Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Re: FW-1: Questions about DHCP and IPX

Re: FW-1: Questions about DHCP and IPX

Henry Hertz Hobbit (hhhobbiticarus.weber.edu)
Wed, 23 Sep 1998 19:02:17 -0600 (MDT)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Stephen P. Berry: "Re: Penetration testing via shrinkware"
Previous message: Ryan Russell: "Re: Transparent vs. Non-transparent AGs/SPFs/whatever"
Maybe in reply to: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
Next in thread: Kevin Steves: "Re: FW-1: Questions about DHCP and IPX"

On Tue, 22 Sep 1998, Marcus J. Ranum wrote:

> Jason L. Snowden wrote:
> >P.S. I don't know if this affects you or not, but FW1 has quite a bit of
> >Iraqi-written code in it, and the source code for it was recently published in
> >the Gov't/Mil circles, so exploits will be soon to follow surely. It has been
> >banned for use by Government installations for these reasons. They seem to
> >have a problem with a firewall which was written by a nation hostile to the
> >United States. No clue why. ;)
>
> Uh, Jason, I feel obligated to challenge you to substantiate
> this rather grandiose claim.
>

>
> Further, you assert that it's been banned for use at Gov't
> installations -- WOW that's big news. As someone still involved
> in companies that do firewalls, I expect I'd have heard such
> huge news. Can you substantiate it? Can you point to a SINGLE
> PLACE where such a policy has been issued?? As soon as you do,
> we'll all run out and short CHKPF. But not until you can offer
> a shred of proof.
>

I know of two major government institutions using FW1, one of
which recently switched to it from Gauntlet. No, I can't tell
you how I found out, or even who they are. From the last thing
I heard they have no intention of changing.

> Lastly, Israel, the nation in which Checkpoint's product was
> written, is not (to my knowledge) overtly hostile to the
> United States. Or are you seriously hooked into some privy
> diplomatic channels, as well??
>

Overtly hostile, no. But tacitly not *always* in accord with what
the United States wants, yes. As for Mossad, the fact that they have
a serious problem with human rights abuses, who can tell what they
are up to? I have a feeling that even the Israeli government doesn't
know what they are doing 90% of the time, just like our government
doesn't know what the FBI or CIA are doing most of the time.

As to the source code being available to certain sources in this
country, it stands to reason that it would be available to some
government site if they are using it. Any major user of a product
can frequently ask for and get this, not just the government. If
one vendor doesn't give it to them, they will go some place else
where they will get it.

HHH

Next message: Stephen P. Berry: "Re: Penetration testing via shrinkware"
Previous message: Ryan Russell: "Re: Transparent vs. Non-transparent AGs/SPFs/whatever"
Maybe in reply to: Ryan Russell: "Transparent vs. Non-transparent AGs/SPFs/whatever"
Next in thread: Kevin Steves: "Re: FW-1: Questions about DHCP and IPX"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT