Take the pointless bickering off-list please. Nobody cares.
-Original Message-
From: Paul D. Robertson [mailto:[EMAIL PROTECTED]]
Sent: 06 April 2002 03:08
To: Laura A. Robinson
Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED]; Bill Royds
Subject: Re: Basic
What is UPnP and or UPnp NAT traversal? Is this
something to do with an NT ISA Firewall?
Thanks
--- Mikael Olsson [EMAIL PROTECTED] wrote:
Paul D. Robertson wrote:
Mikael Olsson wrote:
[laymans version of UPnP NAT traversal]
It's worse, UPnP in the OS allows over-the-network
kk downing wrote:
What is UPnP and or UPnp NAT traversal? Is this
something to do with an NT ISA Firewall?
As I said about five or six messages ago in this same thread:
http://hometoys.com/htinews/aug01/articles/microsoft/upnp.htm
(Rant warning)
And, no, it isn't specifically ISA server
Paul's right. Secure Computing bought Gauntlet. I received that info from
a Secure Computing Employee. Don't think it's a secret though. Not sure
what their going to do with it...
Kevin
--__--__--
Message: 9
Date: Fri, 5 Apr 2002 18:15:59 -0500 (EST)
From: Paul Robertson [EMAIL PROTECTED]
Title: RE: Migration from Gauntlet 5 to Firewall-1
If they hide they don't do it well...
http://www.securecomputing.com/index.cfm?skey=979
-gab
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
[EMAIL PROTECTED]
Sent: Monday, April 08, 2002
On Saturday 06 April 2002 21:56, you wrote:
Someone's forging your mail then:
Message-ID: 010301c1dcf0$1bf55810$[EMAIL PROTECTED]
Date: Fri, 5 Apr 2002 17:20:35 -0500
From: Laura A. Robinson [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re:
You're responding to posts from several days ago that are, for some reason,
being reposted. You're a little late to the chastising party.
- Original Message -
From: Pollard, Chris [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Monday, April 08, 2002 2:28 AM
Subject: RE: Basic DMZ Setup
Last week I checked our IIS web server's log file and found the following attack logs.
I am using a Cisco PIX and opened port 80 for our web server. Could anyone tell me
what kind of attack these are and how to block them out of my network by PIX?
#Fields: date time c-ip cs-username s-ip
Ngh. I'm not really in the right mood for this right now; I think
I got too worked up over UPnP. Ah, heck, I'll give it my best shot. :)
quote quote dissect attempt to avoid stupid 10KB message limit
Paul Robertson wrote:
On Mon, 8 Apr 2002, Mikael Olsson wrote:
(Or strip URG data,
[EMAIL PROTECTED] wrote:
Secure Computing bought Gauntlet. Not sure
what their going to do with it...ยด
Hmm let's see now. IIRC, last time an established firewall vendor
acquired another firewall product was when Axent acquired the
Altavista firewall.
...
(Letting this sink in
Oh, I have tried SOO hard to forget it!
Glenn
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of Mikael Olsson
Sent: Monday, April 08, 2002 3:15 PM
To: [EMAIL PROTECTED]
Subject: Re: Migration from Gauntlet 5 to Firewall-1
...
(Letting this
(I'm redirecting this back to this list -- there might be others
that are interested)
Someone wrote (off-list):
What is the inherent danger in URG data? I know that interactive apps rely
on this for things like quit and control c etc.?
The inherent danger is in applications that do not
Hi Fei,
Not sure how much you can do with PIX, just go to Micro$oft web site, search
for URLScan, download it and install on you Web server.
This nice URL checker will block all this crap
Hope this helps
Alex Kvasnytskyy
Lan Admin
DSC
-Original Message-
From: Fei Yang [mailto:[EMAIL
## On 2002-04-08 21:03 +0200 Mikael Olsson typed:
MO
MO
MO 2. Ditto ICMP without breaking unreachables, etc.
MO
MO I'm not quite following you here.
MO Unless of course you're talking about a transparent proxy
MO doing some ICMP error magic that I'm not familiar with,
MO in which case you
Rafi Sadowsky wrote:
## On 2002-04-08 21:03 +0200 Mikael Olsson typed:
MO Paul Robertson wrote:
MO 2. Ditto ICMP without breaking unreachables, etc.
MO
MO I'm not quite following you here.
MO Unless of course you're talking about a transparent proxy
MO doing some ICMP error magic that
It seems to be a web directory traversal exploit. A web server should not
allow remote initiated access to files outside of the web server specified
directories. Unfortunately NT 4 and 2000 unpatched do allow this technique,
which can be performed with a simple browser. The intruder is attempting
*plug*
openbsd's PF can do this also (see modulate state).
*plug*
AFAIK the Cisco PIX will randomize TCP ISN numbers
What makes yours unique ?
Thanks,
Rafi
--
Rafi Sadowsky
[EMAIL PROTECTED]
Network Operations Center | VoiceMail:
Does anyone have any opinions on the use of access lists vs
conduits on the PIX? Cisco seems to be pushing access lists in their
newer pix os releases.
One thing I have noticed is with conduits, the pix will
implicitely allow all traffic from a higher to lower security level. For
I just want to run some ideas past the list to see if it is a valid way
of doing things and see what advice you can offer.
I have a Linux box running kernel 2.4.18 as my firewall and its
interfaces are as follows:
Eth0 - No IP (Interface for DSL connection)
Eth1 - 1 Public IP from routable
Does anyone know how to set-up a
vpn between pix and netbsd ?
Mil -
ou never know how many friends you
have until you rent a place at the beach
-Original
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On
Behalf Of Matt Thoreson
Sent: Monday, April 08, 2002 6:03
What IKE daemon does netbsd use? If its isakmpd i may
be able to help you out with it.
--- [EMAIL PROTECTED] wrote:
Does anyone know how to set-up a vpn between pix and
netbsd ?
Mil -
ou never know how many friends you have until you
rent a place at the
beach
-Original
Sorry for the long reply.
I actaully just posted this to the Yahoo Pix firewall group, I wil cross
post since it has relvance here as well.
Prefered method depends on whose point of view you are talking about.
For ACLs they are evaluated in a top down fashion, first match wins
(correct?).
On Mon, 8 Apr 2002, Mikael Olsson wrote:
Also note that applications do not automagically become
immune to URG problems if behind a proxy. There are cases
where the proxy forwards the urgent signals.
The proxy should only do URG where the application allows it- and it
should be an
On Mon, 8 Apr 2002, Mikael Olsson wrote:
This is definately true. (If, of course, this is what Paul was
referring to, which is not unlikely; I'm just being my usual
dim bulb self.)
These days I tend to worry more about unreachables (most of the
'connected' 'Net seems to handle larger MTUs
One of the things to notice in building Internet Firewalls is that the dotted line
around the firewall included the perimeter network, screening routers and bastion
hosts. A DMZ in their terminology is PART of a firewall, not separate from it.
There is a difference between the diagram given
URG means urgent as in emergency and is really only useful in long session protocols
like telnet and FTP. Most often the protocol just needs the PUSH flag set, rather than
URG.
The main problem with URG is that it also entails extra data in the packet so, as was
shown for a BSD stack, it
Have a look at Radwares Linkproofs, these are specifically designed for
such a task www.radware.com
Rgds
Alex
Steven Pierce
One possibility I have not heard discussed would be to write a wrapper
that can distinguish the difference between protocol messages sent by an
SMTP program and a person composing them at a Telnet prompt. The former
would likely arrive as a single packet per protocal message, while the
latter
The mconnect (Mail connect) actually follows the SMTP convention, not the telnet
convention.
That is it does port 25 3-way handshake, then waits for a complete line before
transmitting etc.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Chris
Keladis
On Fri, 29 Mar 2002, Claussen, Ken wrote:
:According to Cisco Documentation:
: PIX Firewall does not pass multicast packets. Many routing protocols
:use multicast packets to transmit their data. If you need to send
:routing protocols across the PIX Firewall, configure the routers with
:the Cisco
Hello,
I'm systems engineer in an ISP handling mail servers, i also handle
checkpoint.
pls tell me how to block telnet to port 25, keeping normal telnet to
perform normally on mail server (netscape messaging server running on
solaris OS))
u can tell me method to block either in checkpoint or on
Randy Smith wrote:
One possibility I have not heard discussed would be to write a wrapper
that can distinguish the difference between protocol messages sent by an
SMTP program and a person composing them at a Telnet prompt. The former
would likely arrive as a single packet per protocal
Thank you for your replies,
To Reinhard: The option in the policy editor policy -
properties - services "enable RPC-control"was already enabled...
To Paul: In this case I don't see much problem in the use of
NIS services, since the outside network is part of a greater domain protected
Hello guys, I know this is a very off topic but I believe that someone will
help me with this. I have broadband wireless connection with a 64kbps
bandwidth on both different provider. Actually I dont have a cisco router
and I only use 1 wireless connection and the other one is for backup. The
Looks very much like 'code red' or a variation of it. basically, it's trying to excute root command out of your NT, often time it's scanning arround to find a trojan.
PIX? I doubt there is fix for that.
Jason
Alex Kvasnytskyy [EMAIL PROTECTED] wrote:
Hi Fei,Not sure how much you can do with
Hi,
I'm trying to set up an old linux box as a firewall. On
linuxdoc.org it talks about doing this by making the computer into a
bridge and then using the frame diverter so you can filter the packets. I
can get the bridging part working, but the frame diverter is what's giving
me
G'day folks,
I have a client who has the misfortune of running SunScreen 2.0 (under
Solaris 2.6) - a configuration I've not seen in over 3 years. Until now, the
setup has basically worked for them but now they require some changes. Their
network setup is (as you might expect):
All,
I am having a problem getting the VPN 3000 Concentrator to
authenticate users to our network. The user are using a dial-up
connection in order to VPN in, but they are receiving the error, Remote
Peer has lost connection I have searched through the firewall logs
and saw that is does
In-Reply-To: [EMAIL PROTECTED]
Received: (qmail 21129 invoked from network); 3
Apr 2002 00:12:24 -
Received: from lists.gnac.net (209.182.195.144)
by mail.securityfocus.com with SMTP; 3 Apr 2002
00:12:24 -
Received: from lists.gnac.net (localhost [127.0.0.1])
by
39 matches
Mail list logo