Re: Check Point response to RDP Bypass

From: Hugo van der Kooij (hvdkooijat_private)
Date: Wed Jul 11 2001 - 23:42:15 PDT

Next message: Martin Macok: "Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"

Previous message: qDefense Advisories: "Multiple CGI Flat File Database Manipulation Vulnerability - qDefense Advisory Number QDAV-2001-7-1"
In reply to: Johan Lindqvist: "Re: Check Point response to RDP Bypass"
Next in thread: Clarke, Paul [IT]: "RE: Check Point response to RDP Bypass"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 11 Jul 2001, Johan Lindqvist wrote:

> The original advisory
> (http://www.inside-security.de/advisories/fw1_rdp.html) says that a
> workaround is to "Deactivate implied rules in the Check Point policy editor
> (and build your own rules for management connections).". I've not been able
> to find any changes in the INSPECT code generated to confirm that not using
> the implied rules from "Policy/properties/Security policy/Implied
> rules/Accept VPN-1 & FireWall-1 Control Connection"

If you run nmap against FW-1 you will notice different behaviour.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooijat_private		http://hvdkooij.xs4all.nl/
	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.

Next message: Martin Macok: "Re: [COVERT-2001-04] Vulnerability in Oracle 8i TNS Listener"
Previous message: qDefense Advisories: "Multiple CGI Flat File Database Manipulation Vulnerability - qDefense Advisory Number QDAV-2001-7-1"
In reply to: Johan Lindqvist: "Re: Check Point response to RDP Bypass"
Next in thread: Clarke, Paul [IT]: "RE: Check Point response to RDP Bypass"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jul 12 2001 - 00:18:35 PDT