I have a default policy of deny on the input chain. I do not open up
netbios. And yet when I run nmap to scan my computer, it shows that netbios
ports (137/udp, 138/udp, and 139/tcp) are open. It also shows that port
1031/udp is open (I have no idea what this is -- nmap says it's iad2) and
that
Let me guess... you're on the cablemodem network, right? I had the same
thing happen to me a while back. The cablemodem companies fell under fire
quite some time ago because hackers (or just snoopy persons) on the same
network were able to open up the Network Neighbourhood and be able to browse
jennyw wrote:
I have a default policy of deny on the input chain. I do not open up
netbios. And yet when I run nmap to scan my computer, it shows that netbios
ports (137/udp, 138/udp, and 139/tcp) are open. It also shows that port
1031/udp is open (I have no idea what this is -- nmap says
From: Hjorleifur Kristinsson [EMAIL PROTECTED]
CISCO mail fixup rule is broken in the PIX!
It's broken, or Exchange is broken? I've got a few Postfix servers behind
PIX 515UR's, and haven't seen these problems. Exchange boxes (5.5 and
2000) drop messages left and right.
I'd heard (quite
This has been a problem forever. It has been fixed in some releases
of the PIX firmware,
but it has been broken in more releases than not. Just give up and
turn off the smtp protocol fixup.
no fixup
protocol smtp 25
Better yet, I could suggest you do what we have done. Dump the
Cisco PIX and
Yes, the fixup smtp also has problems while using Lotus Notes..
Replicating Notes/Exchange servers causes problems because they don't use
plain smtp. You'll have to open the port(s) they use for replicating (for
Notes that would be tcp 1352, dunno for Exchange)
--
Frank
On Wed, 21 Nov 2001,
On Wed, 21 Nov 2001, Gregory D. Rosenberg wrote:
but it has been broken in more releases than not. Just give up and turn
off the smtp protocol fixup.
no fixup protocol smtp 25
I did that quite awhile ago for the Exchange servers I'm forced to deal
with. This is documented in quite
The explanation I got from Cisco is
that Exchange 5.x / 2000 implements a superset of ESMTP commands.
In fact with the fixup SMTP turned on the PIX only listens to seven SMTP
commands and ignores all ESMTP commands. With the fixup SMTP turned
off, it should allow most if not all SMTP packets to
Cp4.1 sp3, Soalris7.
Firewall has 3 NICs-LAN,DMZ,and PUBLIC
When I telnet firewall lan nic I see entry in the log viewer window
When I telnet 216.208.241.52 - I see nothing at all in my fw logs, no
entries at all,nada.
216.208.241.52 is a remote comuter which is accessed via DMZ tunnel.There
On Wed, 21 Nov 2001, jennyw wrote:
I have a default policy of deny on the input chain. I do not open up
netbios. And yet when I run nmap to scan my computer, it shows that netbios
ports (137/udp, 138/udp, and 139/tcp) are open. It also shows that port
1031/udp is open (I have no idea what
So, I guess many of us then would like to know when cisco will address
this short sighted interpretation of the rfc and fix the pix to function
with the systems many are currently using?
Thanks,
Ron DuFresne
On Wed, 21 Nov 2001, Brian Ford wrote:
Mike,
The PIX SMTP fixup isn't broken.
On Wed, 21 Nov 2001, Brian Ford wrote:
SMTP. If you use it you need a SMTP compliant mail implementation. PIX
then intercepts and scrubs certain commands and data that appear in those
connections as per RFC 821.
Postfix and other implementations work with fixup. Some Exchange
12 matches
Mail list logo
