Having FTP issues with NG FP3, HF2, HFA_308
The two issues show up in the log as:
port command ended without newline
...tried to open a known service port
Because of this, many of our file transfers are failing.
I have found the solution. It involves changing the base.def. The first
error is a simple fix, I just need to change the line that looks for a new
line in the same packet as the port command. The second is also a simple
fix but it involves some risk. I will have to make the firewall accept ftp
file transfers on ports that I have already assigned. At the top of the
base.def, I will add
#define NO_SERVER_PORT_CHECK
The risk is that a hacker can now request a pre-defined port and get though
to other stuff in our network.
Here's my question to you:
What do you think the likelihood of someone exploiting this risk is?
If the risk is unacceptable, is there another solution?
Daniel Samaan
Technical Security Consultant
CCSP, CCSE, CCNA, CCA, MCSE+I
Cell: (847) 274-2034
dsamaan AT forsythe DOT com
---------------------------------------------------------------------
Forsythe Solutions
5440 W. Fargo Avenue
Skokie, IL 60077
www.forsythe.com
Delivering the Business Value of IT
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
