mailing list archives
Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)
From: Colin Campbell <sgcccdc () citec qld gov au>
Date: Fri, 1 Mar 2002 12:57:48 +1000 (EST)
It is (or at least I thought it was) well known that an http-gw in both
Gauntlet and the fwtk should NEVER listen on the external address. On a
Gauntlet system use the bind-address directive to make sure it doesn't
listen. To be doubly sure set up the appropriate packet filters to stop
incoming connections. On a fwtk system I don't recall the bind-address
directive being present so I always used packet filters to block incoming
If you must "reverse proxy", use plug-gw. Better still put a proxy outside
the firewall and plug it through the firewall to the real server.
On Thu, 28 Feb 2002, Rashed Alabbar wrote:
I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
4. These vulnerabilities were found in other firewalls, specifically
proxy firewalls, and I tried them on the Gauntlet, it worked.