Re: [fw-wiz] fwtk users?


There are some architectural issues as well. I.e. stock authsrv talks
via localhost port - if your machine runs proxies you should use
tricky configuration options to prevent them from talking to it except
when they are ought to do.

There is an encryption patch, but IIRC it was not included in Gauntlet,
and it uses silly single-pass DES PSK and authsrv has fixed banner
displaying at the start of each session for bruteforcers' joy.

OpenFWTK has subtle API change to communicate via unix socket when
needed and the change is transparent for all applications.

On Wed, Jan 17, 2007 at 08:12:46AM -0500, Marcus J. Ranum wrote:
ArkanoiD wrote:
I wonder if there are still many people who use TIS fwtk and/or old
Gauntlet source license. If you do, please drop me a line describing
your environment and requirements, as i have some replacement code ;-)

I'm not necessarily recommending "Arkanoid"'s replacement, but if
there ARE any people still using the old fwtk code, I'd suggest that
you replace it.

I recently discovered a number of issues with the code using an
automated software security tester - see:
Quite the interesting experience, to say the least. While the review I
performed identified a number of issues they would by fairly easy to
fix. I'm not doing it, though.


firewall-wizards mailing list
firewall-wizards mailing list