At 16:33 01/03/01 +1030, Ben Nagy wrote:
Difference of opinion. I believe that things should work with a deny base.
In other words, if the NAT module can't do anything sensible with an
incoming packet it should drop it, not pass it.
That's understandable (though I keep my opinion:)
Not that
somebody uses or it already configured the proxy server DANTE or it can
indicate a similar product not commercial for linux .
thanks ,
Luiz Eduardo
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
I have used both Microsoft PPTP and Cisco's own VPN Client successfully
with a Cisco PIX.
- Kevin
At 08:24 PM2/28/01 Wednesday-0500, [EMAIL PROTECTED] wrote:
I personally am not aware of any other clients for the Pix VPN other than
SafeNet Client. The SafeNet itself is nto very safe in my
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
No... I ususally get 5 or 6 auto responders every time I post. It's either
a lack of consideration, or a lack of knowledge of the mail client on the
users' part.
Maybe the list admin would reiterate how to "pause" a list membership
while one is away
Bryan,
isn't there a way to "pause" a membership while people are on vacation?
Carric Dooley
Senior Consultant
COM2:Interactive Media
"But this one goes to eleven."
-- Nigel Tufnel
On Wed, 28 Feb 2001, Bryan Stansell wrote:
Agreed. Please forward the offending messages, with all headers,
I get them also, sounds like these ppl just need a little educating. Are
they warned that this is not proper list conduct?
At 04:07 AM 3/1/01 +, you wrote:
On Wed, 28 Feb 2001 [EMAIL PROTECTED] wrote:
Please tell me that I am not the only one that gets bombarded with
ridiculous
On Thu, Mar 01, 2001 at 05:24:24PM +1100, Dave Horsfall wrote:
On Wed, 28 Feb 2001, Noonan, Wesley wrote:
up as the cost of doing business. The days of text mail with no out of
office notification is definitely over. If auto responses is the biggest of
my worries... well, it's been a good
It is quite easily accomplished On Exchange 5.5. There is a setting on the
Internet Mail Connector advanced tab with a check box, labeled "Do not send
out of office replies to the internet" There is another labeled "Do not send
automatic replies to the internet". Microsoft has provided the tools
Following this thought, I've never understood the "allow by default"
philosophy. I've never worked at a University nor do I know anyone
personally who does, but the idea that "we allow everything unless
we know its bad because we promote the free exchange of ideas"
has always seemed silly at
Diana,
Since this packet is coming from your inside network:
1) Sniff the inside LAN segment and find the MAC address
associated with the offending packet. It will either be from the
originating station or from a router forwarding the packet from
another segment.
2) If the packet is from
Does anyone use the 192.168 address space for private addresses behind
NAT? I'm in the middle of laying out my network and thought addresses in
this space would be OK to use from documents I've seen, but I've just
checked IANA and it appears that the only Private Use allocation is the
I agree.thank younow seriously, does anyone know how I can
resolve my issue of being unable to get PortSentry to continue its logging
and blocking of specific IP's?
On Thu, 1 Mar 2001, Ken Claussen wrote:
It is quite easily accomplished On Exchange 5.5. There is a setting on the
From RFC 1918 Address Allocation for Private Internets:
3. Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:
10.0.0.0- 10.255.255.255 (10/8 prefix)
172.16.0.0
Thanks for the FAQ contents (could have just pointed the URL and saved me
some bandwidth), already read it hence my original plan to use 192.168
addresses, but this router at BT concerned me and then when I found the list
of A blocks at IANA and what they were used for I spotted that 192 is
I suggest that you buy a copy of "Building Internet Firewalls" published by
O'Reilly. It will provide most of the information that you need to
understand firewalling concepts.
Mike
- Original Message -
From: "Sebastian Sohn" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday,
On Thu, 1 Mar 2001, Daniel Crichton wrote:
Try tracert to 217.32.152.196, you should see a 192.168.255.11, and
tracert to 217.32.162.26 to see 192.168.255.13, is it safe to assume
that BT have screwed up their config?
a lot of sites give their core infrastructure RFC1918 compliant addresses
* Carric Dooley sez:
I got 3 of them already from this post... amazing.
Carric Dooley
Senior Consultant
Do you have to be a Senior to completely forget how to setup procmail to
filter that kind of stuff out?
jonas
PGP signature
* Brian Steele sez:
You think that's bad - how about this traceroute to
www.caribbean-connexion.com...
0.so-4-0-0.XL1.DCA6.ALTER.NET 152.63.38.134
0.so-7-0-0.XR1.DCA6.ALTER.NET 152.63.38.86
0.so-4-0-0.TR1.DCA6.ALTER.NET 152.63.11.101
121.at-5-0-0.TR1.ATL1.ALTER.NET
On 2001-03-01 10:38, Jonas Luster wrote to [EMAIL PROTECTED] about...:
JL * Brian Steele sez:
JL
JL You think that's bad - how about this traceroute to
JL www.caribbean-connexion.com...
JL
JL 0.so-4-0-0.XL1.DCA6.ALTER.NET 152.63.38.134
JL 0.so-7-0-0.XR1.DCA6.ALTER.NET 152.63.38.86
On Thu, Mar 01, 2001 at 07:50:22PM +0100, The Pal / Patrik Bodin wrote:
That it is visible in the traceroute. It's absolutely OK to use private
addresses as transport networks between routers, but I would recommend
that the address presented to the outer world is either non existing or
a
On 2001-03-01 11:17, Devin L. Ganger wrote to The Pal / Patrik Bodin about...:
DLG On Thu, Mar 01, 2001 at 07:50:22PM +0100, The Pal / Patrik Bodin wrote:
DLG
DLG That it is visible in the traceroute. It's absolutely OK to use private
DLG addresses as transport networks between routers, but
On Thu, Mar 01, 2001 at 09:19:44PM +0100, The Pal / Patrik Bodin wrote:
On 2001-03-01 11:17, Devin L. Ganger wrote to The Pal / Patrik Bodin
about...:
DLG For all intents and purposes, RFC1918 addresses are non-existing. As
DLG long as all the machines that *need* to talk to that router
On Thu, 1 Mar 2001, The Pal / Patrik Bodin wrote:
As a courtesy to people that end up wanting to talk to the router?
There are legal occasions where people may want to ping or traceroute.
If you don't want that you might as well make it transparent.
i don't get it. you can already traceroute
There were some posts back in January about proxying Citrix ICA, which are a
topic of particular concern for me lately.
The previous posts indicated that there aren't any real proxies or ALGs for
ICA, which I'm basically in agreement with. However what about a product
like Packeteer
Does anyone know of an addon URL screening device/software than can be added
behind a PIX?
_
Get your FREE download of MSN Explorer at http://explorer.msn.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe
Its an interesting notion; however, how would Packeteer "know" what
legitimate traffic looked like? Moreover, how would it handle
encrypted traffic (Citrix now uses varying levels of RC5 encryption)?
BTW, there is Extranet, Citrix's own proprietary system for proxying
ICA connections.
Title: RE: URL Screening
WebSense works great!
-Original Message-
From: Don Drocca [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 3:33 PM
To: [EMAIL PROTECTED]
Subject: URL Screening
Does anyone know of an addon URL screening device/software than can be added
You know, that hadn't really occurred to me; I don't know how it does it.
Obviously the client has to send information about what application it wants
to connect to. Perhaps this happens before encryption is established. The
reason I'm stubbornly holding on to this concept is that I actually
The one and only package with built in support in the PIX is Websense,
http://www.websense.com
Websense has a lot of features and is very comprehensive. This is what
Cisco uses to monitor and control their users surfing habits. It's been
close to a year since I last worked with it, but it was
Hello again everyone,
Not to start any religious wars, I just had that with another co-worker,
don't want to do it again.
IPSEC on win2000:
1. How *secure* ;| is it?
2. How bad is the overhead to the network?
3. Does it really keep folks from sniffing the network?
Sorry for the stupidity, but
inline
Wes Noonan, MCSE/MCT/CCNA/NNCSS
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
[EMAIL PROTECTED]
http://www.bmc.com
-Original Message-
From: Webmaster [mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 01, 2001 16:35
To: [EMAIL PROTECTED]
Subject: IPSEC? on 2000? is it
What exactly does your business policy require? Do you need to block,
log, ???
Don Drocca writes:
Does anyone know of an addon URL screening device/software than can be added
behind a PIX?
_
Get your FREE download of MSN
Hi all-
I'd like to know how this ends up working out for you, we use Citrix through a
firewall too. In fact, it was just recently that I punctured our firewall to
allow Citrix traffic through, explicitly from the Citrix servers ports' 1494,
1604 to our local machines. This breaks if people can
Hi,
I am new at reading the pix log and I know someone out there can help me
interpret these messages. I started receiving hundreds of messages like
these today. It seems like the address 167.160.241.245 is scanning through
the ports 16000 and higher trying to get to any address in the subnet
We use Websense on our network and have been for almost 3 years - and we are
running a PIX firewall. Websense is very easy to set up, very easy to
customize, scalable, and works perfectly for our situation. It can also be
very expensive - we purchased a 2 year license for Websense for about
It more looks like a mis-configured windows box trying to get WINS information from
you.
Try phoning the owner to check. It might be someone taking a computer home from work
with wrong set-up.
DNS for that IP gives:
03/01/01 20:55:28 dns 167.160.241.245
nslookup 167.160.241.245
Canonical name:
hi all,
just a silly question, does checkpoint ver 4.1 support window 2000? or does
any version of checkpoint support it?
thanks a lot ...
Regards,
Ryan
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
37 matches
Mail list logo