Ack.
1. Yes IP spoofing will be a *huge* problem
2. Anyone between you and your company would be able to
sniff your traffic, including your plain-text
user name, password, commands, etc etc etc...
3. If someone knows a little about ICMP redirects,
someone doesn't even need to be right
to stop almost
anything. In the end the component that poses the most risk is the one
between the chair and the monitor ;)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-mail
Neil,
Most proxy servers I've come in contact with have really
neat buffer overflow bugs.
My advice would be to place it in the DMZ, this way
your proxy is somewhat protected from the Bad Guys(tm),
and your internal network is protected from the
proxy server.
That's what I usually do.
- Even
Peter da Silva wrote:
Mikael Olsson [EMAIL PROTECTED] wrote:
For SSH, you open ports 22 and 1022 to the server
(office computer).
Why 1022? The only port you need is 22.
Because if you use certificate based authentication as opposed to
password authentication, the server connects
(have been lead to?) believe.
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED
(if any?) to the list later on.
Thx,
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubs
leases the in-depth info on the RDS
exploit, which reportedly compromises ~99% of all IISes by giving
you "command line" access _as_LocalSystem_. *drool*
/rant
Thanks in advance,
/Mikael
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50
All we now is that there's a proxy and a firewall, the
bandwidth is 1Mb, and the Internet access is shared by about 300 users.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-ma
?.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe fire
your packet through"
ICMP message.
Oh and incidentally, it would really have helped if you stated
what firewall you are running... :-)
Regards,
Mikael Olsson
Bennett Samowich wrote:
This may be another newbie question, when "dis-allowing" certain packets
is it bet
Jeff" wrote:
I'm curious as to why you mentioned Apple.Com specifically? I've noticed
that apple has been having ALLOT of problems lately, could be your problem
is not internal and is actually Apple's problem... Or is this happening
with other sites as well?
--
Mikael Olsson, Enter
cribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
&q
] with
"unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAI
ur message:
From [EMAIL PROTECTED] Fri Sep 24 06:59:24 1999
Date: Fri, 24 Sep 1999 04:06:51 -0400
From: Mikael Olsson [EMAIL PROTECTED]
Organization: EnterNet Sweden AB
X-Mailer: Mozilla 4.6 [en] (WinNT; I)
X-Accept-Language: en
To: Ryan Russell [EMAIL PROTECTED]
Cc: Wagner Brett [EMAIL PROTECTE
couple
of nastygrams every 20 minutes.
Does this strike anyone else as a "not so good idea"?
Just my $.02
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
WWW: http://www.enternet.seE-ma
ally just talking about (the value of)
a specific protection technique.
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-ma
on would be
greatly appreciated.
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe
setup he'd be safe since there's a firewall
in the way that hopefully handles the issue for him. That is,
unless he's using the network between the firewall and the router
as a DMZ. :]
Just my $.02
/Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)
on:
Firewall technology in general,
Best Current Practice
Commercial Firewall lists
Network Security Resources
Regards,
Mikael Olsson
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http
James R Grinter wrote:
good points:
authentication is a challenge/response with shared secret
This is almost as bad as plaintext authentication IMO.
Easy to do man-in-the-middle attacks.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50
ppreciated.
~Hans
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
&q
;unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mai
thout problem and compromising security.
http://www.uk.research.att.com/vnc
kashif
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.se
reate all
the users on your firewall box.
You can't do that unless the box is a part of a domain. In this case, it would
probably be the only box on the domain, ergo the PDC.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)66
-box (hint: That is NOT produced in Redmond).
soapbox
NO I don't particularily want any responses to this mail, and
especially NO debate on whether or not a new version of MIRC
has fixed alot of bugs. I'm just fingering those apps off the
top of my head to illustrate a point.
/soapbox
/Mike
--
Mik
for the
purpose of spoof checks, which doesn't take next hop gateways into
account but only interfaces. Doing this, you can probably combine
a lot of the routes and hence reduce load.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax
s the best way to make ICQ working, Is it safe to open
port 4000 TCP and UDP for ICQ?
Is there any safer way to do it?
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
WWW: http://www.e
beside the point :-)
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL
ing.
*phew*! That's the end of today's public education services. :-)
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAI
o perhaps you
didn't dig down enough. Go to their home page
(http://www.whalecommunications.com/) and click on Air Gap Technology.
(This is not a firewall product, though can be used with firewalls.
Prolonged discussion maybe should be taken off list or with Whale.)
--
Mikael Olsson, Ente
5:40 in the morning here, and I didn't wake up early
if you get my drift... Time to hit the sack.
Regards,
Mikael
Mikael Olsson wrote:
(This is a repost from a message I just posted to [EMAIL PROTECTED])
(Disclaimer: This is based on a quick cursory reading of their
website content, I m
r highly
secured environment, where data can not flow in the undesired direction.
This allows data upload to classified networks w/o risking a leakage of
sensitive information.
I hope that made things a little bit clearer. Feel free to ask me any
questions you may still have.
Regards,
Elad
-
e.
This might be a good reason to pick gauntlet though.
I'm not trying to endorse fw-1 over gauntlet or the other way around,
I'm just saying that proxies with application filtering capabilities
doesn't buy you as much as a lot of people like to think.
Regards,
/Mike
--
Mikael Olsson, EnterNet S
inline DMZ. This way, the firewall still gets to determine
what traffic may flow through the VPN to the internal
network. Granted, the VPN box itself won't be as well
protected, but you can't have it all in goofy situations
as this.
Regards,
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393
my $.02
Regards,
Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED
insecurity.
I for one would rather be able to choose which way best fits my
needs (and security model).
Just my $.02
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.e
systems on
the 'net.
Are there ISPs that allow this?
flameshield
Don't start explaining about the benifits of stateful load balancers to me; they're
more like firewalls than load balancers in the first place, and I did say that a
firewall might help.
/flameshield
Regards,
/Mike
--
Mikael Olsson
ng
quake 1 servers as amps; that way you won't even have
to hack a machine to get good ratios.
... Security sucks :-P
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 248 00 33
what tricks the Bad Guys(tm)
have up their sleeves.
Regards
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED
big time? =P
Hmm, no, don't answer the last one if the answer is "yes". Rather,
if IPsec-only is impossible and you feel that it's great,
I'd really rather know WHY it's great?
TIA
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50
for your response even though it wasn't what I'd
hoped for. Any input is better than none =P
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAI
.
Your thoughts would be appreciated. Direct email is fine too.
Bill Clark
One oddity I know of (at least this was the case one year ago) is that
the log files are stored in (battery backed up?) RAM. Guess what a
crash will do to all your log files? :-)
--
Mikael Olsson, EnterNet Sweden AB
y have to be a PC-like machine, it could be
"something faster", but I have a hard time envisioning something
without a CPU and software, regardless of the fact that the
software may be stored in a ROM.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)
on with your MX.
All my messages directly to you are bouncing - my
MX just tells me "communications failure", but I
can telnet through the same NAT-hide to your
port 25 just fine. Duhh??)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50
It's The Zmer wrote:
Anyone use Altiga Firewalls.. How do you like them..?
Are they easily configured...?
Wrong question.
Right question: Are they secure?
/m
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
searching the list archives, available via:
http://lists.gnac.net/firewalls
for references to available IPsec implementations for
your platforms.
There is also a *lot* of info at:
http://www.icsa.net/html/communities/ipsec/
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28
cting servers.
It might also be possible to cause "proxy" like firewalls to
open arbitrary ports to protected servers.
In the extreme case, albeit a tad unlikely, it may be possible
to cause any type of firewall to open arbitrary ports against
FTP clients.
Take care, all
--
M
unfound speculation.)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248 00 33
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED
hen you're firewall is busted.
There's others, but I'd like to give Sonic the chance to address them
before posting them to a public forum.
-James
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-248
e splendid candidates for connection replacement
if your connection pool grows full, so overload won't be a real concern
I think. Of course, if they are replaced, you'll inevitably see drops.
Regards,
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)
about and asks him to cease and decist)
Urghl.
To all the readers: Sorry for the confusion I may have previously
caused by opening my mouth without first connecting my brain. I
hope this serves to clarify things, except for the last example :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393
basically nothing
more than an extension of IIS.)
"Fiamingo, Frank" wrote:
The organization is studying the idea of allowing access the the corporate
Exchange server via the Internet - going through IIS via an SSL connection
first.
--
Mikael Olsson, EnterNet Sweden AB, Box 393
the Internet,
since it is only a matter of first cracking the external
one before slamming away at the internal one.
(Hey, you _did_ ask for comments :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0
"Paul D. Robertson" wrote:
On Tue, 7 Mar 2000, Mikael Olsson wrote:
Ferdi Retief wrote:
I use MS Exchange both inside and outside - comments welcome
Then what is the point of having an outside mail server?
The points are to [huge snip]
Yes thank you I know what mail
is likely to affect all
stateful inspection firewalls with FTP "ALG"s that do not completely
reassemble the TCP stream.
Start putting some pressure on your firewall vendors to get good
fixes out, people.
Take care, all
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSV
Jim Duncan wrote:
Mikael Olsson writes:
Start putting some pressure on your firewall vendors to get good
fixes out, people.
And the correct way to notify Cisco is [Ta-DAH!] contact the Cisco Systems
Product Security Incident Response Team. The URL is in my .sig, below.
Sorry
) computer.
In this case, you get pretty much the same connection as the rest of your
network (if the other end of the VPN tunnel is protected by the corporate
firewall, that is.)
/Mike, stating old facts again... sorry :-)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone:
ther funny thing is that half
of these are requests, so the destination address
should be :: (i.e. "not set")
?
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70
?
Am I just being a jackarse?
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL
lity to any FTP client
Author: Mikael Olsson, EnterNet Sweden [EMAIL PROTECTED]
Original Date: 2000-03-10
Originally posted to: Bugtraq, Vuln-dev (BID 1045)
Vendor contacted: Nope, sorry, too many.
Updated: 2000-03-14
- Added exploit by Dug Song [EMAIL PROTECTED]
- Added browser-specific info
- Beg
I suppose. Probably someone
came up with the brilliant conclusion "oh, when we display things
as explorer type files, we're being active, so let's use active
mode FTP, but web pages are static so let's use passive mode
for them". Duhhh.
/Mike
--
Mikael Olsson, EnterNet Sweden AB,
that just plain
sucked, problems with speed negotiation in a lot of models, the
recent crap chipsets - I just don't know any more.
Positive high volume experiences with other products in
multiple environments over a long period of time is welcome :-P
/soap box
--
Mikael Olsson, EnterNet Sweden AB
://news.microsoft.com
/Mike, who thinks there are enough off-topic posts to this list
without vb scripting added to it
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se
ewalls can't protect against that
unless they actually mimic the entire process of the web server, scripts
and all, but without the security flaws. So why not just secure the web
server to begin with?
/soapbox
Flames are welcome although it is very unlikely that I will respond to them.
I think
thing-over-HTTP
vendors. It's a nightmare :P
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL
[EMAIL PROTECTED] wrote:
"Mikael" == Mikael Olsson [EMAIL PROTECTED] writes:
Mikael Undoubtedly. (Which by the way is why the fix for all the current FTP
problems,
Mikael IMHO, is to enforce passive mode FTP which exposes the servers but saves the
Mikael clients.) An u
problem.
Tell your client to set his client to use passive mode.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send
, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 105 50 Fax: +46 (0)660 122 50
Mobile: +46 (0)70 66 77 636
WWW: http://www.enternet.se/ E-ma
ion bandwidth management is better.
If you want to give your web server daemon more bandwidth than
your mail server daemon, you tell your web server to use up to
X Mbps/sec and your mail server to use up to Y Mbps/sec, where
XY and X+Y=your allotted server bandwidth.
Flames and constructive
GUI
point-and-click makes everything easy.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-105 50 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL
Brian Steele wrote:
I'm using MSP as my "firewall" right now, and have been doing so since v2.0
was available. Whether it fits your environment basically depends on what
your needs are.
Brian forgot his disclaimer: "I will never use something that does not
run on Windows, and it should
(probably below your socks client).
Also, IPsec (normally) cannot be address translated, which is exactly
what happens in a socks scenario, so that'd _also_ break functionality.
My advice is to start looking for a different kind of connection,
preferably one including at least one public IP address.
ic - which of course is why it'd be optional.
Regards,
Mikael
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe,
. ;)
Nope, no hablo Inspect.
(I'm not a fw-1 user) :-P
Ahwell. If the core of the firewall doesn't handle reassembly, I
sincerely doubt that Inspect could do it (very efficiently).
Ehmm.. Let's kill this thread now :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone
not introduce
any extra latency. If things are arriving out-of-sequence, you'd
end up buffering things, but if you want to protect against a number
of attacks (as firewalls are supposed to do!) you have to buffer.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0
THROUGH the VPN in order to utilize their home
office's firewall before talking to the Internet.
So we're going to see a whole lot more fragmentation than
we are seeing today (IMHO).
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax
For those interested, I've analyzed exactly what jolt2.c is
doing.
--
Subject: Analysis of jolt2.c
Date: 2000-05-26
Author: Mikael Olsson, EnterNet Sweden [EMAIL PROTECTED
-
Subject: Addendum to Analysis of jolt2.c
Date: 2000-05-26
Author: Mikael Olsson, EnterNet Sweden [EMAIL PROTECTED]
--
I failed to mention proxy based firewalls
P segments,
which is a whole different story. If the firewall does not attempt
to parse the TCP data, it does not need to reassemble the TCP stream.
Hence, it can most likely let the TCP segments pass through
out-of-sequence.
But, as I said. TCP segments != IP fragments.
Regards,
Mikael Olsson
--
Mik
Damn, this is getting spammy.
Mikael Olsson wrote:
- ALL fragments are sent with fragment offset 8190.
- 9 bytes of IP data are sent (total packet length 29)
- IP total length is set to 68 (IP+8+40) (illegal!)
Error on my part. The fragment offset in this example is
NOT 8190. The value
, you'll have to be prepared to buffer packets anyway, so why
not do it the right way while you're at it? :-)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.se
?
This was publicly announced by a security consultant, yes.
However, blackhats are not in the habit of publicly announcing
their favourite back doors into other people's systems.
If it has been known to the Bad Guys(tm), or for how long,
we'll never know. As usual.
--
Mikael Olsson, EnterNet Sweden AB, Box
. The ICSA firewall cert has been around for quite
a lot longer than March 2000, as has its IPsec certification.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.s
-installed on your system?).
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED
.
So, in light of that, I think that all network filters, be it
SPFs or proxies, should be considered to have no protection
against embedded active content.
$.02
flame shield up
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax
)
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe fire
ifferent
charsets, such as UTF-8?
I'm not asking this to attack your standpoint. I'm just
genuinely interested in exactly what is filtered these days.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile:
or what it is, a feature that
will catch _some_ attacks and take away some of the workload
(or even give you early warning if someone triggers your
filters for more arcane variants), it isn't at all useless.
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46
the most common way of session hijacking)
l8r
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTE
ately agree. "should". Too bad most people don't.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL
shabang.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail
soapbox
What completely boggles my mind is how people discuss
firewall evaluation and selection on this list.
"It's cheap"
"It's easy to install"
"It's turnkey - i didn't have to configure anything" (?!?!)
"It prints nice executive reports every week. I don't
know what to do with them but
wall would be answering
ARP queries (with its own MAC address) for machines "on the other
side of the firewall".
I'm doing it all the time, and it works like a charm.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-1
.
$.02
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(0)70-66 77 636
WWW: http://www.enternet.seE-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe fire
Fascinating! I want to read more about this!
--
Go directly to the source:
http://www.packetfactory.net/Projects/Firewalk/
where you'll find the firewalk whitepaper aswell
as source code and a ready-to-go ELF binary.
Well, that's it for this time. I hope it'll be
of assistance to at
protected
clients.
Period.
If you want to be "safe", don't use ip_masq_ftp or anything else
that enables active mode FTP from your protected clients.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00 Fax: +46-(0)660-122 50
Mobile: +46-(
mode if you tell it to.
Microsofts command-line FTP will NOT do it for you.
(However, there are nice ports of NCFTP to Win32 :-)
All graphical Wintendo FTP clients that I know of support passive mode.
--
Mikael Olsson, EnterNet Sweden AB, Box 393, SE-891 28 ÖRNSKÖLDSVIK
Phone: +46-(0)660-29 92 00
ue that FTP should be scrapped altogether, but
I don't know of a good replacement protocol. HTTP could conceivably
be used, but then we'd need specially written "file serving" HTTP
servers and new clients that understand what batch transfers and
directory listings are.
--
Mikael Olsson
Hi everyone,
I just saw this writeup that I thought was interesting reading.
I'm not claiming that any of it is true, but if it is, it could
possibly have something to do with the mysterious key named "NSA"
found earlier in Microsoft crypto software this year.
(Personal flames will be
n active and passive mode I will never know,
and probably neither did the guy at Microsoft who coded it :-P
(Probably thinking "oh, explorer type view is active and web pages
are passive, so I'll have to change the transfer mode". Duh.)
I'm done rambling now, I promise :-)
/Mike
--
Mik
1 - 100 of 318 matches
Mail list logo