Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131)
From: Colin Campbell <sgcccdc () citec qld gov au>
Date: Fri, 1 Mar 2002 12:57:48 +1000 (EST)

Hi,

It is (or at least I thought it was) well known that an http-gw in both
Gauntlet and the fwtk should NEVER listen on the external address. On a
Gauntlet system use the bind-address directive to make sure it doesn't
listen. To be doubly sure set up the appropriate packet filters to stop
incoming connections. On a fwtk system I don't recall the bind-address
directive being present so I always used packet filters to block incoming
connections.

If you must "reverse proxy", use plug-gw. Better still put a proxy outside
the firewall and plug it through the firewall to the real server.

On Thu, 28 Feb 2002, Rashed Alabbar wrote:

Hi all,

    I found some vulnerabilities on the NAI Gauntlet Firewall 5.5 on NT
4. These vulnerabilities were found in other firewalls, specifically
proxy firewalls, and I tried them on the Gauntlet, it worked.


Colin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault