I'm out of the office from May 15 - 24, on vacation in Alaska. If you must get a hold
of me, try my cel at 801-368-0486 well see if it works in the bush:)
>>> "[EMAIL PROTECTED]" 05/28/00 02:00 >>>
Firewalls-Digest Sunday, May 28 2000 Volume 08 : Number 1005
In this issue:
Re: Gauntlet Exploit
[none]
Re:
OS response to probes
Re: Gauntlet Exploit
See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.
----------------------------------------------------------------------
Date: Sat, 27 May 2000 15:17:47 +0200
From: Mikael Olsson <[EMAIL PROTECTED]>
Subject: Re: Gauntlet Exploit
Ron DuFresne wrote:
>
> You, perhaps, maybe over reacting to thge stress of so much hitting you
> all at once. If I recall the advisory, this was not something known and
> in the wild, it was discovered by a consultant doing a security auditd,
> was it not? Or am *I* confusing issues?
This was publicly announced by a security consultant, yes.
However, blackhats are not in the habit of publicly announcing
their favourite back doors into other people's systems.
If it has been known to the Bad Guys(tm), or for how long,
we'll never know. As usual.
- --
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 27 May 2000 16:45:44 +0300
From: Abdul Rasheed Tamton <[EMAIL PROTECTED]>
Subject: [none]
ANOTHER BRICK IN THE WALL -- A Lucent virtual private
network (VPN) firewall has become one of the first firewalls
to be certified under the U.S. Government Traffic Filter
Firewall Protection Profile. The VPN Firewall Brick
Model 201 has been certified by a third-party National
Security Agency (NSA) lab, meaning the product can be used
by government agencies and departments to build highly
reliable networks that meet stringent security requirements.
It is the second significant certification the VPN Firewall
Brick has received in the recent months. In March, it became
one of the first firewalls to be certified by ICSA.net, an
Internet security testing and certification company.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 27 May 2000 15:50:00 +0200
From: Mikael Olsson <[EMAIL PROTECTED]>
Subject: Re:
Abdul Rasheed Tamton wrote:
>
> ANOTHER BRICK IN THE WALL
> [snip]
> VPN Firewall Brick Model 201
> [snip]
> In March, it became
> one of the first firewalls to be certified by ICSA.net, an
> Internet security testing and certification company.
1. I think this post was highly inappropriate. You're marketing
your own product for no other purpose than your own gain, with
not as much as a disclaimer that you work for Lucent.
This is in violation of the list charter.
2. Please clarify what you mean by "the first to be certified by
ICSA.net". The ICSA firewall cert has been around for quite
a lot longer than March 2000, as has its IPsec certification.
- --
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 27 May 2000 11:21:00 -0700
From: Russell Ross <[EMAIL PROTECTED]>
Subject: OS response to probes
I apologize if this is a bit off topic, but is it possible to stop OS's (NT
& Solaris) from responding to probes (ISS and Nmap) with their version and
patch level?
Thanks,
RR
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 27 May 2000 15:22:52 -0500 (CDT)
From: Ron DuFresne <[EMAIL PROTECTED]>
Subject: Re: Gauntlet Exploit
Mikael,
Point taken, and I accept this with all that it then implies; that all
Gauntlet implementations have to then be considered compromised and closed
to be reinstalled from scratch with the new patches. Also further
requiring a total audit of all connected network/server/hosts.
And so then also owe an apology to all those such as gramble, who have
suffered under the hotseat of the current wave of exploits to some of the
more trusted and established firewalling systems they have been managing.
with the heavy workload that has been cast upon them.
Thanks,
Ron DuFresne
On Sat, 27 May 2000, Mikael Olsson wrote:
>
>
> Ron DuFresne wrote:
> >
> > You, perhaps, maybe over reacting to thge stress of so much hitting you
> > all at once. If I recall the advisory, this was not something known and
> > in the wild, it was discovered by a consultant doing a security auditd,
> > was it not? Or am *I* confusing issues?
>
> This was publicly announced by a security consultant, yes.
> However, blackhats are not in the habit of publicly announcing
> their favourite back doors into other people's systems.
>
> If it has been known to the Bad Guys(tm), or for how long,
> we'll never know. As usual.
>
> --
> Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 �RNSK�LDSVIK
> Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
> Mobile: +46-(0)70-66 77 636
> WWW: http://www.enternet.se E-mail: [EMAIL PROTECTED]
>
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation." -- Johnny Hart
***testing, only testing, and damn good at it too!***
OK, so you're a Ph.D. Just don't touch anything.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
End of Firewalls-Digest V8 #1005
********************************
To unsubscribe from Firewalls-Digest, send the following command
in the body of a message to "[EMAIL PROTECTED]":
unsubscribe firewalls-digest
If you want to subscribe or unsubscribe an address other than the
account the mail is coming from, such as a local redistribution list,
then append that address to the command; for example, to subscribe
"local-firewalls":
subscribe firewalls-digest [EMAIL PROTECTED]
A non-digest (direct mail) version of this list is also available; to
subscribe to that instead, replace all instances of "firewalls-digest"
in the commands above with "firewalls".
Compressed back issues are available for anonymous FTP from
Lists.GNAC.NET, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
is the volume number, and "MMM" is the issue number).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
