I like to use nmap to externally scan firewalls with various options. In
addition I often try a few spot checks using an internal netcat listener and
then trying to connect to it from the outside world.
With all the fragmentation problems these days, one should probably try and
route the
Ben Nagy wrote:
[...]
I reread David's post. And discovered that he didn't say the
box was pinged.
Your theory, however seems to answer my question. But are you
saying NAT box is
responding to echo on behalf of destination box ?
That's my theory, yes.
Hello Ben,
You are
Hi
Is there a way to configure FW-1 ver4.1 to pass
packets with IP options set?
Thanks, Naor.
Lipa Naor
Quality Assurance Manager
Packet Technologies Ltd.
6 Hamachtesh st. Industry Area, Holon
Also some switches, when flooded with spoofed ARP/RARP will fail-open, and
start operating like a hub - i.e. broadcasting all traffic to all ports.
Andrew
-Original Message-
From: Paul D. Robertson
To: Ronneil Camara
Cc: '[EMAIL PROTECTED]'
Sent: 10/23/00 2:21 PM
Subject: Re: [OFF
Try http://netfilter.kernelnotes.org instead
Phil Randal
Network Engineer
Herefordshire Council, UK
-Original Message-
From: 1997A4PS202 [mailto:[EMAIL PROTECTED]]
Sent: 23 October 2000 20:00
To: [EMAIL PROTECTED]
Cc:
Hi
We have a setup which is like this - a CISCO
2948G-L3 switch with different VLANs on it - VLAN1 for tier-1 which comprises
web servers, VLAN2 for tier-2 which has the application servers and VLAN3 for
tier-3 which has the database servers.
What I want to do is configure "extended ACLs"
Personally my favorite is:
http://www.linux-firewall-tools.com/linux/
It has information on setting up and the utility to help you configure
is a pretty good start.
--
John G. DaSilva
mailto:[EMAIL PROTECTED]
Help stop Internet spam! Join CAUCE: http://www.cauce.org/
-
[To unsubscribe, send
David Loysen wrote:
Tracert (UDP) completes on either interface with a last hop of my routers
outside the firewalls. The firewall has never shown up as a tracert hop, I
assume by design.
Tracert (TCP) fails on both because it isn't currently allowed. I am going
to be working on this
I just wanted to ask of your opinion about this product.
The big thing I see is that it doesn't offer VPN.
Thank you for your input
al
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Didn't 3COM sell off all of its network connectivity type devices (routers,
hubs, switches and firewalls)? If so, that would be pretty good mark against
them in my book. HTH
Wes Noonan, MCP+I/MCSE/MCT/CCNA/NNCSS
Senior QA Rep
(713) 918-2412
BMC Software, Inc.
[EMAIL PROTECTED]
http://www.bmc.com
On Tue, 24 Oct 2000, Charles wrote:
Hi
What I want to do is configure "extended ACLs" on the switch for
inter-VLAN communication - for eg, allow access from MachineA on VLAN1
to MachineB on VLAN2 only on port 8000 and so on. I read the Release
Notes of 2948G-L3 and it has "IP extended
This more of a discovery tool, not particularly an Intrusion Detection
system. (i.e. ISS, NFR, NetworkICE, etc).
The whole underlying reason one places a firewall or packet filtering
router between an organization and the Internet is to prevent would be
intruders. So if the rules on the
Actually I think 3com utilizes the Microsoft PPTP client. I also think
they have own VPN shim that compatible with their version of RADIUS
/m
At 09:52 AM 10/24/00 -0500, Noonan, Wesley wrote:
Didn't 3COM sell off all of its network connectivity type devices (routers,
hubs, switches and
hummm.
either he NATs clients source addresses, and follow Bens words, in
whih case, everything will work,
or he doesn't NAT clients source addresses, and then as I said before,
it can't work.
having 2 addresses, 2 ports, ... on the webserver changes nothing. It's a
routing problem, so it
Hello Everyone,
Could any one of you please tell me when the DNS Zone transfers (tcp/53)take
place. I am administrating an ALG firewall and have defined rules for DNS
Requests (UDP/53), but no rules are defined for DNS Zone (tcp/53), yet the
firewall is working fine. All the names are being
Eessa -
Anyone can request a zone transfer by specifying in their DNS querying tool
of choice to do a full zone transfer. However, this also can be modified on
the DNS server to allow only certain IP addresses to be allowed to pull zone
transfers. I know companies, such as UUNET, does not
On Tue, 24 Oct 2000, Eessa Kamal wrote:
Hello Everyone,
Could any one of you please tell me when the DNS Zone transfers (tcp/53)take
place. I am administrating an ALG firewall and have defined rules for DNS
Requests (UDP/53), but no rules are defined for DNS Zone (tcp/53), yet the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Andrew Thomas [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 4:15 AM
Also some switches, when flooded with spoofed ARP/RARP will
fail-open, and
start operating like a hub - i.e. broadcasting all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Pardon my ignorance, but I don't get it. This seems like something
of value, but I don't follow your brief description. Would you mind
fleshing this out so I can understand exactly how to build this?
Randy Graham
- -Original Message-
Hi Lister,
I am trying to do some research on the architectural difference of Stateful flow
inspection technology and plain packet filter that is readily find in
networkking device like router.
I would appreciate for any pointer in terms of reading. On the other hand I
guess it would be more
Frank Knobbe wrote:
The loopback on the LAN side causes the switch to
receive all packets it sends out. That triggers some switches into
behaving like a hub. Use at your own risk.
Now that is interesting. I wonder which of two scenarios is
occurring:
1) Broadcast packets are forwarded and
Title: RE: Stateful Inspection vs. Packet Filter
Try: http://www.checkpoint.com/products/downloads/Stateful_Inspection.pdf
It's (understandably) a biased opinion, but then again, they are generally recognized as the best firewall on the market.
I use information from this document to show
SecuRemote does not use these ports. I understand that the client uses udp
500 and a couple of low numbered tcp ports for all of its communication.
Lance
- Original Message -
From: "Palis Michael" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, October 23, 2000 4:35 AM
Subject:
Gary flynn wrote:
1) Broadcast packets are forwarded and thus read back through the
same port. This registers that port in the MAC table for all
MAC addresses that send broadcast traffic. Hence, you wouldn't
see traffic for MACs that don't send broadcast traffic (few
and far
Hi,
does anybody know how to do router sniffing to examine the packet
passing
thru it ( I'm not referring to the debug command).
thanks
Rgds,
Squall
Singapore
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Gary flynn [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 3:08 PM
Frank Knobbe wrote:
The loopback on the LAN side causes the switch to
receive all packets it sends out. That triggers some
I'm running Gauntlet 5.0 on NT 4.0 SP6a.
I'm dynamically nat'ing a non-routable inside network to a single
outside address (fw external interface).
How do I get it to pass ICMP ttlexpired messages (tracert) back
through to the originator inside my network? ICMP echo is working
fine and I
I'm running Gauntlet 5.0 on NT. Dynamic nat from a non-routable
to a single external I.P. address.
I have packet filtering passing icmp echo just fine for outbound
pings and returning the echos, but tracert doesn't return the hops.
I know that this is a matter of the responding IP (with
Title: RE: router sniffing
There are lots of ways depending on what router you're using, how deep into the packet you want to look, what information you want to look for, what you want the router to do once certain conditions are met, how much extra memory you have, whether or not you want to
I use NAI Sniffer with the v.35 interface to attach in front of the
unit. If you want to see what is coming out of the internal interface
you can use NAI Sniffer or a number of free sniffers. Depends on what
you are looking for. For general stuff, I use ethereal on linux. If I
am hunting down
GNT 5.5 Sol 2.6, FTP data connections are all of a sudden not working.
Packet capture shows that no one is even remotely attempting to use port 20,
it's all high level crap. I've tried forcing the proxy to use port 20 in
the netperm-table but it doesn't help.
-
[To unsubscribe, send mail to
you'll never get this to work using dynamic nat. gauntlet is supposed to be
able to do this but it won't happen. the only way you'll be able to do this
is with static nat.
cheers.
- Original Message -
From: John Alexander [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, October
iCefoX wrote:
Hi Lister,
I am trying to do some research on the architectural difference of Stateful flow
inspection technology and plain packet filter that is readily find in
networkking device like router.
I would appreciate for any pointer in terms of reading. On the other hand I
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Gary flynn [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 3:08 PM
1) Broadcast packets are forwarded and thus read back through the
same port. This registers that port in the MAC table for all
I'm trying to get securemote to work through Gauntlet 5.0.
Authentication is happening but when I attempt to connect to a
host at the distant end (using VNC), I get a transparency
processing error.
Any ideas?
John Alexander
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe
Passing ICMP through a firewall strongly depends on the proxy. ICMP does not have
ports so it can't use standard NAT techniques. What it does have is ICMP Identifier
and Sequence Number fields.
To allow simple pings with icmp echo is not to hard. One matches the identifier on
internal
I think you have a logical flaw there.
Many IDS alerts = firewall rules not tight enough (possibly)
But:
Few IDS alerts != firewall rules OK.
You're assuming that the attack patterns during the observation period are
a) constant and b) uniformly distributed across the gamut of possible
attacks.
-Original Message-
From: mouss [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 25 October 2000 12:42 AM
To: horio shoichi; David Loysen
Cc: '[EMAIL PROTECTED]'
Subject: Re: Dual firewall question
hummm.
either he NATs clients source addresses, and follow Bens words, in
whih
Ben...
Not necessarily true, place an IDS sensor outside in your Dirty Network
(before fw/router) and place an IDS sensor inside..
In most cases, an IDS should pick up the attack if the IDS application is
designed correctly, and everything else. A penetration test is one time
picturesque
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, 25 October 2000 9:45 AM
To: Ben Nagy
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: Firewall security rule validation via Intrusion Detection
sys tem
Ben...
Not necessarily true,
Has anyone been able to do local forwarding for telnet using ssh2 passed
through a PIX firewall? I'm able to establish the local forward/ssh2
connection through the PIX but as soon as I try to launch a telnet session,
it doesn't work. I tried without the PIX and I was able to get it to work.
Any
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
-Original Message-
From: Ben Nagy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 7:39 PM
[...]
I think the role of the IDS is to then sit around and look
for suspicious
traffic - DMZ hosts scanning the internal firewall,
-Original Message-
From: Frank Knobbe [mailto:[EMAIL PROTECTED]]
-Original Message-
From: Ben Nagy [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, October 24, 2000 7:39 PM
[...]
I think the role of the IDS is to then sit around and look
for suspicious
traffic - DMZ
Hi all,
we are using a intel shiva VPN box which is sitting behind a check point
fw-1. the tunnell gets established between the two vpn boxes but the
machines on the other side of the tunnell cannot be pinged with checkpoint
running, but when you stop the firewall and ping it happens.
The
hi,
i am using Gauntlet firewall 5.5 on NT,I am a newbie
in security field today.I am facing problems while
configuring Gauntlet for three NICS. I am not able to
do things properly,i have the manuals but still i find
it difficult.
I need guidance for configuring the firewall.Is there
also any
45 matches
Mail list logo