-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, I concur with the Watchguard Rapid Response Team's findings, based upon my experience with Firebox-II installations. Each Firebox-II with SMS 3.3 (with and without SP1) that I have done has had ping Disabled on Inbound (denied/logged) and Enabled on Outbound (any-to-any) by default. While there may be a (somewhat subjective or contentious) issue about allowing everyone outbound pinging by default, it certainly didn't allow any ping traffic from the External to the Trusted networks unless I explictly allowed it. I can't speak for FB-10/-100 boxes or versions of SMS prior to 3.3, however. HTH and regards, - -- Matt Bruce <matt.bruceat_private> Internet & Security Engineer AlphaWest - http://www.alphawest.com.au/ >-----Original Message----- >From: Steve Fallin [mailto:steve.fallinat_private] >Sent: Tuesday, 14 September 1999 4:37 am > >The poster, Sr. Alfonso Lazaro stated that, by default, the >WatchGuard Firebox allowed ping traffic from any interface to >any interface... >In the absence of any further information from Sr. Lazaro, >we believe that his report of a vulnerability in Firebox >default configuration files is in error. -----BEGIN PGP SIGNATURE----- Version: PGP 6.0.2 Comment: Get my public key from ldap://certserver.pgp.com iQA/AwUBN96ukxmtSClHdI5CEQJOYACfT00ME4V+Mw/VfVTSt+PXqXHP5UUAoMVZ 6qsxAWTtzEh3dWWeNQYdn/0h =qJcF -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:03:56 PDT