RE: [FW1] spoof tracking

Thomas . Poole Thu, 29 Jun 2000 12:14:40 -0700

Yes, based on your information, it sounds like your vendor either 
1) didn't know better
2) Kept getting drops on rule 0, and setting them to any made it work.
3) 1+2

You are currently wide open for IP address hi-jacking (spoofing)...

Thomas Poole

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 23, 2000 2:21 PM
To: Pasty Face Gangster
Cc: [EMAIL PROTECTED]
Subject: Re: [FW1] spoof tracking





Yes - this is the basis for a SYN attack - see the manual
 VPN-1/FireWall-1 Administration Guide July 1999  pg 596 'how it works'
Paul
----------------------------------------------------------------------------
----------------

C. Paul Simons
Corporate Network Services
IHS Energy Group, Englewood, CO.

Main: +1 303 736 3000
Direct: +1 303 736 3451
Fax: +1 303 736 3860
Mobile: +1 303 748 5242


|--------+---------------------------->
|        |          Pasty Face        |
|        |          Gangster          |
|        |          <pastyfaceganster@|
|        |          yahoo.com>        |
|        |                            |
|        |          23-06-00 11:46    |
|        |                            |
|--------+---------------------------->
  >------------------------------------------------------------------|
  |                                                                  |
  |       To:     Firewall List                                      |
  |       <[EMAIL PROTECTED]>                 |
  |       cc:     (bcc: Paul Simons/Den/US/IHSE)                     |
  |       Subject:     [FW1] spoof tracking                          |
  >------------------------------------------------------------------|






Our vendor just setup a FW 4.0Sp5 machine for us with
3 interfaces (dirty, dmz, clean) and they set spoof
tracking for all 3 to "ANY".

I would assume this is a bad way to go.  Could someone
please shed a little light on this and maybe suggest a
better way to go.

thanks

PFG

__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====






============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] spoof tracking

Reply via email to
