Bugtraq: Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)

From: Colin Campbell <sgcccdc () citec qld gov au>
Date: Fri, 1 Mar 2002 12:57:48 +1000 (EST)

Hi,

It is (or at least I thought it was) well known that an http-gw in both
Gauntlet and the fwtk should NEVER listen on the external address. On a
Gauntlet system use the bind-address directive to make sure it doesn't
listen. To be doubly sure set up the appropriate packet filters to stop
incoming connections. On a fwtk system I don't recall the bind-address
directive being present so I always used packet filters to block incoming
connections.

If you must "reverse proxy", use plug-gw. Better still put a proxy outside
the firewall and plug it through the firewall to the real server.

On Thu, 28 Feb 2002, Rashed Alabbar wrote:

Hi all,

    I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
4. These vulnerabilities were found in other firewalls, specifically
proxy firewalls, and I tried them on the Gauntlet, it worked.


Colin

By Date By Thread

Current thread:

NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Rashed Alabbar (Feb 28)
- Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Colin Campbell (Mar 01)