-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I concur with the Watchguard Rapid Response Team's findings, based
upon my experience with Firebox-II installations.
Each Firebox-II with SMS 3.3 (with and without SP1) that I have done
has had ping Disabled on Inbound (denied/logged) and Enabled on
Outbound (any-to-any) by default. While there may be a (somewhat
subjective or contentious) issue about allowing everyone outbound
pinging by default, it certainly didn't allow any ping traffic from
the External to the Trusted networks unless I explictly allowed it.
I can't speak for FB-10/-100 boxes or versions of SMS prior to 3.3,
however.
HTH and regards,
- --
Matt Bruce <[EMAIL PROTECTED]>
Internet & Security Engineer
AlphaWest - http://www.alphawest.com.au/
>-----Original Message-----
>From: Steve Fallin [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, 14 September 1999 4:37 am
>
>The poster, Sr. Alfonso Lazaro stated that, by default, the
>WatchGuard Firebox allowed ping traffic from any interface to
>any interface...
>In the absence of any further information from Sr. Lazaro,
>we believe that his report of a vulnerability in Firebox
>default configuration files is in error.
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2
Comment: Get my public key from ldap://certserver.pgp.com
iQA/AwUBN96ukxmtSClHdI5CEQJOYACfT00ME4V+Mw/VfVTSt+PXqXHP5UUAoMVZ
6qsxAWTtzEh3dWWeNQYdn/0h
=qJcF
-----END PGP SIGNATURE-----
