At 05:45 PM 12/14/99 -0600, william.wells wrote:
>1. modify Gauntlet to use the ftp-data port. We are reluctant to do so since
>some of the more recent RFCs indicate that floating the port is generally
>more secure although this works.
That's the only easy solution; in fact, all that this requires is a
configuration change. ('ftp-gw: data-port 20' or something like that.) It
is arguably less secure, but there's nothing much you can do about it.
>2. modify Checkpoint to allow the port to float. This has caused other
>FTP-related problems.
Not easily done as far as I can tell - you would need to write a new
INSPECT script for FTP to make this work. I don't know if anyone has
managed to get this to work. (Checkpoint's response to this problem is that
the ftp-gw is violating the RFC, thus it's a non-problem as far as they're
concerned.)
-Rick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
