RE: [FW1] Security weakness, intrusion or simple feature? ;(

[Andrej Zimsek]

This is what checkpoint thinks about that problem

   This message can be safely ignored, as there have not been any reports of
this
   affecting the FireWall adversely. 

   The messages can be avoided on UNIX machines by setting the kernel
variable
   fw_modify_verify to 1 and rebooting. (Setting fw_modify_verify is done
   differently on different UNIX architectures

Message describes source IP, dest IP ..... in HEX

Hope that this helps

        Andrej

-----Original Message-----
From: Enrico Sorge [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 23, 2000 12:13 PM
To: [EMAIL PROTECTED]
Subject: [FW1] Security weakness, intrusion or simple feature? ;(



Hello,
I'm running VPN-1/FireWall-1 4.1-SP2 on Solaris,
on monday morning happen something strange:

--<begin fw1 syslog quote>------------------------------

Aug 21 03:44:04 unix: FW-1: Warning: modify for a new entry:
Aug 21 03:44:04 unix: <d468a088
Aug 21 03:44:04 unix: ,127e
Aug 21 03:44:04 unix: ,d468a109
Aug 21 03:44:04 unix: ,35
Aug 21 03:44:04 unix: ,11
Aug 21 03:44:04 unix: ;0
Aug 21 03:44:04 unix: ,4002
Aug 21 03:44:04 unix: ,2030300
Aug 21 03:44:04 unix: >  <0 : =0 19>

Aug 21 03:44:04 unix: FW-1: Warning: modify for a new entry:
Aug 21 03:44:04 unix:
Aug 21 03:44:04 unix: <d468a088
Aug 21 03:44:04 unix: ,127e
Aug 21 03:44:04 unix: ,d468a109
Aug 21 03:44:04 unix: ,0
Aug 21 03:44:04 unix: ,11
Aug 21 03:44:04 unix: ;0
Aug 21 03:44:04 unix: ,4002
Aug 21 03:44:04 unix: ,2030300
Aug 21 03:44:04 unix: >  <0 : =0 19>

Aug 21 04:03:43 unix: FW-1: Warning: modify for a new entry:
Aug 21 04:03:43 unix:
Aug 21 04:03:43 unix: <d468a088
Aug 21 04:03:43 unix: ,128b
Aug 21 04:03:43 unix: ,d468a109
Aug 21 04:03:43 unix: ,35
Aug 21 04:03:43 unix: ,11
Aug 21 04:03:43 unix: ;0
Aug 21 04:03:43 unix: ,4002
Aug 21 04:03:43 unix: ,2030300
Aug 21 04:03:43 unix: >  <0 : =0 19>

Aug 21 04:03:43 unix: FW-1: Warning: modify for a new entry:
Aug 21 04:03:43 unix:
Aug 21 04:03:43 unix: <d468a088
Aug 21 04:03:43 unix: ,128b
Aug 21 04:03:43 unix: ,d468a109
Aug 21 04:03:43 unix: ,0
Aug 21 04:03:43 unix: ,11
Aug 21 04:03:43 unix: ;0
Aug 21 04:03:43 unix: ,4002
Aug 21 04:03:43 unix: ,2030300
Aug 21 04:03:43 unix: >  <0 : =0 19>

--<end fw1 syslog quote>--------------------------------

Note that:
- There are no temporized rules
- Noone of the staff changed the rules

I'm asking if:
- Someone got the same trouble
- Which change happen in the firewall rules/settings

Cheers



----------------------------------------------------------------------------
----------------------------------------------------------
Enrico Sorge <[EMAIL PROTECTED]>
Network & System Administrator - security and firewall tester
NetBusiness S.p.A. - Divisione Tecnica
----------------------------------------------------------------------------
----------------------------------------------------------
KeyID: 0x81F35C95 Fingerprint: A338 C029 50DB 110B 1699  014E 971C 3169 81F3
5C95



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================