-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: vendredi 22 juin 2001 21:07 To: [EMAIL PROTECTED] Subject: Firewalls digest, Vol 1 #33 - 7 msgs Send Firewalls mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnac.net/mailman/listinfo/firewalls or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Firewalls digest..." Today's Topics: 1. RE: Has anyone heard of this? (Meritt James) 2. Re: Synchronise two servers in DMZ (Ron DuFresne) 3. Re: Real Secure and Firewall-1 ([EMAIL PROTECTED]) 4. RE: Has anyone heard of this? (Scott Godfrey) 5. RE: Need to Lock Down Mail Relay (Young, Beth A.) 6. RE: Why router are vulnerable to FTP and DNS? (Cessna, Michael) 7. RE: Router packet filtering (Cessna, Michael) --__--__-- Message: 1 Date: Fri, 22 Jun 2001 13:31:52 -0400 From: "Meritt James" <[EMAIL PROTECTED]> Organization: BAH To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Has anyone heard of this? I used to know several companies that did "ethical hacking" as a consulting service for companies who wanted reports on how good their security setup was. They did everything from brute force to social engineering. The funny thing was that they used the same tools that are publicly available (nmap, snort, etc.). ................................................................. Fee for fixing television: $100 Itemized list: hitting the television: $1 knowing where to hit: $99 Same thing. I have the same tools a professional mechanic uses most. He knows better HOW to use them, on what,... Same thing. -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566 --__--__-- Message: 2 Date: Fri, 22 Jun 2001 10:48:10 -0500 (CDT) From: Ron DuFresne <[EMAIL PROTECTED]> To: Hans Scheffers <[EMAIL PROTECTED]> Cc: Firewall List <[EMAIL PROTECTED]> Subject: Re: Synchronise two servers in DMZ I think rsync can run sweetly under ssh, have you looked into that? Others will remind me if I'm incorrect here, but, it sleeps in the back of the mind here, so it might be fact. Then again, it os a friday, laziest day of the week, barring forest fires... Thanks, Ron DuFresne On Fri, 22 Jun 2001, Hans Scheffers wrote: > Hi, > > this is off-topic I know, but I have a small problem. > > I have two servers in the DMZ (both linux), that have two be > syncrhonized on the data files (only on the data files); on both ssh/scp > runs, but no telnet/telnetd. > > server 2 has to receive the data from server 1, but because the amount > of the data only changed /new files have to be copied. > > with cp, i can synchronise dir 2 with dir 1 with the -u / --update > parameter. > scp doesn't know this option and I cannot find an option that does this > in the manpages of ssh/scp > > Does anyone have a hint on how to do this? > > greetz > Hans > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. --__--__-- Message: 3 Subject: Re: Real Secure and Firewall-1 To: "Carl E. Mankinen" <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED], [EMAIL PROTECTED], "Fredy Santana" <[EMAIL PROTECTED]> From: [EMAIL PROTECTED] Date: Fri, 22 Jun 2001 20:54:52 +0300 Hi, As stated(unofficially) that Checkpoint RealSecure product will be ISS RealSecure in the near future. It won't be a problem, is it? Regards. ------------------------------------------------------ Ihsan Cakmakli YKT Tel: 90.262.6472861 Fax: 90.262.6471711 [EMAIL PROTECTED] = =20 "Carl E. Mankinen" = =20 <[EMAIL PROTECTED]> To: <firewalls@plut= o.gnac.com>, "Fredy Santana" <[EMAIL PROTECTED]> =20 Sent by: cc: = =20 firewalls-admin@plut Subject: Re: Real S= ecure and Firewall-1 =20 o.gnac.com = =20 = =20 = =20 22.06.2001 17:46 = =20 = =20 = =20 One consideration is that the FW1 integrated product does not work with= the regular ISS Workgroup Manager console. This means if you have regular ISS network sensors (non-FW1), server sensors, etc that all connect to the console and you want to add a FW1 network sensor, you will have to run two seperate consoles. (might not be a big deal for everyone) Also, the licensing cannot be sync'd up and you will have to handle relicensing and key generation seperately. ----- Original Message ----- From: "Fredy Santana" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 20, 2001 8:47 AM Subject: Real Secure and Firewall-1 > Hi: > > I'm looking for experiences on install a Real Secure Network sensor i= n the > same machine than a Firewall-1. Well I know this is not recomended bu= t I > think if the perfomance requirements are not high could work. > > Does anyone had made this?? > > Regards from Chile > > > Saludos > Fredy R. Santana V. > Ingeniero Civil El=E9ctrico - CCSA > Orion 2000 - Servicios Profesionales en Seguridad Inform=E1tica > La Concepcion 322 piso 12, Providencia. > Santiago, Chile > Fono: 56-2-6403944, Fax: 56-2-6403990 > e-mail: [EMAIL PROTECTED] > http://www.orion.cl > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls = --__--__-- Message: 4 From: Scott Godfrey <[EMAIL PROTECTED]> To: 'Meritt James' <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Has anyone heard of this? Date: Fri, 22 Jun 2001 14:04:39 -0400 I could not have said it better. Scott Godfrey Network Security Inside Support [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> 727.547.4000 Ext.276 RISCmanagement, Inc. www.riscman.com <http://www.riscman.com> 10990 U.S. Hwy 19 North Clearwater Florida, 33764 -----Original Message----- From: Meritt James [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 1:32 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: RE: Has anyone heard of this? I used to know several companies that did "ethical hacking" as a consulting service for companies who wanted reports on how good their security setup was. They did everything from brute force to social engineering. The funny thing was that they used the same tools that are publicly available (nmap, snort, etc.). ................................................................. Fee for fixing television: $100 Itemized list: hitting the television: $1 knowing where to hit: $99 Same thing. I have the same tools a professional mechanic uses most. He knows better HOW to use them, on what,... Same thing. -- James W. Meritt, CISSP, CISA Booz, Allen & Hamilton phone: (410) 684-6566 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls --__--__-- Message: 5 From: "Young, Beth A." <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: RE: Need to Lock Down Mail Relay Date: Fri, 22 Jun 2001 13:02:48 -0500 While ORBS is dead, it has spawned 3 other processes: www.ordb.org www.orbl.org http://orbs.gst-group.co.uk/ No information yet on which will come out on top but the UK site is already in trouble. -----Original Message----- From: Zachary Uram [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 10:27 AM To: Gerardo Soto Cc: [EMAIL PROTECTED] Subject: Re: Need to Lock Down Mail Relay That website is defunct! :) " Due to circumstances beyond our control, the ORBS website is no longer available. " Try again! :) Zach On Fri, 22 Jun 2001, Gerardo Soto wrote: > > Hello: > > Check this web site, they do not ask to create an account and they > really test your mail server. Be prepare for it. > > http://www.orbs.org > > > Regards, > > On Thu, 21 Jun 2001, Alvin Oga wrote: > > > > > hi lance.. et.al.. > > > > i just went to http://www.abuse.net/relay.html > > - they wanted a login passwd etc..etc... > > > > so wound up doing the telnet stuff as shown... by you folks > > > > i'd like to add that the "telnet mail.foo.com 25" > > is the suspected open relay you are trying to test... > > - if its open... you wanna close it as its admin > > - if its open... as a spammer...you're a bad boy > > - its open if you dont get "relay denied" > > > > Another good url to use besides the abuse.net site... > > > > http://www.paladincorp.com.au/unix/spam/spamlart/ > > > > Anyway... I've collected a few more urls for online open relay testing > > > > http://www.linux-sec.net/audit_tools.gwif.html#Relay > > > > have fun > > alvin > > http://www.Linux-Sec.net > > > > On Thu, 21 Jun 2001, Lance Ecklesdafer wrote: > > > > > What I try to do is connect to the server on port 25 and go through this > > > process. > > > (1) HELO INTRUDER.COM > > > <The server responds> > > > (2) MAIL FROM:[EMAIL PROTECTED] > > > <The server responds> > > > (3)RCPT TO: [EMAIL PROTECTED] > > > <The server will give you an error if it will not accept relays. If it > > > accepts mail for a domain other than the domain it is servicing, then it is > > > open for a relay attack.> > > > If you want to continue your message then you can enter: > > > (4)DATA > > > <the server will tell you to enter data with only a "." on the last line> > > > (5)RSET > > > (6)QUIT > > > > > > That is basically what I do. Does anyone else have anything to add? > > > > > > Lance > > > > > > > > > ----- Original Message ----- > > > From: "Gary Rose" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, June 21, 2001 10:55 AM > > > Subject: Need to Lock Down Mail Relay > > > > > > > > > > What is the easiest way to test if a mail server has mail relay enabled > > > > other than pointing your email client at it? Can you telnet to port 25 and > > > > use SMTP commands? If so, what is the process? > > > > > > > > > > > > Thanks. > > > > > > > > > > > > -G > > > > > > > > _______________________________________________ > > > > Firewalls mailing list > > > > [EMAIL PROTECTED] > > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > _______________________________________________ > > > Firewalls mailing list > > > [EMAIL PROTECTED] > > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > [EMAIL PROTECTED] "Blessed are those who have not seen and yet have faith." - John 20:29 _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls --__--__-- Message: 6 From: "Cessna, Michael" <[EMAIL PROTECTED]> To: 'Sudipto basu' <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: Why router are vulnerable to FTP and DNS? Date: Fri, 22 Jun 2001 14:14:39 -0400 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0FB47.338248C0 Content-Type: text/plain; charset="iso-8859-1" I believe what you are after is the difference between: (please no nitpicking arguments over this!:) ) State full Inspection and Packet Inspection/Screening Router and Application Proxy Look into the definitions on these three terms. Goggle gives lots of results. It all relates to how far a FW or router looks into a packets contents. If you allow http through your fw you can and probably will be hacked because the FW doesn't inspect the http commands just the delivery. I know this is a very large gray area so please no arguments! An application proxy mostly just inspects the data payload of the packet and looks to see if there are any commands that are not allowed. Such as for MS IIS get\iisadmin This is the tip of the iceberg. If you really want to know read up on what each defines and you will see the overlap that causes the arguments. And you'll understand the evils of marketing departments at firewall firms! Hope this can help you, Mike -----Original Message----- From: Sudipto basu [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 10:47 AM To: [EMAIL PROTECTED] Subject: Why router are vulnarable to FTP and DNS? Hi all, can any one let me know why Router level firewalls are not good at filtering FTP, X11 and DNS packets. Sudipto. [EMAIL PROTECTED] ===== The most I can do for my friend is. Simply to be his friend. __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls ------_=_NextPart_001_01C0FB47.338248C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Why router are vulnerable to FTP and DNS?</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>I believe what you are after is the difference = between:</FONT> <BR><FONT SIZE=3D2>(please no nitpicking arguments over this!:) = )</FONT> </P> <P><FONT SIZE=3D2>State full Inspection</FONT> <BR><FONT SIZE=3D2>and</FONT> <BR><FONT SIZE=3D2>Packet Inspection/Screening Router</FONT> <BR><FONT SIZE=3D2>and</FONT> <BR><FONT SIZE=3D2>Application Proxy</FONT> </P> <P><FONT SIZE=3D2>Look into the definitions on these three terms. = Goggle gives lots of results.</FONT> <BR><FONT SIZE=3D2>It all relates to how far a FW or router looks into = a packets contents. If you allow http through your fw you can and = probably will be hacked because the FW doesn't inspect the http = commands just the delivery. I know this is a very large gray area so = please no arguments!</FONT></P> <P><FONT SIZE=3D2>An application proxy mostly just inspects the data = payload of the packet and looks to see if there are any commands that = are not allowed. Such as for MS IIS get\iisadmin</FONT></P> <P><FONT SIZE=3D2>This is the tip of the iceberg. If you really want to = know read up on what each defines and you will see the overlap that = causes the arguments. And you'll understand the evils of marketing = departments at firewall firms!</FONT></P> <P><FONT SIZE=3D2>Hope this can help you,</FONT> <BR><FONT SIZE=3D2>Mike</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Sudipto basu [<A = HREF=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A>]</FON = T> <BR><FONT SIZE=3D2>Sent: Friday, June 22, 2001 10:47 AM</FONT> <BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT> <BR><FONT SIZE=3D2>Subject: Why router are vulnarable to FTP and = DNS?</FONT> </P> <BR> <P><FONT SIZE=3D2>Hi all,</FONT> <BR><FONT SIZE=3D2>can any one let me know why Router level firewalls = are</FONT> <BR><FONT SIZE=3D2>not good at filtering FTP, X11 and DNS packets. = </FONT> <BR><FONT SIZE=3D2>Sudipto.</FONT> <BR><FONT SIZE=3D2>[EMAIL PROTECTED]</FONT> </P> <P><FONT SIZE=3D2>=3D=3D=3D=3D=3D</FONT> </P> <P><FONT SIZE=3D2>The most I can do for my friend is. </FONT> <BR><FONT SIZE=3D2>Simply to be his friend. </FONT> </P> <BR> <BR> <BR> <P><FONT = SIZE=3D2>__________________________________________________</FONT> <BR><FONT SIZE=3D2>Do You Yahoo!?</FONT> <BR><FONT SIZE=3D2>Get personalized email addresses from Yahoo! = Mail</FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://personal.mail.yahoo.com/"; = TARGET=3D"_blank">http://personal.mail.yahoo.com/</A></FONT> <BR><FONT = SIZE=3D2>_______________________________________________</FONT> <BR><FONT SIZE=3D2>Firewalls mailing list</FONT> <BR><FONT SIZE=3D2>[EMAIL PROTECTED]</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://lists.gnac.net/mailman/listinfo/firewalls"; = TARGET=3D"_blank">http://lists.gnac.net/mailman/listinfo/firewalls</A></ = FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0FB47.338248C0-- --__--__-- Message: 7 From: "Cessna, Michael" <[EMAIL PROTECTED]> To: 'Sudipto basu' <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: Router packet filtering Date: Fri, 22 Jun 2001 14:37:52 -0400 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0FB4A.7208E0B0 Content-Type: text/plain; charset="iso-8859-1" A little background first: What a firewall uses is a State Table to keep track of connections when they are made and to allow the return packets to get to the client. If you have two simple rules: AnyThingInternal TO AnythingExternal ACCEPT anything TO Anywhere DENY This you would think would allow you to have your internal pc's connect to the outside but not allow the outside connect to the inside. Right? Well without state tables it's wrong. The original session creation packets go out fine and then the data from the remote server comes back. But when the remote data packet comes to the FW the FW would apply its rules base and match it to rule 2. Guess what? It's denied! The way it is really done is through state tables. When you send a packet out it is part of a session, the FW keeps track of that session through the state table so that when the reply packets come back in the FW know that it is from a connection 'requested' from internal which is allowed by the first rule so the FW passes it through even though it is a packet 'from somewhere destined for anywhere' (rule2). UDP packets are not a problem outbound but inbound you should not allow them unless you have a good reason to. This applies to TCP, GRE any packet that you allow in through the firewall. You can learn more by reading up on the Syn-Ack-Fin sequencing in TCP/IP and also the difference between connection oriented (tcp) and connectionless transmissions (UDP). Try Stevens-TCP/IP Illustrated, VOL 1 I would recommend this book for just about anything TCP/IP related. >some protocols like FTP which use more than one data stream >present problems for a router based firewalls. Remember that FTP negotiates a session on 21 but then uses a dynamically assigned port above 1024. so the router would have to know that port 1025 is the data session for the ftp connection that was just negotiated. Ports are just placeholders for the two ends of a communications to keep things straight. You can run FTP on any port that you want. So since a screening router is looking for FTP on port 21 and not allowing any other ports, when you get to the data transfer portion of your ftp session the router would throw it away since it only allows port 21 and no others even though it is part of an FTP session. I hope this helps a little. Mike -----Original Message----- From: Sudipto basu [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 11:33 AM To: [EMAIL PROTECTED] Subject: Router packet filtering I think my earlier question was not clear to some. So let me refine it. I mean to say without any s/w support a filtering technique at router level can not filter those packets. Is it right. If yes then why. I have a book which reads like. "A router alone cannot fully control a stream of IP packets, as it can not monitor the state of the state of incoming and out going packets, so a some protocols like FTp which which use more than one data stream present problems for a router based firewalls. Things get worse when you use a connection less protocol like UDP, which forms the basis of DNS. In order to control UDP streams in a firewall, you need to add some form of state monitoring to a packet filter" I think my question is some waht clear now. Sudipto basu [EMAIL PROTECTED] ===== The most I can do for my friend is. Simply to be his friend. __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/ _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls ------_=_NextPart_001_01C0FB4A.7208E0B0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Router packet filtering </TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>A little background first:</FONT> </P> <P><FONT SIZE=3D2>What a firewall uses is a State Table to keep track = of connections when they are made and to allow the return packets to = get to the client. If you have two simple rules:</FONT></P> <P><FONT SIZE=3D2>AnyThingInternal TO = AnythingExternal ACCEPT</FONT> <BR><FONT SIZE=3D2>anything TO = Anywhere DENY</FONT> </P> <P><FONT SIZE=3D2>This you would think would allow you to have your = internal pc's connect to the outside but not allow the outside connect = to the inside. Right?</FONT></P> <P><FONT SIZE=3D2>Well without state tables it's wrong.</FONT> <BR><FONT SIZE=3D2>The original session creation packets go out fine = and then the data from the remote server comes back. But when the = remote data packet comes to the FW the FW would apply its rules base = and match it to rule 2. Guess what? It's denied!</FONT></P> <P><FONT SIZE=3D2>The way it is really done is through state = tables.</FONT> <BR><FONT SIZE=3D2>When you send a packet out it is part of a session, = the FW keeps track of that session through the state table so that when = the reply packets come back in the FW know that it is from a connection = 'requested' from internal which is allowed by the first rule so the FW = passes it through even though it is a packet 'from somewhere destined = for anywhere' (rule2).</FONT></P> <P><FONT SIZE=3D2>UDP packets are not a problem outbound but inbound = you should not allow them unless you have a good reason to. This = applies to TCP, GRE any packet that you allow in through the = firewall.</FONT></P> <P><FONT SIZE=3D2>You can learn more by reading up on the Syn-Ack-Fin = sequencing in TCP/IP and also the difference between connection = oriented (tcp) and connectionless transmissions (UDP). Try = Stevens-TCP/IP Illustrated, VOL 1</FONT></P> <P><FONT SIZE=3D2>I would recommend this book for just about anything = TCP/IP related.</FONT> </P> <P><FONT SIZE=3D2>>some protocols like FTP which use more than one = data stream</FONT> <BR><FONT SIZE=3D2>>present problems for a router based = firewalls.</FONT> </P> <P><FONT SIZE=3D2>Remember that FTP negotiates a session on 21 but then = uses a dynamically assigned port above 1024. so the router would have = to know that port 1025 is the data session for the ftp connection that = was just negotiated. Ports are just placeholders for the two ends of a = communications to keep things straight. You can run FTP on any port = that you want. So since a screening router is looking for FTP on port = 21 and not allowing any other ports, when you get to the data transfer = portion of your ftp session the router would throw it away since it = only allows port 21 and no others even though it is part of an FTP = session.</FONT></P> <P><FONT SIZE=3D2>I hope this helps a little.</FONT> <BR><FONT SIZE=3D2>Mike</FONT> </P> <P><FONT SIZE=3D2>-----Original Message-----</FONT> <BR><FONT SIZE=3D2>From: Sudipto basu [<A = HREF=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A>]</FON = T> <BR><FONT SIZE=3D2>Sent: Friday, June 22, 2001 11:33 AM</FONT> <BR><FONT SIZE=3D2>To: [EMAIL PROTECTED]</FONT> <BR><FONT SIZE=3D2>Subject: Router packet filtering </FONT> </P> <BR> <P><FONT SIZE=3D2>I think my earlier question was not clear to some. = So</FONT> <BR><FONT SIZE=3D2>let me refine it.</FONT> </P> <P><FONT SIZE=3D2>I mean to say without any s/w support a = filtering</FONT> <BR><FONT SIZE=3D2>technique at router level can not filter = those</FONT> <BR><FONT SIZE=3D2>packets.</FONT> <BR><FONT SIZE=3D2>Is it right. If yes then why.</FONT> <BR><FONT SIZE=3D2>I have a book which reads like.</FONT> </P> <BR> <P><FONT SIZE=3D2>"A router alone cannot fully control a stream of = IP</FONT> <BR><FONT SIZE=3D2>packets, as it can not monitor the state of the = state</FONT> <BR><FONT SIZE=3D2>of incoming and out going packets, so a some = protocols</FONT> <BR><FONT SIZE=3D2>like FTp which which use more than one data = stream</FONT> <BR><FONT SIZE=3D2>present problems for a router based = firewalls.</FONT> </P> <P><FONT SIZE=3D2>Things get worse when you use a connection = less</FONT> <BR><FONT SIZE=3D2>protocol like UDP,</FONT> <BR><FONT SIZE=3D2>which forms the basis of DNS. In order to control = UDP</FONT> <BR><FONT SIZE=3D2>streams in a firewall, you need to add some form = of</FONT> <BR><FONT SIZE=3D2>state monitoring to a packet = filter"</FONT> </P> <P><FONT SIZE=3D2>I think my question is some waht clear now.</FONT> </P> <P><FONT SIZE=3D2>Sudipto basu</FONT> <BR><FONT SIZE=3D2>[EMAIL PROTECTED]</FONT> </P> <BR> <BR> <P><FONT SIZE=3D2>=3D=3D=3D=3D=3D</FONT> </P> <P><FONT SIZE=3D2>The most I can do for my friend is. </FONT> <BR><FONT SIZE=3D2>Simply to be his friend. </FONT> </P> <BR> <BR> <BR> <P><FONT = SIZE=3D2>__________________________________________________</FONT> <BR><FONT SIZE=3D2>Do You Yahoo!?</FONT> <BR><FONT SIZE=3D2>Get personalized email addresses from Yahoo! = Mail</FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://personal.mail.yahoo.com/"; = TARGET=3D"_blank">http://personal.mail.yahoo.com/</A></FONT> <BR><FONT = SIZE=3D2>_______________________________________________</FONT> <BR><FONT SIZE=3D2>Firewalls mailing list</FONT> <BR><FONT SIZE=3D2>[EMAIL PROTECTED]</FONT> <BR><FONT SIZE=3D2><A = HREF=3D"http://lists.gnac.net/mailman/listinfo/firewalls"; = TARGET=3D"_blank">http://lists.gnac.net/mailman/listinfo/firewalls</A></ = FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C0FB4A.7208E0B0-- --__--__-- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls End of Firewalls Digest _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
