing list archives
Re: Firewall-1 Security Advisory
From: simon_finn () AMP COM AU (Simon Finn)
Date: Thu, 29 Oct 1998 11:28:50 -0000
And what about the default of the ports 256, 257, 258 and 259 appearing on
every interface? A little concerning, since they are not listed in the
table of ports in the main manual. Even more concerning when I'm told
they are for secure remote support, logging and configuration control!
This obscurity makes one rather nervous.
This was addressed a while ago in the only other security bulletin I have
seen for Firewall 1 in over a year (the latest being along the same lines
except for DNS). The default is to allow Firewall Control Connections -
First. This being snmp has obvious implications. The ports it uses are
defined in the services objects. If you have trouble understanding the was
the First/Before Last/Last options it actually explains it in the under
"Enable ICMP" in the "Security Policy" section.
Basically as a rule put everything as "Last" in the security policy tab,
that way everything is either logged, explicitly allowed/dropped or
explicity not logged.
I personally dont think the "default" settings to be a bug. The default
settings has no policy. The policy is what you build.
- rootshell hacked via ssh-1.2.26, (continued)