Re: NT DoS on FW-1

From: cbrenton (cbrentonat_private)
Date: Tue Feb 16 1999 - 14:15:14 PST

Next message: HWA Staff: "Canc0n99/2k"

Previous message: Georgi Guninski: "Netscape Communicator window spoofing bug"
Next in thread: Matt Hargett: "Re: NT DoS on FW-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 15 Feb 1999, Malikai wrote:

> This issue can be fixed by simply implementing a stealthing rule on the
> firewall itself. The problem is in NT's stack, not the FireWalls.

This will *not* fix the problem as any stealth rules are implemented after
the Properties settings. This means that all the FW-1 control ports (9 or
so), ICMP, DNS, etc. etc. are still left open.

Check out:
http://www.geek-speak.net/fw1/fw1_properties.html

You would need to nuke your properties settings before creating a stealth
rule to have it be effective.

Happy hunting,
Chris
--
**************************************
cbrentonat_private

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet

Next message: HWA Staff: "Canc0n99/2k"
Previous message: Georgi Guninski: "Netscape Communicator window spoofing bug"
Next in thread: Matt Hargett: "Re: NT DoS on FW-1"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:35:18 PDT