Re: [Full-disclosure] RE: Example firewall script

[James Tucker <jftucker@xxxxxxxxx>]

Screw these arguments.

What you should really do is get a security consultant to teach you the 
basics, and provide you with some exposure to the various different 
options you may have available, and in the case of your request, offer 
you some of the old horror stories.

If your only aim is to learn, the I would suggest starting with your 
firewalls documentation. Most firewall developers do have at least a 
reasonable knowledge of firewall security and rule building. Moreover 
good documentation will leave references to good physical sources 
(books, courses, etc.). Getting back to the original question of BAD 
configurations :) (yep, my ATD is higher today) you may find some 
reasonable examples in high quality documentation too.

You might try looking into any detailed hacking stories and statistics 
you can find, as these may lead to some other interesting conclusions 
about firewalls and their impacts on security too.

Also, forums might be a good place to pick up bad firewall rules, you 
know those places are filled with crap because people just can't resist 
trying to show up the next guy and pretend to be the best.

Just out of interest, why are you looking for Bad rule sets?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/