We have our office network which has private IP addresses.
We do NAT at the router level and have a whole range of access lists for
security.
I want to know if this is enough for securing our network.
Or do we need a firewall.
Also what are the possible attacks which might happen if we leave it
I have the same complaint. Please let me know how TSS solves this problem.
-- Joe
At 02:05 PM 8/30/99 -0400, Security wrote:
Has anyone had any luck excluding temp files from the integrity check in
Tripwire for Windows NT? The problem is that
the product does not support wild card exclusions
Hi :-)
I've a server application running on port 2000 of my computer.
I want to authorize connections to this port only from my
computer itself (= I want to forbid any computer except
mine to connect to this port).
My computer run under Win NT 4.0.
How can u do that SIMPLY ?
If I need products
could it be a Hack'a'tack or BO running on non-default ports ? The ports
cited are close to the ports for both these trojans.
===
Larry Chin {[EMAIL PROTECTED]} Technical Specialist - ISC
Sprint Canada
David,
Looks like it might be the "Hack'atack". I believe it uses 31785 TCP and
31789, 31791 UDP.
John
-Original Message-
From: Dave Gillett [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 30, 1999 8:09 PM
To: [EMAIL PROTECTED]
Subject: Port Number Use (trojan?)
Somebody recently
Hi,
I see that most of the firewalls pass ICMP messages without filtering. Some
of them offer filtering option only for the PING message. Does anybody know
the firewalls that deny ICMP messages? Btw, is there any harm if I buy a
firewall that allows all the ICMP packets to go through into and
Apologies for being slightly off-topic.
Users are complaining that the web is slow and the firewall is being blamed.
I've heard there are web benchmark programs which I could use in various
configurations to discover where the bottleneck is. Could anyone point me
in the direction of a
This is really a followup to Spiff's note on NT 4.0's TCP sequencing
vulnerability... I ran across the same article and checked with our
firewall vendor (one of the major firewalls) to see what level of exposure
this would cause us. (And our customers - we're a VAR for that particular
There are two dangers to allowing ICMP through the firewall that spring
immediately to mind.
The first is that you could subject yourself to Denial of Service (DoS)
attacks like the ping of death.
The second is you could give a cracker an avenue to discover topological
about your network. I
Lisa,
I agree with both you AND your Firewall Vendor, however I'll side more
with the vendor on this one, as TCP sequencing is a function of the tcp/ip
stack so it can re-build the packets on their way into the destination. If
there is a flaw in this function as with Micro$ofts
I believe that most firewalls should block icmp.
-Original Message-
From: Sweeney, Patrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 31, 1999 10:17 AM
To: 'Sujeet Nayak'; [EMAIL PROTECTED]
Subject: RE: ICMP filtering
There are two dangers to allowing ICMP through the firewall
I believe Axent Raptor firewall blocks ICMP.
By default, this is true. On Raptor 5.0, there aren't really any provisions
to allow usage of inbound ping or outbound traceroute, aside from creating
a GSP for the various icmp types. 6.0 has a "ping daemon" which enables
directionally controlled
Hi all,
Some of my friends are using for the protection of there systems( mostly one
computer ) when they are in the net from http://www.singnal9.com the Conseal
firewall, is this enough security against some normal "attacks" like to
nuke, Ping DoS, TOD, Floods and things ??
Is the Firewall
Network PropertiesProtocols...TCP/IP Properties...Click "Security", then
click Configure.
adam
Hi :-)
I've a server application running on port 2000 of my computer.
I want to authorize connections to this port only from my
computer itself (= I want to forbid any computer except
For a standalone windows 9x machine, Conseal seems to be a fairly secure
firewall.
/Vincent Power
-Original Message-
From: Christian Lissner [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, August 31, 1999 2:11 PM
To: [EMAIL PROTECTED]
Subject: Conseal
Hi all,
Some of my friends
Sweeney, Patrick enscribed thusly:
There are two dangers to allowing ICMP through the firewall that spring
immediately to mind.
The first is that you could subject yourself to Denial of Service (DoS)
attacks like the ping of death.
Blocking ALL ICMP, including "ICMP
I am looking for three things to complete my study on FW-1 software from
Check Point.
1. List of Logs and OMs generated on the FW-1 module.
2. API support of FW-1.
3. A sample of the config file for the Firewall.
This seems like a difficult request for Check Point to handle. If you have
any of
On Tue, 31 Aug 1999, Lisa Lorenzin wrote:
This is really a followup to Spiff's note on NT 4.0's TCP sequencing
vulnerability... I ran across the same article and checked with our
firewall vendor (one of the major firewalls) to see what level of exposure
this would cause us. (And our
It may be someone scanning for certain exploitable RPC serives running
on high UDP ports or it could just be some type of UDP "pinging" utility
(traceroute clone) used to find active hosts on a network.
HD Moore
http://nlog.ings.com
On Mon, 30 Aug 1999, Dave Gillett wrote:
Somebody
Gary,
I will confirm your findings (if any further confirmation is required). I
didn't want to announce this issue publicly, but since the kitty is already
out of the liter .. We have reported this issue to the vendor and they
are looking into it. We are running a very high speed
Um, define "safe and reliable"...
AFAIK for traceroute to work you need to allow ICMP time exceeded and port
unreachable messages back to the host that's running the traceroute. The
outgoing traffic is normally actually UDP, which you can control with packet
filters.
If it is against your
For a listing (in progress) of various port numbers associated with "remote
control trojans" (RCT for short), consider visiting
http://www.commodon.com/threat/threat-ports.htm. Remember, this is a list in
progress.
For information regarding the detection and removal of RCT's, consider
visiting
22 matches
Mail list logo
