At 02:29 PM 11/28/00 -0500, Marcus J. Ranum wrote:
>Basically, here's what I've managed to find out: An early version
>of FW-1 was examined by people from X group at NSA. They wrote
>a classified technical report and one of the things in it was
>an observation that allegedly some of the files in FW-1 contained
>hardcoded IP addresses of machines in Israel. The modules in
>question were apparently the SNMP trap generation code, which
>was based on the CMU SNMP library - which, I believe, used to
Checkpoint had a report done by CSC for them to address these exact
issues. You might be able to see a copy from Checkpoint under some
set of conditions (asking, non-disclosure, begging, ...).
This thread belongs in: http://www.urbanlegends.com/
and resurfaces with regularity like most urban legends.
Marcus' comments about sleazy marketing sum up the origin, IMHO.
Consider also: http://www.checkpoint.com/press/1999/nsa101999.html
Believe it or not.
If you are in a position where you can not afford the level of trust
you would get from a binary version of Checkpoint:
1. pay them for the source or right to examine it
2. write your own software
Allen Leibowitz <[EMAIL PROTECTED]> http://www.anzen.com
Anzen Computing, Inc. 514 E. Washington Ann Arbor, MI 48104
+1.734.669.0800 Voice +1.734.669.0404 FAX
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
