Why filter ICMP when you can configure your hosts/routers not to respond
to a ECHO request on the broadcast address?
At 01:15 PM 9/1/99 -0400, Burton Rosenberg wrote:
we had a problem w/ smurfing and ping. a ping to a network address generates
a lot of traffic back to the source. in the case
Hi there
Date: Wed, 1 Sep 1999 08:42:30 -0400 (EDT)
From: Carric Dooley [EMAIL PROTECTED]
Subject: Re: Nokia/FW concerns
A faster crossover cable won't matter. I believe it is the
sync interval
that is the issue (happens every 50ms). I have been waiting
for an answer
from one of
Hello All,
I am new to the group and new to this portion of security. We received
a demonstration for a product called WatchGuard and seem favorably
impressed (but what do we know).
More to the point, does any one have any experience with this product?
We would appreciate any insites (positive
hmmm,
doesn't respond to any connect attempts
traceroute fails
no registered hosts
pings fail
no DNS resolution
Possiblities:
- spoofing type of activity perhaps ?
Nothing else except a misconfigured machine really springs to mind given
that there doesn't seem to be any network path to the
How about the possibilities of having your entire LAN compromised or not.hmmm let
me think?
-Original Message-
From: ana220108 [SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, September 01, 1999 12:13 PM
To: Firewalls
Cc: ana220108
Subject:Pros/Cons of WWW Server in LAN
IMHO, by placing the app server in the DMZ you have now taken it off your
subnet thus adding to the security of your LAN.
In conjunction with a properly configured firewall denying all HTTP and FTP
processes inbound to your LAN.
Ladies/Gentlemen, Any comments?
Regards,
Richard Drennan
Systems
Hello-
I have been assigned the job of setting up a
firewall. I need some practical advice on connecting with cables. I have 2 nic
cards in an NT server, a small 4 port hub, and a DSLPipe-S unit. Do I use a
crossover cable from the DSLPipe the the hub?
Do I also use a crossover cable from
Hi Roy,
By opening your firewall to the web server located on your LAN you've already
lost the battle. When your web server is compromised the attacker will already
be inside your trusted network. By placing your web server in your DMZ your
able to reduce the risk of compromise to your
On Wed, 1 Sep 1999, Newcomb, Kelly wrote:
I'm getting repeated (regular intervals) ftp attempts to my firewall from an
address (208.24.82.140) that I can't seem to track down. While the attempts
[whois.arin.net]
Sprint (NETBLK-SPRINTLINK-BLKS) SPRINTLINK-BLKS 208.0.0.0 -
208.35.255.255
Could you share with us how you traced the IP address? That looks like a
www.networksolutions.com
type answer, but I'm not sure how to get it given the IP address.
Thanks.
--- Bill Fox [EMAIL PROTECTED] wrote:
Hi,
Perhaps a brief email or phone call to the coodinator (see below) may
Just so everyone knows how to do this and be good citizens.
This will keep you from being a smurf amplifier.
Cisco
no ip directed-broadcast
Bay Networks hardware
run "bcc", then "config", "ip", and last, "directed-bcast disabled"
Ascend
Ethernet - Mod Config - Forward Directed Bcast=No
For
Always assume that any machine that has contact with the internet can be
cracked. If you put it onto the DMZ, a cracker will be limited in what he
can do by the firewall. If you put the machine on the internal LAN, then he
has access to your full LAN if/when the machine gets cracked.
On
At 06:17 AM 9/2/99 -0700, Alejandro Hoyos wrote:
Could you share with us how you traced the IP address? That looks like a
www.networksolutions.com
type answer, but I'm not sure how to get it given the IP address.
Thanks.
Try http://mjhb.marina-del-rey.ca.us/cgi-bin/ipw.pl?
-
[To
go to www.arin.net
query whois for the IP address
click on the handle associated with the address space in this case
NETBLK-SPRINT-D01840
:-)
===
Larry Chin {[EMAIL PROTECTED]} Technical Specialist - ISC
Sprint Canada
On Thu, 2 Sep 1999, Alejandro Hoyos wrote:
Could you share with us how you traced the IP address? That looks like a
www.networksolutions.com
type answer, but I'm not sure how to get it given the IP address.
Thanks.
From a shell prompt - "whois [EMAIL PROTECTED]"
Some whois clients want
On Thu, 2 Sep 1999 09:13:13 +0800, [EMAIL PROTECTED] said:
tanhcr what do you think about this: caller identification (the
tanhcr calling number is matched against the pre-defined number on
tanhcr the radius) and password authentication without restriction on
tanhcr the destination
I think the
On Wed, 1 Sep 1999, Roy wrote:
We have the option of placing a www app server outside our firewall, in the
DMZ or behind the firewall in our LAN by opening port 80 to the www app
server's IP address.
What are the pros and cons of placing it in the DMZ vs in the LAN?
In an ideal situation,
We have the option of placing a www app server outside our
firewall, in the
DMZ or behind the firewall in our LAN by opening port 80 to
the www app
server's IP address.
What are the pros and cons of placing it in the DMZ vs in the LAN?
This is a complex issue, because it depends so
At 11:03 AM 9/2/99 -0400, Morse, Michael H. wrote:
I believe that the conventional wisdom that web servers should be in the DMZ
is primarily based on the assumption that web servers, because they contain
only public information, have little value...
That assumption no longer holds (if it ever
At 06:17 AM 9/2/99 -0700, Alejandro Hoyos wrote:
Could you share with us how you traced the IP address? That looks like a
www.networksolutions.com type answer, but I'm not sure how to get it
given the IP address. Thanks.
Try www.arin.com
David G
-
[To unsubscribe, send mail to [EMAIL
Alternatively you could place the www servers outside the firewall with an
embedded firewall right on the www servers. Depending on the number of www
servers you may actually see improved preformance and lower latency for a
large number of web servers
Avi Fogel
Network-1 Security Solutions, Inc.
Try this tool:
http://www.blighty.com/products/spade/
It leads you to a significant amount of information about a
given IP address.
Michael Stout wrote:
Bill,
How did you track down the coordinator for that particular IP address.
We are hit numerous times by IP addresses that I would
I was thinking about private vs. publicinet
address space the other day, and it occurred to
me that with all the changing of authority with
domain registrars and ip authorities, that some things
are bound to get fuddled in the near future. For
instance, right now it is the responsibility of
Aye, this is true
some time ago we were writting a kind of backdoor working like a normal
shell over the ICMP, and it had an option to establish connection from
inside of network to hostile host.
greets
Bill Rohweder wrote:
Regarding the recent discussion of ICMP threats, other than the
http://www.arin.net select the ARIN WHOIS link.
ARIN=American Registry of Internet Numbers. (I think.)
I don't know if this works for all IP ranges but I haven't had any problems
with it yet.
-Original Message-
From: Alejandro Hoyos [mailto:[EMAIL PROTECTED]]
Sent: Thursday,
Where were you when we tried to explain this to _our_ IT department!
As a bit of history, from another security related field which firewall
people might find interesting:
Smurfing also means a money laundering tactic where hundreds of individual
"smurfs" deposit small amounts of cash, below
Alternatively, you can put the inside webserver on a trusted OS and
use the networking components to prevent the webserver from attacking
other hosts on the internal network should the web server software
or other host software be compromised.
You could try Reptor,
http://www.wankwood.com/reptor
or write your own Perl scripts.
John Monahan
MIME:[EMAIL PROTECTED]
09/02/99 05:16 PM
To: [EMAIL PROTECTED] @ INTERNET
cc: (bcc: John Monahan/LDI)
On 2 Sep 99, at 13:56, Ryan Russell wrote:
As a matter of course, firewall admins should implement anti-spoofing
rules that block (source) addresses for their inside nets, any RFC1918
addresses, and anything above 223.255.255.255 (minus anything they wish to
explicitly allow for MBONE,
On Thu, 2 Sep 1999, Eric Vyncke wrote:
Dial-in is SLIGHTLY more secure in the following aspect:
- confidentiality attacks mostly need access to the physical wire
(cannot be done from the other side of the Earth)
You'd be surprised at the dial-out points that a well-informed attacker
can
Greetings Security Guru's.
I am researching certification of security technology to assure our vendors
and customers the validity of security within a specific web application.
Does anyone have any information (good,bad,indifferent) regarding ICSA or
their product TruSecure? Would you recommend
On Thu, 2 Sep 1999, Ryan Russell wrote:
NICs have nothing to do with routing. The closest thing to the scenario you're
talking about
is reverse name lookups. I don't expect any difficulty there. ISPs are
responsible for not leaking
RFC1918 addresses into the Internet, and would be even
On Thu, 2 Sep 1999, Matthew G. Harrigan wrote:
It's no different than any other address space that gets advertised by
multiple entities. Tier-1 providers should be filtering their ingress
routes anyway, not that it should matter unless you're the destination.
Sourced packets from any
It's not as simple as thisimagine the following network:
server - net a - router a - net b - router b - internet - your host
Let's say router B and router B are managed by people with too little
routable IP space, so they used a 192.168.x.x address. After all that is an
internal net for
34 matches
Mail list logo