Re: Ports 256,257,258 open on FW-1

[Chris Brenton <cbrenton () sover net>]

Dave Whitlow wrote:
> And whilst you're doing this I suggest you check out the other bad
> defaults in policy/properties.  Chances are you're allowing icmp, dns (udp
> & zone), rip and other things through.  You may even be offering your snmp
> info (either NT or FW-1 mib).
>
> As someone else noted, about 9/10 FW-1 installations look like this.  I
> always advise you switch off all these defaults and then add rules to
> allow the things you *really* need.

I agree completely. In fact, I posted a write up about this to the FW-1
mailing list a few months ago that outlines the problem including screen
captures and log file entries. I also describe exactly what you need to
change in order to lock down the policy rules.

If anyone is interested in this write up, please drop me mail. I would
post it to the list but it includes about 40K worth of graphic screen
captures.

Cheers,
Chris
-- 
**************************************
cbrenton () sover net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529
* Mastering Network Security
http://www.amazon.com/exec/obidos/ISBN%3D0782123430/002-0346046-8151850