|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Update: Extending the FTP "ALG" vulnerability to any FTP client
From: Paul Cardon (paul
MOQUIJO.COM)Date: Tue Mar 21 2000 - 10:00:18 CST
- Next message: jobsNETWORKCOMMAND.COM: "Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags"
- Previous message: Philippe Andersson: "Local root compromise in GNQS 3.50.6 and 3.50.7"
- In reply to: Lars.TroenMERKANTILDATA.NO: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP clie nt"
- Next in thread: Hugo.van.der.KooijCAIW.NL: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Reply: Paul Cardon: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Reply: Hugo.van.der.KooijCAIW.NL: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Lars.TroenMERKANTILDATA.NO wrote:
>
> With Firewall-1 all ports defined in the /etc/services file will be denied
> connections to during an ftp session. This is defined in the file base.def
> as follows:
> // ports which are dangerous to connect to
> #define NOTSERVER_TCP_PORT(p) {
> (not
> (
> ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0,
> set sr12 p, set sr1 0, log bad_conn)
Actually, the /etc/services file has nothing to do with it. All
services of type TCP _defined_within_FW-1_ are added to the tcp_services
table used in the macro listed above. A default FW-1 install will
include a certain number of these but the list changes with the addition
or removal of TCP service definitions in the rule base. The behavior of
the inspect code can also be modified to make it as strict or open as
desired.
-paul
- Next message: jobsNETWORKCOMMAND.COM: "Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags"
- Previous message: Philippe Andersson: "Local root compromise in GNQS 3.50.6 and 3.50.7"
- In reply to: Lars.TroenMERKANTILDATA.NO: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP clie nt"
- Next in thread: Hugo.van.der.KooijCAIW.NL: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Reply: Paul Cardon: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Reply: Hugo.van.der.KooijCAIW.NL: "Re: Update: Extending the FTP "ALG" vulnerability to any FTP client"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]