Section: .. / UNIX / firewall / firewall-1 /
| /// File Name: |
blackhat-fw1.tgz |
Description:
|
A Stateful Inspection of FireWall-1 - In this advisory we summarize our findings from BlackHat 2000 on Checkpoint Firewall-1. It is susceptible to several trivial attacks against its inter-module authentication protocols, IP address verification has flaws, FWN1 and FWA1 is vulnerable to a replay attack, Fastmode vulnerabilities, FWZ Encapsulation vulnerabilities, and Stateful Inspection problems, and much more. Included in the tarball is the presentation in two formats, the technical documentation for the vulnerabilities, and the source code used in the demonstation.
| | Author: | Thomas Lopatic, John McDonald, and Dug Song. ;Homepage: http://www.dataprotect.com/bh2000/. | | File Size: | 849942 | | Last Modified: | Sep 1 19:38:12 2000 |
| MD5 Checksum: | 91477466f1f877e3f89271565b27a371 |
|
| /// File Name: |
pmfirewall-1.1.4.tar.gz |
Description:
|
PMFirewall is an Ipchains Firewall and Masquerading Configuration Utility for Linux. It is designed to allow a beginner to build a custom firewall with little or no ipchains experience. This firewall should work for most Workstations, Servers, and Dual NIC routers using either a dialup or LAN setup. It is restrictive to outside attacks while still being as transparent as possible to those inside.
| | Author: | Rick Johnson | | Homepage: | http://www.pointman.org/ | | Changes: | The ability to specify IP ranges for ports, rules file loading reorganizations, generated rules are added to rules.local instead of rules.2, a man page, chkconfig commands for RedHat-based systems, the ability to turn off IP autodetection and specify your own IP. | | File Size: | 49359 | | Last Modified: | Mar 29 00:40:13 2000 |
| MD5 Checksum: | 33ec706931e9826fe6eba5274a3bfb66 |
|
| /// File Name: |
winsd.021600.txt |
Description:
|
Windows Security Digest - Contains Something Old, Something New: DNS Hijacking, Timbuktu Pro Denial of Service, SNMP Trap Watcher Denial of Service, Internet Anywhere DoS, Firewall-1 Allows Unauthorized TCP Connections, MySQL Allows Password Bypass, Novell GroupWise DoS, poll: What Will the Recent DDoS Attacks Lead to?, RSA Security Site Ransacked, Microsoft Outlines New Windows 2000 Security Strategy, and Why Deny Read Access To Executable Content?
| | Homepage: | http://www.ntsecurity.net | | File Size: | 26562 | | Last Modified: | Feb 17 00:22:56 2000 |
| MD5 Checksum: | 559f65f4bc633c770a2b33417924ecba |
|
| /// File Name: |
nt.security.update.020200.txt |
Description:
|
Windows/NT Security Update - Information on Outlook Express Object Access, Firewall-1 Allows Script Rule Circumvention, and Index Server Exposes File System. Also includes News: Visa Admits Its Sites Were Hacked, News: Security Holes Bite Online Bank, Kerberos 5 in Windows 2000, and Creating a Special TSE Logon Script. NTsecurity homepage here.
| | File Size: | 21756 | | Last Modified: | Feb 3 02:39:45 2000 |
| MD5 Checksum: | 94c7c0ea6bfaf970d02c25b086a19355 |
|
| /// File Name: |
alert_1.3.tar |
Description:
|
IDS Alert Script (ver 1.3) for Checkpoint Firewall-1 (Unix only). Build Intrustion Detection into your firewall. Features include: Automated alerting, logging, and archiving, Automated blocking of attacking source, Automated identification and email remote site, and Installation and test script. Ver 1.3 Optimized for performance, over 50% speed increase. Documentation here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/ | | File Size: | 18432 | | Last Modified: | Nov 29 20:22:24 1999 |
| MD5 Checksum: | 59ead035a2a3d0d0079ebc74ec132664 |
|
| /// File Name: |
fwlogsum-0.2.tar.gz |
Description:
|
fwlogsum summarizes and maintains a set of HTML reports, based on user-specified reports and Checkpoint FW-1 log entries. A few default reports are included, but users are invited to customize and create their own.
| | Author: | Rui Bernardino | | Homepage: | http://fwlogsum.sourceforge.net/ | | File Size: | 15553 | | Last Modified: | Jun 6 23:36:17 2000 |
| MD5 Checksum: | 4f02cccf167e7bc156e08358def29bfb |
|
| /// File Name: |
fwsa.sh |
Description:
|
Fwsa.sh is a tool to penetration test Checkpoint Firewall-1 remotely which implements the recently published holes in session authentication. It attempts to recover user passwords, execute dos attacks, and brute force the firewall managment password.
| | Homepage: | http://c3rb3r[at]hotmail.com | | File Size: | 12582 | | Last Modified: | Oct 7 07:33:37 2000 |
| MD5 Checksum: | 090d009a4a1ab2f02e4c96beffe6c77a |
|
| /// File Name: |
ipchains-firewall-1.7.0.tar.gz |
Description:
|
ipchains-firewall is an easily-configurable shell script to establish masquerading and firewalling rules using ipchains. The package contains a script to establish firewalling for a single machine connected to the network without masquerading, a script to establish firewalling for a system acting as a router routing to non-private IP space, a script to establish firewalling and masquerading for a system acting as a router routing to private IP address space, and one to establish firewalling and masquerading for a system acting as a router, routing to multiple RFC1918 subnets over multiple interfaces. The distribution also includes a copy of midentd v1.6, to enable identd over the masqueraded network.
| | Author: | Ian Hall-Beyer | | Homepage: | http://ipchains.nerdherd.net/ | | Changes: | Single script operation. Detects network environment and runs out of the box. | | File Size: | 10433 | | Last Modified: | Mar 8 12:01:09 2000 |
| MD5 Checksum: | 988e1abe16a5a80edbbd882a759a3f54 |
|
| /// File Name: |
fw-1.lpsnoop.tar |
Description:
|
Remotely verify logins and passwords on Win95/NT running FireWall-1 Session Authentication Agent.
| | File Size: | 10240 | | Last Modified: | Aug 17 02:01:29 1999 |
| MD5 Checksum: | 569ae06b89e7b274f479a620784ec944 |
|
| /// File Name: |
SNI-21.Firewall-1.advisory |
Description:
|
Sorry, a description is unavailable.
| | File Size: | 9391 | | Last Modified: | Sep 23 05:28:42 1999 |
| MD5 Checksum: | b660ec122f0cb43f9258f580186363ea |
|
| /// File Name: |
fw1-ftp.txt |
Description:
|
FireWall-1 FTP Server Vulnerability Background Paper #1 - The basic idea of the described attack is to subvert the security policy implemented by a stateful firewall. This is done by triggering the generation of a TCP packet that, when inspected by the firewall, will change the firewall's internal state such that an attacker is able to establish a TCP connection to a filtered port through the firewall. This packet is the server response to a PASV user request during a FTP session.
| | Author: | John McDonald courtesy of Bugtraq | | File Size: | 6405 | | Last Modified: | Feb 11 03:28:46 2000 |
| MD5 Checksum: | a8d493b17ce8606a791c99d645e08192 |
|
| /// File Name: |
fwtable.pl |
Description:
|
fwtable.pl (ver 1.0), used to convert your Checkpoint Firewall-1 connections table into human readable form. Documentation here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/ | | File Size: | 5396 | | Last Modified: | Nov 29 20:48:18 1999 |
| MD5 Checksum: | 32f14ce007e26fe83b60192c13591d08 |
|
| /// File Name: |
cpd.c |
Description:
|
CheckPoint IP firewall crashes when it detects packets coming from a different MAC with the same IP address as itself. We simply send a few spoofed UDP packets to it.
| | Author: | Antipent | | File Size: | 4567 | | Last Modified: | Jul 1 23:43:17 2000 |
| MD5 Checksum: | 43e50de928baed23be3b74113f73d89c |
|
| /// File Name: |
firewall-1.fragment.txt |
Description:
|
DoS attack for all platforms of Checkpoint Firewall-1 has been identified. Large numbers of fragmented packets cause the CPU to hit 100% utilization, and the system locks up. Some systems may also crash, depending on OS type. The rulebase can not be used to block the attack, and nothing is logged. More information on Firewall-1's state table available here.
| | Author: | Lance Spitzner | | Homepage: | http://www.enteract.com/~lspitz/papers.html | | File Size: | 3808 | | Last Modified: | Jun 7 03:09:07 2000 |
| MD5 Checksum: | 1a029dc5aa8df36b4c918d235b1af42b |
|
| /// File Name: |
checkpoint.ldap.txt |
Description:
|
With FireWall-1 Version 4.0 Checkpoint introduced support for the Lightweight Directory Access Protocol (LDAP) for user authentication. It looks like there's a bug in Checkpoint's ldap code which under certain circumstances can lead to unauthorized access to protected systems behind the firewall.
| | Author: | Olaf Selke. | | File Size: | 3416 | | Last Modified: | Oct 21 00:51:39 1999 |
| MD5 Checksum: | c7df1ab4a7d569d8a74e4c5be325ea2d |
|
| /// File Name: |
fw-1.lpsnoop.pl |
Description:
|
Remotely verify logins and passwords on Win95/NT running FireWall-1 Session Authentication Agent.
| | File Size: | 3342 | | Last Modified: | Aug 17 02:01:29 1999 |
| MD5 Checksum: | 3f2a3b6e3b7cdf8106a33c24286c43b0 |
|
| /// File Name: |
fw1-pasv.txt |
Description:
|
It is possible to cause certain firewalls to open up any TCP port of your choice against FTP servers that are "protected" by those firewalls. This is done by fooling the FTP server into echoing "227 PASV" commands out through the firewall. Firewall-1 v3 and v4 are known to be affected.
| | Author: | Mikael Olsson courtesy of Bugtraq | | Homepage: | http://www.enternet.se | | File Size: | 2291 | | Last Modified: | Feb 11 03:16:32 2000 |
| MD5 Checksum: | 8bd5f4659626ab53993583a5a59ab693 |
|
| /// File Name: |
winsd.021100.txt |
Description:
|
Windows Security Digest update - Four new risks were discovered: A DoS condition within BTT Software's SNMP Trap Watcher, two DoS conditions within True North Software's Internet Anywhere mail server, a means to open unauthorized TCP ports on Checkpoint's Firewall-1, and a means to bypass complete password authentication on MySQL.
| | Homepage: | http://www.ntsecurity.net | | File Size: | 2033 | | Last Modified: | Feb 11 23:15:18 2000 |
| MD5 Checksum: | b03071946d43b4fd13f00faaeebb32e7 |
|
| /// File Name: |
SX-20000620-3 |
Description:
|
SecureXpert Labs Advisory [SX-20000620-3] - Partial Denial of Service in Check Point Firewall-1 on Windows NT. The SMTP Security Server component of Check Point Firewall-1 4.0 and 4.1 is vulnerable to a simple network-based attack which raises the firewall load to 100%.
| | Homepage: | http://www.securexpert.com | | File Size: | 1872 | | Last Modified: | Jul 7 07:16:32 2000 |
| MD5 Checksum: | 59e2811f96884aaade157b2ac4d843dd |
|
| /// File Name: |
checkpoint-fw1.vuln.txt |
Description:
|
Outlines two basic vulnerabilities in Checkpoint's Firewall-1. The first is an authentication problem which allows easy brute force attacks; the second allows you to use the first to remotely administer someone else's firewall without their knowledge.
| | File Size: | 1543 | | Last Modified: | Jan 22 02:38:13 2000 |
| MD5 Checksum: | ef4b864d75f737367aba73985af7b25d |
|
| /// File Name: |
fw1_script.tags.txt |
Description:
|
The "Strip Script Tags" feature in Firewall-1 can be circumvented by adding an extra less than sign before the SCRIPT tag. The code will still execute in both Navigator and Explorer.
| | Author: | Arne Vidstrom courtesy of Bugtraq | | Homepage: | http://ntsecurity.nu | | File Size: | 495 | | Last Modified: | Feb 1 03:43:24 2000 |
| MD5 Checksum: | f6ba91a8013bd49f0441d329466bf7ce |
|
|
|
|
|
![.:[ packet storm ]:.](/images/ps-ani.gif)
