No,
it will not stop telnet. Only if you're using a resource it will stop
telnet.
Lars
> -----Original Message-----
> From: Simon Guo [mailto:[EMAIL PROTECTED]]
> Sent: 7. august 2000 14:37
> To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED];
> [EMAIL PROTECTED]
> Subject: RE: [FW1] stateful inspection and web vulnerabilities
>
>
> Lars,
>
> If we put URI in the file of "protocol type", will it stop
> the telent on por
> t80?
>
> Simon
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Saturday, August 05, 2000 7:11 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: Re: [FW1] stateful inspection and web vulnerabilities
>
>
>
> Michael,
> First of all fw-1 doesn't handle http statefully as http is
> not defined in a
> inspection script. http is defined as tcp port 80 as a URI
> service. This
> means that as long as you're not using http in conjunction
> with a resource
> it will allow *any* trafic to your host on port 80, http or
> not http. Using
> a http along with a resource invoces fw1's (transparant) http
> proxy which
> will verify that it's http that travels over the port (fw1
> will otherwise
> send an http error message). Even if this will not stop all
> attacks on port
> 80, it will stop an intruder which succedes to install a
> trojan (like a
> telnet server (netcat -l)) on port 80 on your web server
> which is invoked
> based on source addresses. This will not stop attacks which
> only the http
> protocol, such as cgi scripts which gives the attacker access
> to any file on
> the system through http.
>
> Any host that accepts external connections, even if they are
> through the
> "safest" firewall should not be considered as safe. Such
> hosts should be
> placed in DMZ and you should pay close attention to security
> bulletins from
> the vendor(s) of the installed programs on the externally
> available host.
>
> You should also consider installing IDS software which will give you
> information on attackers trying to utilize attacks over http and other
> protocols.
>
> Lars
>
> -----Opprinnelig melding-----
> Fra: Michael B. Rash [mailto:[EMAIL PROTECTED]]
> Sendt: 5. august 2000 05:19
> Til: FW1 mailinglist
> Emne: [FW1] stateful inspection and web vulnerabilities
>
>
>
>
> Suppose that I have a webserver on my internal network that
> is protected
> by CP FW-1, and I allow the internet to see it over port 80. Also,
> suppose that my webserver has a well known root-level
> vulnerability that
> is exploitable remotely via port 80, say Apache with a poorly
> configured
> cgi script.
>
> FW-1 boasts application layer security via stateful
> inspection, but should
> I expect that my webserver is safe? Are their any documents
> that describe
> in detail what application layer attacks are stopped by FW-1?
>
> I would expect that the webserver would still be vulnerable,
> and the only
> way the firewall could stop an exploit against the
> vulnerability would be
> for me to get my hands dirty with INSPECT code. In this
> case, how would
> FW-1 be acting as anything more than a dynamic packet filter?
>
> (Of course I should not be running such a vulnerable webserver in the
> first place, but for this discussion I am not interested in host-based
> security... just in FW-1).
>
> Thanks,
>
> --Mike
>
> Michael B. Rash
> http://www.math.umd.edu/~mbr
>
>
>
> ==============================================================
> ==============
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==============
> ====
>
>
> ==============================================================
> ==============
> ====
> To unsubscribe from this mailing list, please see the
> instructions at
> http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==============
> ====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
