On 12 Nov 99, at 9:45, Roy L. Jacobs wrote:
I am new at this and could use some assistance. I have read there
are some 65,535 ports in tcp/ip, but have been unable to find
anything which explains this. For instance, port 139 is ascribed by
the tcp/ip protocol to net bios, but beyond that, I
Hello!
Could anybody tell me that where can I find any information about a
firewall architecture based on FW-1 4.0 (running on Solaris 2.7)?
Does anyone have any recommendations or informations about it?
Are there any known problems as some netadmins have been reported me?
I'd already visited
Hello!
Could anybody tell me that where can I find any information about a
firewall architecture based on Fw-1 (running on Solaris 2.7)?
Does anyone have any recommendations or informations about it?
Are there any known problems as some netadmins have been reported me?
I'd already visited the
Telnet shouldn't be tunneled through SSH. SSH replaces the use of
telnet. See: http://www.employees.org/~satch/ssh/faq/
Almost anything can be tunneled across SSH, if you want to write the
code to do it, whats more important is the services that can be
connected to. For instance if you are
Hi
We're 2 students trying to install a Bordermanager
3.5.0 on a Netware 5 server. Something has gone wrong
with the installation of the Snapins into the
nwadmin32-utility. The Snapins are present in the NDS
but the security functions in the nwadmin32 are not.
We are unable to delete the
the permit is the first, and the deny line the second...
Gushterul
On Tue, 16 Nov 1999, Engasser, Charlie wrote:
I have a combo question.
I am running Firewall-1 3.0b 3048, and my router is a Cisco 2611
running 12.0.6t.
We are getting
um...If you want any inbound traffic to be blocked at all, the permit
needs to be last, otherwise the permit takes precedence.
According to Cisco,
"The order of access list statements is important! When the router is
deciding whether to forward or block a packet, the IOS software tests
the
The point of tunneling is to go through firewalls
(well, in your case, anyway). This is why the
firewall is rendered useless.
If the endpoints of the SSH link have firewalling
capabilities you can regain a little bit of
security by firewalling the link at the endpoints
rather than the firewall
my two cents...
Cisco PIX with three (or more) legs ... use a proxy server(s) in the dmz to
proxy the http and ftp requests for the clients in the inside.. put your
web server(s) there too or in a second dmz at a lower security level...
cisco's mailguard feature does a pretty good job of
At 11:08 AM 11/17/99 -0200, Alexandre Vargas Rousseau Nunes wrote:
Hello!
Could anybody tell me that where can I find any information about a
firewall architecture based on FW-1 4.0 (running on Solaris 2.7)?
Does anyone have any recommendations or informations about it?
Are there any known
I am trying to set up a secure NT network that would be protected by the
Microsoft Proxy Server. This network has to containe a web and e-mail
server, and about 15 client computers on the internal network. I also need
to set up secure VPN access to this network. I have been advised to place
Per Gustav Ousdal [EMAIL PROTECTED] writes:
To sum up with a klisje' : We can never be 100% safe, but we can limit
the threats.
Right. That's what I was saying. :)
Too many people think that firewalls are doing a whole lot more than
mere flow control. Most of the firewalls are just dynamic
thought I'd ask what people's opinions are of using DSL *without* a
firewall. What are some of the risks? And what types of
firewalls might be
the best bet for this situation, if one is needed?
The risks are the same as any net connection,
including a dialup line, except even more so
if you
I have been reading up on Microsoft Proxy Server and the Microsoft VPN
software and there seams to be a contradiction in the Microsoft
documentation. The proxy documentation says that it is possible to run the
proxy server and the vpn server on the same machine. However, it also says
that
Joe-
Where did you get this information? As far as I know, 4.1 is not available
yet.
-Paul
-Original Message-
From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
On Behalf Of Joe Matusiewicz
Sent: Wednesday, November 17, 1999 8:13 AM
To: Alexandre Vargas Rousseau Nunes; [EMAIL
It doesn't matter which type of connectivity solution you choose. xDSL, Frame Relay,
X.25, FDDI, Microwave etc.. ANY connection to the internet is in-effect, rolling out
the red carpet for groups or individuals who wish to abuse the system. SOHO (Small
Office/Home Office) are particularly
On Tue, 16 Nov 1999, Per Gustav Ousdal wrote:
Date: Tue, 16 Nov 1999 11:04:21 +0100
From: Per Gustav Ousdal [EMAIL PROTECTED]
To: "Paul D. Robertson" [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: SV: Query on FW Attacks -reply
If the netowkr architecture was done correctly and the
Hi Charlie,
There are two sides to every TCP conversation. In the normal situation,
the web browser initiates with a message from a high port (1024 or
higher) to the destination on port 80. The web server replies back
from its port 80 to the browser computer's original port.
Your "deny" is
TCP/IP, UDP, and other protocols are defined in operating system and
application software. A port is known to be listening when a server
program instance is currently active and has acquired the port (using
one of the language facilities in the source program that
You could do it, but it would be a DOG with IIS, Exchange and File/Print Services
running. Your best bet would be NetWare5 which can handle File/Print services,
Netscape enterprise server and GroupWise with about 1/3 the proccessor/ram utilization.
good luck..
"Arkady Yerukhimovich" [EMAIL
Hi,
I am a newbee. I need some firewall expertise from someone.
1. I'm running Solaris2.6.
2. I have Check Point 4.0 for my firewall
3. I need to link my firewall
4. I don't have OPEN View
5. So what steps/commands do I need start-up my firewall.
--- If you need anymore information let
Greeting,
I've been lurking on this list because the subject is of interest but
do not have alot of tech knowledge. The comment below about SOHO being
esp. vulnerable is of special interest. What can be done, or where
can I go to find out about what to do, to help reduce the vulnerability
of a
Well, the risks are the same on DSL/Cable as they are on any
Internet-connected link (including dialup) without a firewall. Firewalls
help you to implement a policy of 'least-privilege' on your link--ensuring
that only the services that you want to be advertised to the world are,
thereby
I'm trying to find out if current (or ex) users of SecureIT 4.0x for Solaris has been
having problems with main process guardian. The symptoms are that traffic would stop
going through (without explanation) and the situation would be fixed by re-starting
guardian.
Thanks,
Seth Williams
Education is your only defense. You are head and shoulders ahead of 99% of would-be
network admins out there, just by paying attention to this list.
You can reduce your risk when connecting to the internet by 99% by installing a
simple, and in many cases FREE (linux) Firewall. All you need to
If you are using one NT server to run both Proxy Server as the firewall AND
IIS the web server, then I don't see how you could place the web server
outside of the firewall.
My suggestion would be, as this is a small installation, to use
"reverse-proxy" to publish your webserver through the proxy
Hi all,
I think I can explain what is going on.
The access list you've described is going to drop all traffic initiated
from your internal network, where your hosts select a source port in the
range specified in your Access list.
For example, your internal host X attempts to telnet to a
Interesting Facts :
Tomorrow 11/19/1999 will be an Odd day (all digits odd).
This is the last one.
After that, we won't see an odd day until 1/1/3111
The next even day will be 2/2/2000, the first since 8/28/888
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe
I am running a firewall using ipchains 1.3.8 on a Slackware 4.0.0 Kernel
2.2.13. Although the kernel is compiled with SMB Filesystem enabled, I have
disabled smbd and nmbd, and have made sure those modules are not loaded in
the kernel.
However I'm seeing some strange behaviour when I test UDP
4.1 is officially shipping to new FW-1 customers. Make sure you specifically
ask for 4.1 when you place a new order, however. 4.0 customers that have
current software subscriptions will be getting upgrade notices somewhere in
the Jan-March timeframe (Q1). Im also told that if you have a real
30 matches
Mail list logo