The original advisory (http://www.inside-security.de/advisories/fw1_rdp.html) says that a workaround is to "Deactivate implied rules in the Check Point policy editor (and build your own rules for management connections).". I've not been able to find any changes in the INSPECT code generated to confirm that not using the implied rules from "Policy/properties/Security policy/Implied rules/Accept VPN-1 & FireWall-1 Control Connection" Does deactiviating the implied rule stop the vulnerability? /Johan Lindqvist -- -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/E d+ s: a- C++(+++)$ ULOSI*++(++++)$ P+++$>++++$ L++ E>++$ W+(+++) N++ o? K-? w---(++)$ O? M-(+) V? PS++ PE-(--) Y++(+) PGP++ t++@ !5- !X- R tv b++ DI++++ D+ G++ e+++ h---- r+++ y++++ ------END GEEK CODE BLOCK------ _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
This archive was generated by hypermail 2b30 : Wed Jul 11 2001 - 07:50:26 PDT