Re: FW-1: Questions about DHCP and IPX

Darren Reed (darrenrreed.wattle.id.au)
Thu, 24 Sep 1998 19:43:44 +1000 (EST)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Ted Doty: "Re: Penetration testing via shrinkware"
• Previous message: Joseph S. D. Yao: "Re: Re[2]: Penetration testing via shrinkware"
• In reply to: Marcus J. Ranum: "Re: Re[2]: Penetration testing via shrinkware"
• Next in thread: Joseph S. D. Yao: "Re: FW-1: Questions about DHCP and IPX"
• Reply: Joseph S. D. Yao: "Re: FW-1: Questions about DHCP and IPX"

In some email I received from Marcus J. Ranum, sie wrote:
[...]
> There have been huge numbers of bogus rumors spread about
> FW-1, by unscrupulous vendors and self-aggrandizing consultants.
> Nobody has ever come forward with a shred of evidence to the
> effect that there is anything untoward in FW-1. 2 years ago
> I offered a bounty of $2,000 for *PROOF* that there is a
> deliberate trapdoor in FW-1 -- nobody has ever come forward
> (though Adam Shostack tried to argue that some of the features
> of their secure remote management are so clueless as to
> constitute a backdoor) :)

One might give cause to wonder at how strong the FWZ1 encryption
is (proprietry crpyto for export) and at some of the default
settings which are implied as necessary - especially where management
is not-local to the box.

Don't know about you, but that FW-1 is quite often installed with the
ability for anyone to connect to the FW-1 daemon is un-nerving to me.
If there were a backdoor, that would be the place to start looking...

Darren

• Next message: Ted Doty: "Re: Penetration testing via shrinkware"
• Previous message: Joseph S. D. Yao: "Re: Re[2]: Penetration testing via shrinkware"
• In reply to: Marcus J. Ranum: "Re: Re[2]: Penetration testing via shrinkware"
• Next in thread: Joseph S. D. Yao: "Re: FW-1: Questions about DHCP and IPX"
• Reply: Joseph S. D. Yao: "Re: FW-1: Questions about DHCP and IPX"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT