Maybe you'd get more informative and less 'get a clue!' answers if you
rephrased and explained your question a little.
For one, what in the world is a firewall script?
I'd guess it's firewall rules you're talking about.
Second, in what scenario?
Corporate firewall, SME, personal, school?
Without knowing that the only answers you can get is that
'pass all' is bad, so is 'block all'.
// hdw
Bernardo Martín wrote:
Anybody have more information about bad example firewall script??
-----Mensaje original-----
De: Bernardo Martín [mailto:bmartin@desic-sl.com]
Enviado el: lunes, 29 de agosto de 2005 14:01
Para: Full Disclosure
Asunto: RE: [Full-disclosure] RE: Example firewall script
I look for bad rules set to learn a little more. I thought that my question
was interesting because here there are many people who knows about this. Can
you recommend me any web or any book?
Thanks
-----Mensaje original-----
De: James Tucker [mailto:jftucker@gmail.com] Enviado el: sábado, 27 de
agosto de 2005 18:17
Para: Full Disclosure
Asunto: Re: [Full-disclosure] RE: Example firewall script
Screw these arguments.
What you should really do is get a security consultant to teach you the
basics, and provide you with some exposure to the various different options
you may have available, and in the case of your request, offer you some of
the old horror stories.
If your only aim is to learn, the I would suggest starting with your
firewalls documentation. Most firewall developers do have at least a
reasonable knowledge of firewall security and rule building. Moreover good
documentation will leave references to good physical sources (books,
courses, etc.). Getting back to the original question of BAD configurations
:) (yep, my ATD is higher today) you may find some reasonable examples in
high quality documentation too.
You might try looking into any detailed hacking stories and statistics you
can find, as these may lead to some other interesting conclusions about
firewalls and their impacts on security too.
Also, forums might be a good place to pick up bad firewall rules, you know
those places are filled with crap because people just can't resist trying to
show up the next guy and pretend to be the best.
Just out of interest, why are you looking for Bad rule sets?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
