Hi all!
I've tried out the new ICQ2000-client, that according to ICQ works better
behind Firewalls. They didn't lie... and that's my problem.
I want to stop people in my net from using ICQ, but still keep TCP-Ports
like Telnet open for my users. The Configuration Tool for ICQ2000 is able to
Actually, it's not as hard as it seems.
Here's a paste of an email from another group which explains how to block
ICQ2000 completely.
It works.
PASTE
Blocking ICQ2000 is easy.
Define a Network object (lets say "NetICQLogon") as 205.188.153.0 mask
255.255.255.0
Then add a rule just below
Kriss Andsten wrote:
On Tue, 30 May 2000, Graham Wheeler wrote:
snip
SSL can be restricted to particular e-commerce sites.
snip
Sounds like a rather interesting approach.. protect users by not letting
them use secure transports, rather send their junk in plaintext. Hmm.. ;-)
If the
mouss wrote:
Graham Wheeler wrote
Ah, but a stateful filter can also block content (not by removing it,
but simply by renaming the tags in the packets, for example by changing
the first character). It's harder to do, as the data stream isn't
necessarily in-order, but it's been done.
Kriss Andsten wrote:
Having written things tunneling stuff over http proxies (CONNECT, GET with
or without ?..., POST), NS queries (which worked rather well over just
about anything) and IDENT queries depending on connectivity, I dare say
'tis normally not that much of a problem. (Of
On Wed, 31 May 2000, Graham Wheeler wrote:
Kriss Andsten wrote:
snip
'tis normally not that much of a problem. (Of course, if you have to
resort to sending data using If-Modified-Since: and get the replies in
the Cache*: headers, latency is a bit nasty ;-)
Not only that, but the amount
You'll find it under the organize tab on the tools menu, then on the "using
views" link. Executive summary is called "Messages with AutoPreview". Set
it to "Messages"
By the way, if you go into Options, then Security, then Attachment security,
it should be set to high. Click on close, then on
Harry,
There is a Cisco mailing list called Groupstudy. The members there are
studying for various cisco related certifications. They might welcome your
question as a case study. Feel free to join, and post it there.
I do have some comments.
You might want to consider connecting to PSINET at
Steve Kalman wrote:
(snip)
You'll find it under the organize tab on the tools menu, then on the
"using views" link
(snip)
Regarding the 'executive summary' feature - what version of Outlook Express
are you using?
I'm using 5.00.2314.1300 and on the "Tools" menu I find no "Organize" tab.
I
The Organize tab is part of Outlook, not OE. (I use O2K, but it was there in
O98). I'd guess that OE has a similar feature, but as I don't use it, I
don't know for sure.
As for turning off VBS, there is one registry setting that controls VBS in
IE, OE and Outlook. The instructions I gave are
The "messages with auto-preview" (called "executive summary" in this thread)
is a feature of Outlook, not Outlook Express. Outlook is the corporate
e-mail client that's part of Office. Outlook Express is the Internet-only
e-mail client that's part of IE.
Both Outlook and Outlook Express allow
Kriss Andsten wrote:
Or, you could just encap the same data in say, five, DNS requests during
each 24 hour period..
If all you're doing is stealing the bandwidth of 5 DNS requests in a
day, tunnel away!
Sure, takes a bucketload of time, but I dare bet a fiver it's neigh to
undetectable
Hasn't ANYBODY used or evaluated a 3COM firewall?
I'd like to hear about it if they have!
By subscribing to this list for over a year now, I have plenty of information about
other company's
products.
This is a new product we'd like to hear about, so please stop hawking other stuff.
I am currently researching "personal" firewalls. In other words, software, or
inexpensive hardware, that can be used to protect a single computer while it is
connected to the internet (via DSL, modem, cable modem, etc.) or to a
competitor's network.
Some requirements are that it support
Greetings! This is my first post to the firewalls mailing list.
I am about to install two Windows NT or Windows 2000 VPN servers for
site-site communications and road-warrior access.
What is the conventional wisdom for the placement of these servers? Should
they each go:
(1) Outside their
you can get a 14 day license to try out a workstation version of
CyberwallPLUS at http://www.network-1.com/products/index.htm. It supports
NT 4.0 and Win2K but not Win9X. I haven't gone to Win2K on my home system
yet so I'm using Zone Alarm. It seems adequate for my cable modem
connection.
I used BlackIce Defender a while back, but it didn't fully support Windows
2000, so I switched to Zone Alarm. ZA worked quite well until I rebuilt my
PC and installed version 2.1.25 (still the latest version), which was a
little flaky -- it couldn't handle disappearing network cards -- like what
I use Black Ice on the laptop. McAfee has one, as does Gibson Research
(www.grc.com). Check out the GRC site and click on the link that asks them
to probe you to see your weaknesses.
Steve
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL
On Wed, 31 May 2000, Graham Wheeler wrote:
Or, you could just encap the same data in say, five, DNS requests during
each 24 hour period..
If all you're doing is stealing the bandwidth of 5 DNS requests in a
day, tunnel away!
If you think bandwidth is the biggest risk of tunneling, you
On Wed, 31 May 2000 [EMAIL PROTECTED] wrote:
Some requirements are that it support Windows 9x and Windows NT 4.0, and
eventually have support for Windows 2000. Also, it should be compatible with
most VPN clients.
Remote node VPNs are *not* a security feature. By definition they break
the
Anyone know of a cheap software firewall for NT4 Server that runs on SMP
(that rules out ZA!). We need one for a short time while we sort out our PIX
configuration to allow us to handle 2 sets of servers on different ISPs on a
single PIX (were still messing with intermediate routers to work
www.netscreen.com has a similar "scan me" utility on their web page which
is
not as busy as Gibson's. It also prints out it's results to a single page,
which is a nice feature. I too use Black Ice on both a portable and some
client machines. It is more compatible with other products I use than
"Paul D. Robertson" wrote:
On Wed, 31 May 2000, Graham Wheeler wrote:
Or, you could just encap the same data in say, five, DNS requests during
each 24 hour period..
If all you're doing is stealing the bandwidth of 5 DNS requests in a
day, tunnel away!
If you think bandwidth is
Try this site for a Raptor log analyzer. I used it at my last job, and it
works well.
http://www.wankwood.com/reptor/index.html
-Original Message-
From: John Sullivan [SMTP:[EMAIL PROTECTED]]
Sent: Tuesday, May 30, 2000 10:04 AM
To: [EMAIL
On Wed, 31 May 2000, Graham Wheeler wrote:
Or, you could just encap the same data in say, five, DNS requests during
each 24 hour period..
If all you're doing is stealing the bandwidth of 5 DNS requests in a
day, tunnel away!
If you think bandwidth is the biggest risk of
To disable VBS scripting, you can change the default action for VBS to
"edit" instead of "open". Create a file name ANTI-VBS.REG containing the
following three lines then right-click on the file and choose "MERGE".
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VBSFile\Shell]
@="edit"
-
you are right each approach has its own pros and cons
1) this does not seem to be a logical choise. if the servers are
compromized you have an hacker with all the user names and passwords
on the server and a bastion host outside the wall to break into the
wall.
-BEGIN PGP SIGNED MESSAGE-
There has been a bunch of discussion recently about attacks that use the
fact that many "firewalls" pass packet fragments as they cannot tell if
they are part of a connection or not. I am having trouble convincing one
person that such attacks are real, can
Title: OT: Tracking down Hotmail Info
Good day!
If I have an email-based attack happening from Hotmail, how can I get more information about the owner of the Hotmail account, IP addresses of the people using that account, etc... in order to facilitate my investigation? Does the [EMAIL
Does anyone have any experience with an Ascend (now Lucent) Pipeline 220
with the "SecureConnect" firewall software package? I'd appreciate
information and opinions (other than the type of "out-of-box firewalls are
inherently insecure"). Assume a potential configuration of a WAN with a
Hi Steve,
Ive been involved in quite a few law enforcement investigations involving internet
traffic and email. The first thing you need to do is take a look at the header of the
message, here is an example (somewhat sterilized):
MAIL From:[EMAIL PROTECTED]
RCPT To:some1@somewhere
Received:
Hey, I'm in the market for a small piece of internet firewall hardware
as well as software, I've heard that Firebox makes good things
(specifically Firebox II) and I've also taken an interest in the 3com
OfficeConnect Internet Firewall DMZ.
The 3com is priced nicely at under $600, and I havnt
Check out sonicwall. it is a hardware solution with a beowser based
admin client. pretty neat for a small network. It supports VPN's too.
I think it is around $500.
Amit Kaushal
Deloitte Touche LLP
eBusiness Technologies and Security
folx,
just to clarify on this issue:
i don't consider what paul described real dual-homing. it's more of a
home and a summer house (but one without internal plumbing and somewhat
drafty walls).
althought it is possible to get your netblock announced on both of the
networks you're 'dual' homed
I think I saw it here on the list. But not sure since I cant find any
mention of it.
A registry hack for Pc Anywhere which stops it from responding to the
network scan within pc anywhere.
Any help would be greatly appreciated.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe
If that's true, I'd like to know about it, too. I've noticed that the
PCAnywhere client sends a UDP packet to port 22 before attempting a TCP
connection to port 5631. Perhaps you can set the PCAnywhere server to ignore
TCP connection attempts if it does not first see this UDP "explorer" packet?
On Wed, 31 May 2000, Todd wrote:
althought it is possible to get your netblock announced on both of the
networks you're 'dual' homed on under the circumstances that he described,
this doesn't really get you the reliability you should be asking for. the
reason is that every international
watchguard makes a SOHO firebox for small offices for 399.00 which allows
10 users to access the internet and comes with a 4port switch installed.
The Firebox-II is around 3000.00 or so.
Both are very good products and have good support.
Larry Letterman
- Original Message -
From:
On Wed, 31 May 2000, Lodin, Steven {IT S~Indianapolis} wrote:
Good day!
If I have an email-based attack happening from Hotmail, how can I get more
information about the owner of the Hotmail account, IP addresses of the
people using that account, etc... in order to facilitate my
Any opinions regarding Sun's SunScreen Secure Net firewall product?
Secure?
Reliable?
Complexity?
Performance?
Any feedback at all would be appreciated!
Thanks in advance,
**
Gabriel Lewis
Network Engineer
California State University Fresno
Hi,
Does anyone happen to know what 'kernel log messages
at level 1 suppressed' means at the end of a log entry
in the log for Raptor NT (6.x)?
Thanks. Erick
Example:
May 17 18:37.0 gatekeep firelogd[102]: 127 Connection
Request src=x.x.x.x/1055dst=y.y.y.y/3182
proto=TCP/tcp
I have found [EMAIL PROTECTED] to be quite
arrogant and not accomodating of my requests
for assistance. I guess they are so busy that
that is the only way they can be.
Source info about an email is generally
obtainable from the full headers of the
message. Use the help in your mail client
to
We need to get net access and a firewall going for a small (4-5 user) remote
office, so I'm looking for a simple to manage firewall (or firewall
appliance) that will suit this need, and also be capable of VPNing to our
Raptor firewall at our main site.
Does anyone have any opinions (good or
-Original Message-
From: Robinson, Eric [mailto:[EMAIL PROTECTED]]
Sent: Thursday, 1 June 2000 12:39 AM
To: '[EMAIL PROTECTED]'
Subject: Where Should the VPN Server Go?
Greetings! This is my first post to the firewalls mailing list.
I am about to install two Windows NT or
44 matches
Mail list logo