You could try VRRP on the routers or HSRP which ever is supported.
Patrick .
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
On Behalf Of Pepmiller, Craig E.
Sent: 25 February 2000 15:45
To: 'Michael E. Cummins'; Firewalls Mailing List
Subject
]: Leaving directory `/var/satan-1.1.1'
make: *** [linux] Error 2
any ideas pls
--
Patrick Karanu ,Bsc Computer Sci., CCNA+
Support Engineer, email: [EMAIL PROTECTED]+
Kenyaweb.com Ltd
in this function)
udprelay.c:335: (Each undeclared identifier is reported only once
udprelay.c:335: for each function it appears in.)
make: *** [udprelay] Error 1
==
pls
may be someone ca shed some light on these.
regards
patrick
___
Firewalls mailing
/aksl_h.dep', needed by
'mtypes.o'. Stop.
make[1]: Leaving directory `/var/temp/udpl-0.1.1/work'
make: ***[work/udpx0] Error 2
pls help
regards
patrick
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
hi,
i recently installed a mailserver for linux 7.2 . Am using sendmail
8.11.2/8.11.6. Everything works well as far as smtp is concerned, the
main problem is pop3, in that most of the users have constant
disconnections while retrieving mail.The problem is the mail is
deleted from the
check out the following links for nt4 syslog servers:
http://www.cls.de/syslog/
http://members.tripod.com/~Andrew_Ross/software/syslogd.htm
http://www.netal.com/products.htm
Patrick Michel
Netscreen, Netscape, Altavista
Technical Product Manager
mailto:[EMAIL PROTECTED]
Visit our Website
Patrick Prue
Systems And Technology Specialist
Fantom Technologies Inc.
(905 ) 734-7476 x 270
Patrick Prue (E-mail).vcf
Patrick Prue (E-mail).vcf
This is good info. The cost per end-user VPN client looks high to me. I
know my Axent-Mobile clients run $60-$65. (Although not according to Axent
site, but search most software vendors sites and you'll find these prices.)
You may also be able to get bundles of clients with some vendors
The Windows NT resource kit includes a utility called winscl to browse a
WINS server from a command line.
-Original Message-
From: Jen [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, August 25, 1999 11:48 AM
To: Tyron Legette; [EMAIL PROTECTED]
Subject: Re: Network browsing through a VPN
IMHO the best option is to buy a powerful desktop, install NT or Linux and a
real Firewall.
The option I would suggest is cheaper and easier but should not be
considered secure.
UMAX makes a product called UGate+ which is a combination Cable/Modem or DSL
Router and DHCP server.
Buy this and
Of course since this a VPN connection there really isn't a DHCP lease. If
there is a VPN connectoid (Dial-up Networking entry) you can specify the
WINS server in there. (As far as I know that means manually configuring the
connectoid on every machine
-Original Message-
From: Ben Nagy
No I don't but I am arrogant enough to think the ability to eliminate
firewall pretenders is easy. (For those of you that understand this at a
much deeper level - I am not oversimplifying in the examples I give -- I
just don't yet understand it like you do.)
Does it protect you at the transport
There are two dangers to allowing ICMP through the firewall that spring
immediately to mind.
The first is that you could subject yourself to Denial of Service (DoS)
attacks like the ping of death.
The second is you could give a cracker an avenue to discover topological
about your network. I
http://www.arin.net select the ARIN WHOIS link.
ARIN=American Registry of Internet Numbers. (I think.)
I don't know if this works for all IP ranges but I haven't had any problems
with it yet.
-Original Message-
From: Alejandro Hoyos [mailto:[EMAIL PROTECTED]]
Sent: Thursday,
Do you want to secure a user's win95 machine while connected to the
internet or do you want a firewall that provides protection for a number of
users while connected to the internet?
If you want the former there are commercial products by Network Solutions
and Symantec that claim to accomplish
The most common solution you'll see on this list is the establishment of a
DMZ by adding a third Network Card to the Firewall.
|
Internet
|
Router
|
Firewall - - - DMZ - - - SMTP Host
|
Intranet
This way if your SMTP Host is compromised your internal network isn't.
Pop3 can be used with SSL. You can obtain a difgital ID, open the POP3 SSL
port - I forget whch port number.
Obtaining a digital ID may be complicated by the fact that you are an
international, non-US entity. (I'm not certain of that, but it is certainly
the impression the NSA would like me to
I have the book Building Internet Firewalls by O'Reilly(as
some you had
mentioned)
What NEXT ?
May I suggest READING the book? ;-)
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
et servers
and not being very stealthy.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
I received a letter from Axent, about a month ago, apologizing for the state
of their support. I have never had an issue with Axent's support however I
think this is the actual reason for the acquisition. I think they want
access to the support team for Compaq/DEC Altavista:
1. Axent is
(firewalls on both ends
of the network, can only test the local firewall
so I'm trying to tunnel to change the idea of
"local.") If anyone knows a better solution,
please let me know.
Thanks!
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewal
ssh
tunnels, preferably to the extent allowed through patches
to the Linux kernel where a virtual interface is created
and bound to an ssh connection so the interface may be
addressed like any other network interface.
Thanks,
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED
at:
http://www.vpn.outer.net/2e/vpnssh.html
I can probably use this info to extend it to
Solaris, but if anyone has any experience getting
this to work specifically in that environment, I'd
appreciate any tips you may have.
Thanks!
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
&q
information (destination host
address) and send the data trace as well. Thank you!
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
suspicious probes.
This is about the 3128 probes, obviously.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Hi,
I am not sure it's what you need (I don't know if you need a free and
limited tool or this kind of tool) but just take a look at :
http://www.ipswitch.com/Products/WhatsUp/index.asp
Hope this helps.
---
Patrick Stuto
PSideo Informatique
Av. du Bois de la Chapelle 99, CH-1213 Onex
tél. +41
Hope this helps.
---
Patrick Stuto
PSideo Informatique
Av. du Bois de la Chapelle 99, CH-1213 Onex
tél. +41 (22) 870 17 16
fax +41 (22) 870 17 17
web http://www.psideo.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
The really annoying thing is the Cable Companies consistently claim they do
block this traffic.
My experience is that you can get it blocked on your local segment by
calling them up and complaining.
Pretty sad.
-Original Message-
From: Eric [mailto:[EMAIL PROTECTED]]
Sent: Wednesday,
attacks out there. Since
Windows users are used to having to reboot constantly
they probably wouldn't even notice the attack.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
t be held responsible
if this patch does not work for you, even if it
makes it worse. It works fine for me, but YMMV.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
field
names need to be updated. I started a port of spak to the new
headers, but got bored of it. Maybe someone else already did this
task, or maybe I'll get around to doing it in the next few days. I just
lacked the motivation when doing this at 2am. ;-)
~Patrick
-
[To unsubscribe, send mail
Back Orifice is a brilliant program. You are all
fools to not notice its use of the
Boolean Anti-Binary Least Square (BABLS) approach.
If you have to ask, you wouldn't understand...
~Patrick
P.S. It's a joke. Get over it. ;-)
-
[To unsubscribe, send mail to [EMAIL PROTECTED
it all t' tarnation. Of course, even
in a sin'le language th' text kin be quite diffrunt
dependin' on whar yer fum.
~Patrick
Vive le temps! Vive le temps!
Vive le temps d'hiver!
[1] The Dialectizer -- http://www.rinkworks.com/dialect/
-
[To unsubscribe, send mail to [EMAIL PROTECTED
problem.
Another possibility is six months may not be a
large enough data set, especially with the holiday
season approaching.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
be immune. Try upgrading your system.
I don't have a URL handy, but it should be
rather simple to find. I can't do the search
for you because you didn't say what flavor
of BSD you use (I don't know if it matters or not).
Hope this helps,
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED
you're piercing.
For example, if the endpoints were Linux, you
could use ipfw or ipchains to block all but
approved traffic.
~Patrick
-Original Message-
Hello,
We are thinking of tunneling Telnet and/or VNC through SSH
accross a firewall. One of the questions i have
ot;
inline where appropriate, and your paper is done.
As a side note, I believe an advisory just
came out recently about a Denial of Service
against a particular DSL modem or something.
Search BugTraQ if interested.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubs
c.
In all cases, the packets are just silently dropped.
I'm not sure how I feel about this. I do know I'd be
very upset if they decided to add ports 21,22,23,25, and 110
to the list of ports to block. Granted having even those
ports open is against the terms of service. ;-)
~Patrick
-
[To u
of usernames and passwords?
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-HOWTO.html
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
turn bogus
information, incomplete information, or even no
information. And this is just using identd. This
doesn't even cover funny stuff like writing your
own daemon to answer queries or using netcat to
spit out garbage.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubs
server tears down it's query, rather than
waiting for a timeout.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
, of course, when the attacker is spoofing the
return address of another machine on the same subnet
and can sniff the responses from there or using a
tool like idlescan and using an unsuspecting third
party to do the scan for them.
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED
I suggest you take a good look for the trojan. It´s not
impossible that you
find it on your computer.
It is when you run Linux. ;-)
~Patrick
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Has anyone installed a ravlin 3200 ?
Are these not to complex to configure for point to point 3DES ?
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Deja.com is blocked b/c of access to all newsgroups - or at least it used to
be.
I use WebNot, it fulfills my needs, and it is relatively easy to manage -but
now to the griping.
WebNot uses a list generated by Mattel for a browser blocking product aimed
at parents/schools/libraries.
WebNot
I think I saw it here on the list. But not sure since I cant find any
mention of it.
A registry hack for Pc Anywhere which stops it from responding to the
network scan within pc anywhere.
Any help would be greatly appreciated.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe
- http://lrp.steinkuehler.net/ (firewall on a floppy...!)
Better to get something running at once while learning on the way!
Regards,
-
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
rent local networks in
the same vicinity. Now if I put these on my "black list" chances are I
might shut someone out who just happens to live in the same area that I
have communications with...just giving this as an example, of course
...what would be a preferable solution?
-
Patr
s that use ICMP, SSH, HTTPS, and other protocols
(e.g. Loki).
--Patrick Darden
--Internetworking Manager
--Athens Regional Medical Center
You Wrote:
1) Every CISCO Router can by default do stateful tcp inspection
("established" keyword.
2) With the IOS Firewall Feature Set it can do fu
C for true stateful inspection. CBAC
works well, but
has two problems: it is a tool, and depends upon the skill
and knowledge
of the person using it; and stateful inspection is completely
baffled by
tunnelling hacks that use ICMP, SSH, HTTPS, and other protocols
(e.g. Lo
ws go take a look at how to unbind
protocols that you won't be needing: http://grc.com/su-bondage.htm
You'll see that you won't have to worry about NetBEUI going anywhere.
Your input is greatly appreciated.
Thank You
al
You're feedback on how it goes, likewise. :)
-
Patrick Benson
Stockho
did it right.. ;)
(But Slackware, with just the A + N series installed along with
PMFirewall is all I really need in my humble dwelling!) :-)
-
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
- The files you need
4.3 - Space needed for a typical installation
-
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
://www.sans.org/topten.htm - know one's most common weaknesses...and
BIND (named) tops them all.
Best regards,
-
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
We have a tape machine on our secure network and it makes sense to reach
out to the non-secure DMZ and yank back backups through the firewall. That
way the connection is established from the inside out.
I would like to use an encrypted client/server such as SCP or SSH to do so.
Does anyone
and IPSec.
-
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
First guess I would have would be the "networks.exe" virus cant recall what
its actual name is offhand but it spans a process called networks.exe which
scans subnets looking for windows file and print sharing which it then
replicates itself to and starts the whole process over again..
Hope this
, at:
http://www.securityfocus.com/
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
The main issue here lies within the backwards compatibility of LAN Manager
Support which breaks the passwords down into 7 character chunks that are all
non case sensitive.
You can increase the time that l0pht would take dramatically simply by
editing the registry to do only NTLM v 2 with no fall
.
Has anyone got some suggestions?
Thanks,
Patrick McHardy
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
You also may want to take a look at Fore/Marconi ESX/NSX FSA (firewall
switching agent) which does load balancing over three FW's (Checkpoint or
Gauntlet) all IP traffic.Can be used with gig and offers fastpath with TCP
traffic.
-
From: Jeff Deitz [mailto:[EMAIL PROTECTED]]
Sent: 05
Hello,
I'm fairly new at setting up ipchains to firewall a connection and have
had great luck with routing from inside to the internet, but after looking
at the amn pages and the howto's i cant figure out how to route incoming
packets to my internal web server using port #'s. I am wondering if
We use Websense on our network and have been for almost 3 years - and we are
running a PIX firewall. Websense is very easy to set up, very easy to
customize, scalable, and works perfectly for our situation. It can also be
very expensive - we purchased a 2 year license for Websense for about
- Original Message -
From: "Firewalls-Digest" [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, April 04, 2001 4:00 AM
Subject: Firewalls-Digest V8 #1578
Firewalls-Digest Wednesday, April 4 2001 Volume 08 : Number
1578
In this issue:
ACL
RE:
: Symbols match kernel version 2.2.14.
Lots of fixes since that version
http://www.linux.org.uk/
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
rules for each of them without logging them. You
will notice that the SYN flag isn't set at the end of the rule lines...
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
at the
router on security vs. logging? Any fresh viewpoints would be welcome.
Patrick Kelly
CMS Information Services, Inc.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
Another important point to remember is that any
service that is allowed outbound on your firewall will
most likely allow the same service inbound as a
response to a request from a trusted internal user.
Even a seemingly harmless user can create many
problems unknowingly.
P
--- [EMAIL
You need to refine the list of ports that are being
scanned. Only set the triggers on ports that are open
on you systems, certainly this is not 1000 ports.
Also you should not be so concerned about a particular
port being scanned. You should be more worried about
one source IP address scanning
Any network person whose systems were compromised in
the last round of these attacks IS lucky!! Lucky they
have jobs at all, the security patches for this
vuneribilty had been out forever - tisk -tisk to
anyone irresponsible enough to overlook the obvious.
Also, if your system was compromised
Which security experts?? I would like names so I never
make the mistake of consulting with them.
--- Steve Riley (MCS) [EMAIL PROTECTED]
wrote:
Some security experts claim that NAT could be used
as a firewall (or
let's say, some means of hiding the internal
network). I have a question
about
Since you are looking for a script to accomplish this
task as opposed to just making the changes manually.
Which would be easily done in notepad and then applied
to the PIX. Unless using conduits is posing a problem
for you the upgraded PIX OS's still support conduits
and you can use acls on
If your only tool is a hammer than every problem
becomes a nail.
--- Ben Nagy [EMAIL PROTECTED] wrote:
-Original Message-
From: Michael Batchelder
[mailto:[EMAIL PROTECTED]]
Sent: Saturday, June 02, 2001 1:03 PM
To: [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re:
other users, and so forth.
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
unsubscribe firewalls in the body of the message.]
--- Steve Riley (MCS) [EMAIL PROTECTED]
wrote:
I think we all here agree that encryption is a good
thing. I won't
preach to the choir by enumerating the reasons. But
what about when
encryption prevents legitimate inspection?
If you are speaking of a VPN, encryption and
authentication
Bad implementation of IPSEC(RUVPN)
WebBlocker engine is weak
Proxied services are prone to failure
No double password verification
GPM constantly crashes and is the only easy way to
manage the firewall.
Watchguard support is weak
--- David Ishmael [EMAIL PROTECTED] wrote:
Hey all,
Anyone
There is no mechanism to stop a DOS attack on the fire
box. Actually on most firewalls a true DOS attack is
impossible to stop. Have your Firewall admin allow
the ICMP packets inbound from only that mail server
(host). I doubt if your ISP will launch a DOS attack
against you, even if they did
.
remember syn syn/ack ack
--- Zachary Uram [EMAIL PROTECTED] wrote:
so then firewall totally helpless to DoS attack?
that sounds really bad
there must be some way around this
such as all packets are encrypted to u and are
ignored by default
On Thu, 7 Jun 2001, patrick kerry wrote
Is the any any any rule in both directions?? What are
you seeing in the logs when you attempt to make these
connections?? Please provide more information for a
specific fix to your problem.
PK
--- Patrick James [EMAIL PROTECTED] wrote:
Hi,
I have a FW1 version 4.1 SP2 installation on WinNT
Hi,
I have a FW1 version 4.1 SP2 installation on WinNT 4.0 SP6. My network is a
simple one where I have couple of servers on the LAN and a Router, the FW1
pretty sits between the LAN Servers and the Router. I configured the proper
NAT and security policy settings absolutely no problem with
be the problem.
thanks
James
From: Richard Pitcock [EMAIL PROTECTED]
To: 'Patrick James' [EMAIL PROTECTED]
Subject: RE: FW1 is letting the traffic out but not the port starts 'liste
ning'
Date: Sun, 10 Jun 2001 19:20:33 -0400
Are you doing a static network address translation
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, June 22, 2001 3:06 PM
Subject: Firewalls digest, Vol 1 #33 - 7 msgs
Send Firewalls mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
privacy, so that the service won't be misused by others.
--
Patrick Benson
Stockholm, Sweden
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
Excellent !!! ;-)
For once I had fun reading my emails this morning.
P
...Les jeux videos n'affectent pas les enfants.Si Pac Man avait eu des
effets secondaires sur nous, nous serions tous en train de courir dans une
pièce sombre en gobant des cachets tout en écoutant des musiques
+dir HTTP/1.0 404
249
There's lots of activity going on at Securityfocus, on the Incidents
list, and here's one snippit:
http://www.securityfocus.com/archive/75/214799
--
Patrick Benson
Stockholm, Sweden
___
Firewalls mailing list
[EMAIL PROTECTED
Waht do you need help on Carlos?
*** IMPORTANT ! **
The content of this email and any attachments are confidential and intended
for the named recipient(s) only.
If you have received this email in error please notify the sender
JJ
humbly i would like to interject that a consultant cannot replace someone
on your own staff that knows something about security
-pat
On Wed, 24 Oct 2001, J wrote:
David:
Seriously, your best bet may be an independent consultant. This is for a
variety of reasons:
--)
your own script?
If you're trying to nmap within your network perimeter you'll get open
ports because they need to be open on the inside, if you need them for
your internal boxes. Are you trying with scans from outside your
network, from the net?
--
Patrick Benson
Stockholm, Sweden
didnt know vi had an email client...
On 18 Dec 2001 [EMAIL PROTECTED] wrote:
jaskdjalskdj
:q
:q
q
:quit
___
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
At least while using linux as a firewall one can build the kernel to suit
the particular needs of the situation. With msft youre stuck with the os
that comes from the box, and have to wait for patches from the
manufacturer.
On Mon, 28 Jan 2002, Marc Sahr wrote:
As if using Linux as a firewall
They have started up an @work service with ,what do you know.. IPSec
tunneling
Seems like they are trying to do the price gouging angle to me
-Original Message-
From: Erdely, Michael [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 15, 2000 3:29 PM
To: Firewalls
Subject: Re: Cable
?
In Slackware there are some entries for turning off the superserver in
rc.inet2. Those services that you need would probably run fine on their
own. Open them up as you need them
--
Patrick Benson
Stockholm, Sweden
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe fire
93 matches
Mail list logo