Ariel,
First thing glad that you asked a question, but I am not the right person to do so. I
do not have
much experience in firewalls and VPN. I am still kind of new myself, I am currently
just reading mail
in the group.
Second You sent the message in HTML most of the users in the
DISCLAIMER: Comments stated herein may have no basis.
hello wasi,
My system is under threat. I need to protest it. Pls advics a good
the quickest protestation you can do is use ipchains (or ipfwadm), go to
google.com, search for ipchains howto... voila
firewall for flood protection, nukes
firewall for flood protection, nukes control of dialup data trunsfer.
I am using RedHat 6.1
upgrade to the newest available distribution from redhat immediately...
there are way too many exploits for older redhat boxen for you to
effectively protest against an able adversary
This might
It is easy to choose the location for a firewall. It goes between the trusted and
untrusted networks. One reason our network engineers like ATM is it seamlessly
connects LAN and WAN. End-to-end ATM seems to be Nirvana; and a firewall just breaks
the dream. They are trying to convince me it is
hi all,
what is I have to networks and I want to connect them
with IPSEC. LAN-to-LAN I mean.
Network1--router-router--Network2
(10.0.0.0/8) (10.0.0.0/8)
so they are in the same IP segment. I am in network 1
and I have 10.0.0.1 and I want to send packet to
Without fully renumbering one of your networks (certainly
not an enviable task), the only method that I can think of
would be to use static (one-to-one) NAT. You could use
192.168.y.z addresses and map them to your 10.x.y.z addresses
(this would only be a problem if you have a HUGE number of
Can anybody out there tell me (with a reasonable degree of certainty)
what software/service(s) would consistently be seen over tcp/ip 5278 ?
many thanks
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
Check out this:
http://www.dataenter.co.at
Product calls XWall - nice mail relay server for Exchange (and price 300USD)
You can download full function trial version (30 days) and play with it.
Just forward all Incoming mail to this Soft and from Echnage use it as smart
host.
Hope this help
Alex
There are two basic ways to address this:
(a) Renumber one of the networks. Unless they really *do* each
contain thousands of systems, making them 10.0.0.0/16 and 10.1.0.0/16
will do nicely. (Beating up the people who assumed that their
internal network would never have more than one
I'm not sure your problem is just one of firewall placement.
If those home PCs can reach devices on the trusted network before
hitting your firewall, so can J. Random Script-Kidde. That's not
good.
There are two theories to remote access: (a) remote systems are
part of the untrusted
I have a Nokia IP firewall. After I loaded GUI client
on my desktop if try to login it gives following
errors no response from server verify this machine
is authorized GUI client.
I can ping the IP address of Nokia box.
I had the very same effect on a Solaris box. The problem in this
bear in mind 10.0.0.0/16 and 10.128.0.0/16 might be better, rather than
being totally arbitrary, keep the network bits to the left, hosts to the
right, in case more juggling is needed of the network/host boundry in the
future, gives you a wider playing field.
Egoslayer1
***
Original
Since you are looking for a script to accomplish this
task as opposed to just making the changes manually.
Which would be easily done in notepad and then applied
to the PIX. Unless using conduits is posing a problem
for you the upgraded PIX OS's still support conduits
and you can use acls on
Does version 6.x of the PIX OS support conduits?
Last time I spoke to someone in the Cisco TAC, I
was told that it would not and that all conduit
statements would have to be converted to ACLs.
-Kevin
-Original Message-
From: patrick kerry [mailto:[EMAIL PROTECTED]]
Sent: Monday, June
Hi All!
We are making a transition between one ISP and another. We have routers for
both ISP's now operational on our general network (outside the PIX
firewall).
Is it possible to configure the PIX to handle both ISP's during the
transition period at the DNS servers? It is a very simple
hi everyone
i am new and have many questions
SDG,
Zach
[EMAIL PROTECTED]
Blessed are those who have not seen and yet have faith. - John 20:29
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
peas# show ver
Cisco Secure PIX Firewall Version 6.0(1)
PIX Device Manager Version 1.0(1)
peas# show cond
conduit permit tcp host web1 eq 80 any (hitcnt=0)
I would say that 6.0.1 does still support them (at least upgrading from
5.x). I still plan on converting them to ACLs for production
Under OS 5.3 you could not have multiple default gateways so you can not run
the connections simultaneously.
I do not know if OS 6.0 has changed this any but I don't think so.
but this is the rub of your problem.
So the best I can figure is us the short TTL setting in you DNS server. This
Given that you have a 3rd interface in your PIX that isn't being used, you
should be able to do it - presuming that traffic from your new ISP comes in
a separate interface (or router). Bear in mind I haven't done it myself.
However, I do successfully use different public IP's (from different
Shawn
This looks very interesting! Thanks for sharing!
Bear in mind I haven't done it myself.
However, I do successfully use different public IP's (from different
interfaces) homed to the same internal host in my network on my production
PIX.
I don't quite understand the above. It sounds
plz help
[EMAIL PROTECTED]
Blessed are those who have not seen and yet have faith. - John 20:29
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
Kevin,
Does version 6.x of the PIX OS support conduits?
Yes.
Last time I spoke to someone in the Cisco TAC, I
was told that it would not and that all conduit
statements would have to be converted to ACLs.
The development direction is clearly towards ACLs. In v6.0 you might
notice that
-Original Message-
From: Michael Batchelder [mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 02, 2001 1:03 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: Penetrating a NAT
[Steve Riley]
Some security experts claim that NAT could be used as a firewall
(or let's say,
Title: RE: Penetrating a NAT
[me failing to type]
This is me saying that NAT is very secure - it's me
saying that
it's more secure than many people claim.
Uh...this is NOT me saying that NAT is very secure. I'm not _that_ crazy. ;)
--
Ben Nagy
Network Security Specialist
Marconi
Hi all!
I'm looking for a reliable freeware that can convert syslogd for Windows
NT to Unix. Any suggestions?
Regards!
-
-
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
I plan on getting DSL.
I want run all Linux on machines, possible bsd on 1
machines i have:
1 p3/500
1 486/66
1 486/100
1 Sparc IPX
1 8088 XT
1 ethernet card
I want to setup private LAN and have a gateway machine that will
share the DSL bandwidth with machines in my private LAN
outside world
All,
What does pgpdisk offer (excluding everything else in
the pgp desktop security software) that is better than
Windows 2000's encrypted file system?
Thanks.
__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a
renumbering the networks is not a real solution.
Because it can be a very big network and thats a big
problem to deal. right. I want to do it without
renumbering. any other ideas?
__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
On Mon, 4 Jun 2001, dark dark wrote:
renumbering the networks is not a real solution.
Because it can be a very big network and thats a big
problem to deal. right. I want to do it without
renumbering. any other ideas?
If you don't renumber, you have to do some sort of NAT, as others have
29 matches
Mail list logo