[/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\]
[/\][/\] AUTOMATED E-MAIL REPLY [/\][/\]
[/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\][/\]
I will be out of the office until Monday, January 3, 2000. If your e-mail is of an
urgent matter, please call the Division of Information Technology's Help Desk at (909)
955-5948.
Thank You,
-Ray Pegis
>>> "[EMAIL PROTECTED]" 12/26/99 01:00 >>>
Firewalls-Digest Sunday, December 26 1999 Volume 08 : Number 743
In this issue:
NT RAS password
firewall logs
Re: Firewalls-Digest V8 #742
Re: Exchange with checkpoint unable to send to alt mx entries
Re: Perimeter network device question
Re: firewall logs
See the end of the digest for information on subscribing to the Firewalls
or Firewalls-Digest mailing lists and on how to retrieve back issues.
----------------------------------------------------------------------
Date: Sat, 25 Dec 1999 20:03:49 +0530
From: netcomm <[EMAIL PROTECTED]>
Subject: NT RAS password
hi all
i need to know how to enable dialin users to change their passwords over RAS
connections......say the NT RAS is on a standalone NT server and users
connect to it .....but i m not able to make them change their
passwords.....even if i create user with option user must change password
after first logon while creating user...even then users r not able to change
password....
any info or pointers are welcome....
TIA
Madhur Nanda
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 25 Dec 1999 15:54:47 +0100
From: "Jasper Jans" <[EMAIL PROTECTED]>
Subject: firewall logs
Hi people,
Let me start by wishing you all a very merry christmas :)
My qn is the following..
In my firewall logs i see this entry apearing over and
over again
[25/Dec/1999 15:45:22] Packet filter: ACL 2:14 DC21X40002: permit packet in:
UDP 24.132.52.87:1093 -> 224.0.0.1:4242
[25/Dec/1999 15:46:22] Packet filter: ACL 2:14 DC21X40002: permit packet in:
UDP 24.132.52.87:1093 -> 224.0.0.1:4242
[25/Dec/1999 15:47:22] Packet filter: ACL 2:14 DC21X40002: permit packet in:
UDP 24.132.52.87:1093 -> 224.0.0.1:4242
This happens exactly once a minute.. Anyone got any idea what kind of
traffic this
is.. and if it is a good idea to just drop those packages?
Thanks a lot,
Jasper
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 25 Dec 1999 06:42:48 -0500
From: "Russ Vines" <[EMAIL PROTECTED]>
Subject: Re: Firewalls-Digest V8 #742
FYI:
I am out of the office on vacation until Jan 4, 2000, and will be unable to respond to
this e-mail until that time.
Thank you,
Russell Dean Vines
Managing Consultant
Realtech Systems Corp.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 25 Dec 1999 12:11:21 -0800
From: Jerald Josephs <[EMAIL PROTECTED]>
Subject: Re: Exchange with checkpoint unable to send to alt mx entries
Inquire whether he is using the SMTP Security Server
on the FireWall-1 platform to check outbound mail for
Content Security.
The FW-1 SMTP Security Server is not able to do
MX lookups, so if the first mail relay is not responding,
the email will not go out.
The Log Viewer will display an entry with "Connection
to final MTA failed" in the Info section.
The solution at his site would to explicitly define a SMTP service
rule before all other SMTP resource rule that would allow his
Exchange Server to send out SMTP to any destination. This would
prevent the SMTP Security Server from attempting to resolve an MX
record.
I am sure the Exchange Server can do multiple MX lookups.
Jerald Josephs
[EMAIL PROTECTED]
- ----- Original Message -----
From: Ng, Kenneth (US) <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, December 22, 1999 3:26 PM
Subject: Exchange with checkpoint unable to send to alt mx entries
> Hello, have any of you run into the following?:
> - I currently have two MX entries a low value that is currently refusing
> connections, and a high value that is accepting connections (we're testing
a
> new configuration for a couple of weeks).
> - Person sending to me has an Exchange server behind a Checkpoint
firewall.
>
> He says that whenever an email is attempted, that the connection is
refused
> by the low MX entry, and Exchange doesn't bother to try the other MX
entry.
> I thought I recall seeing this about a year ago, and that it was fixed.
He
> is running Exchange 5.5 SP3, so that sounds pretty recent.
>
>
>
>
****************************************************************************
*
> The information in this email is confidential and may be legally
privileged.
> It is intended solely for the addressee. Access to this email by anyone
else
> is unauthorized.
>
> If you are not the intended recipient, any disclosure, copying,
distribution
> or any action taken or omitted to be taken in reliance on it, is
prohibited
> and may be unlawful. When addressed to our clients any opinions or advice
> contained in this email are subject to the terms and conditions expressed
in
> the governing KPMG client engagement letter.
>
****************************************************************************
*
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 25 Dec 1999 03:46:40 +0000
From: LiquidK <[EMAIL PROTECTED]>
Subject: Re: Perimeter network device question
Jim Eckford wrote:
> Be aware that even 'dumb' switches can be attacked. The usual method is to feed
> them with spoofed MAC addresses until the address table overflows, which, with
> some switches, causes it to go in to flooding mode. In other words, it becomes a
> simple hub from which all traffic can be captured. A managed switch would at
> least be able to warn you by SNMP trap that the table was full.
Sniffing and hijacking is usually possible in a switcher (depending
on the configuration of course) by ARP spoffing, thus tricking a host in
your segment into sending the traffic to you. Then all you have to do is relay
those packets to the real destination, changing the stream of data as you like.
There is a tool called hunt that implements this kind of attack.
- --
LiquidK
[EMAIL PROTECTED]
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
Date: Sat, 25 Dec 1999 16:19:05 -0600
From: Pug Bainter <[EMAIL PROTECTED]>
Subject: Re: firewall logs
Jasper Jans ([EMAIL PROTECTED]) said something that sounded like:
> Let me start by wishing you all a very merry christmas :)
It certainly is.
> This happens exactly once a minute.. Anyone got any idea what kind of
> traffic this is..
Well it seems that node13457.a2000.nl is sending UDP multi-casts to all
participating hosts (224.0.0.1 apparently means everyone). The 4242
address is reserved to vrml-multi-use, of course that may or may not
be whats really happening.
> and if it is a good idea to just drop those packages?
Personally I prefer to drop all UDP and multi-cast traffic unless
required for a specific work-related function.
Ciao,
- --
Richard "Pug" Bainter | AMD, Inc.
Senior System Engineer | Mail Stop 625
[EMAIL PROTECTED] | [EMAIL PROTECTED] | 5900 E. Ben White Blvd
Phone: (512) 602-0364 | Fax: (512) 602-6970 | Austin, TX 78741
Note: The views may not reflect my employers, or even my own for that matter.
- -
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
------------------------------
End of Firewalls-Digest V8 #743
*******************************
To unsubscribe from Firewalls-Digest, send the following command
in the body of a message to "[EMAIL PROTECTED]":
unsubscribe firewalls-digest
If you want to subscribe or unsubscribe an address other than the
account the mail is coming from, such as a local redistribution list,
then append that address to the command; for example, to subscribe
"local-firewalls":
subscribe firewalls-digest [EMAIL PROTECTED]
A non-digest (direct mail) version of this list is also available; to
subscribe to that instead, replace all instances of "firewalls-digest"
in the commands above with "firewalls".
Compressed back issues are available for anonymous FTP from
Lists.GNAC.NET, in pub/firewalls/digest/vNN.nMMM.Z (where "NN"
is the volume number, and "MMM" is the issue number).
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
