-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On September 4th, a message was posted to Bugtraq describing a
potential problem with the WatchGuard Firebox default configuration
file. The poster, Sr. Alfonso Lazaro stated that, by default, the
WatchGuard Firebox allowed ping traffic from any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Saturday, September 4, a description of a potential problem with
the WatchGuard Firebox default configuration file was posted to
Bugtraq. At WatchGuard we take this sort of issue very seriously.
When we saw the post, we initiated contact with the
It's always a good idea to disable pings from the outside to your internal
network. I don't mean to discourage anyone from doing so, but...
# route add -net 192.168.0.0 netmask 255.255.255.0 gw 100.100.100.100
This only works if you are on the 100.100.100 network, i.e. one hop way. Won't
Alfonso Lazaro wrote:
I have found a misconfiguration in the default configuration
of Watchguard Firewall.
By default it appends a rule that it accepts pings from any to any.
So if our firebox is defending our internal network
( 192.168.x.x ... ) and our WG Firewall is a proxie with an
