F�r Fragen im Bereich Datensicherheit wenden Sie sich bitte an: www.Hackeinsteiger-Board.de www.Securitypoint-board.de.vu
The German "cybercommercial" above reads: "For questions in the field of Computer Security please turn to: www.Hackeinsteiger-Board.de www.Securitypoint-board.de.vu What kind of sites are these? One of them, the second one, is forbidden, and the "Rules" on the first site seem pretty strange, especially Rules 2, 7, and 8. R. B. ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, January 15, 2002 6:17 PM Subject: Firewalls digest, Vol 1 #465 - 8 msgs > Send Firewalls mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://lists.gnac.net/mailman/listinfo/firewalls > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Firewalls digest..." > > > Today's Topics: > > 1. RE: Off-topic or not? Is your son a computer hacker (Chris Patterson) > 2. RE: Off-topic or not? Is your son a computer hacker (Wrieth, Henry) > 3. Telnet/SNMP security (Slightly OT) (Rick Brown) > 4. Re: Telnet/SNMP security (Slightly OT) (William Stackpole) > 5. Re: Telnet/SNMP security (Slightly OT) (Paul D. Robertson) > 6. Ban Nokia interface? ([EMAIL PROTECTED]) > 7. Re: Ban Nokia interface? ([EMAIL PROTECTED]) > 8. Re: Off-topic or not? Is your son a computer hacker (Florian Hobelsberger / BlueScreen) > > --__--__-- > > Message: 1 > Subject: RE: Off-topic or not? Is your son a computer hacker > Date: Mon, 14 Jan 2002 10:11:37 -0500 > From: "Chris Patterson" <[EMAIL PROTECTED]> > To: "'Erwin Geirnaert'" <[EMAIL PROTECTED]>, > "Firewalls (E-mail)" <[EMAIL PROTECTED]> > > The saddest part is... some one is going to read that and think its > true. > > > Chris Patterson > Network Administrator > Axiom Systems > Http://Www.AxiomSys.Com=20 > The Truth Is Out There. Go Find It. Http://Www.2600.Com=20 > > -----Original Message----- > From: Erwin Geirnaert [mailto:[EMAIL PROTECTED]]=20 > Sent: Monday, January 14, 2002 8:15 AM > To: Firewalls (E-mail) > Subject: Off-topic or not? Is your son a computer hacker > > > > > > > > http://www.adequacy.org/?op=3Ddisplaystory;sid=3D2001/12/2/42056/2147=20 > > --__--__-- > > Message: 2 > From: "Wrieth, Henry" <[EMAIL PROTECTED]> > To: "Firewalls (E-mail)" <[EMAIL PROTECTED]> > Subject: RE: Off-topic or not? Is your son a computer hacker > Date: Mon, 14 Jan 2002 10:19:51 -0500 > > Follow up article > <<http://www.theregister.co.uk/content/28/23650.html>> > > -----Original Message----- > From: Chris Patterson [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 10:12 AM > To: 'Erwin Geirnaert'; Firewalls (E-mail) > Subject: RE: Off-topic or not? Is your son a computer hacker > > > The saddest part is... some one is going to read that and think its > true. > > > Chris Patterson > Network Administrator > Axiom Systems > Http://Www.AxiomSys.Com > The Truth Is Out There. Go Find It. Http://Www.2600.Com > > -----Original Message----- > From: Erwin Geirnaert [mailto:[EMAIL PROTECTED]] > Sent: Monday, January 14, 2002 8:15 AM > To: Firewalls (E-mail) > Subject: Off-topic or not? Is your son a computer hacker > > > > > > > > http://www.adequacy.org/?op=displaystory;sid=2001/12/2/42056/2147 > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > This message is for the named person's use only. It may contain sensitive and private proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you are not the intended recipient, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. CREDIT SUISSE GROUP and each legal entity in the CREDIT SUISSE FIRST BOSTON or CREDIT SUISSE ASSET MANAGEMENT business units of CREDIT SUISSE FIRST BOSTON reserve the right to monitor all e-mail communications through its networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity. Unless otherwise stated, any pricing information given ! > in this message is indicative o > nly, is subject to change and does not constitute an offer to deal at any price quoted. Any reference to the terms of executed transactions should be treated as preliminary only and subject to our formal written confirmation. > > > > --__--__-- > > Message: 3 > Date: Mon, 14 Jan 2002 07:44:41 -0800 (PST) > From: Rick Brown <[EMAIL PROTECTED]> > Subject: Telnet/SNMP security (Slightly OT) > To: [EMAIL PROTECTED] > > I'm trying to tighten security behind my firewall and > thought you guys might be able to give me some > feedback. I've got an all Cisco infrastructure and I > want to secure access to the switches and routers. > Should I use TACACS+ or SSH? I need something free > (or close to it) because the bean counters are being > tight. Also, what's the best way to secure SNMP? We > use Novell's eDirectory and so it would be nice to > find something that could work with LDAP but that may > asking for too much. Could IPSec be used to secure > any of this? Thanks! > > __________________________________________________ > Do You Yahoo!? > Send FREE video emails in Yahoo! Mail! > http://promo.yahoo.com/videomail/ > > --__--__-- > > Message: 4 > From: "William Stackpole" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: Telnet/SNMP security (Slightly OT) > Date: Mon, 14 Jan 2002 08:04:08 -0800 > > Rick, > > SSH provides encrypted traffic between the client and the Cisco device as > well as authentication. This prevents sniffing attacks against Telnet > sessions where the ENABLE password would otherwise be passed in the clear. > TACACS/RADIUS provide centralized authentication and authorization and audit > facilities. This makes it possible to assign different levels of access to > the router based on userID. And to audit what people do when they are > connected. TACACS is better at this than RADIUS. > > Cisco also supports SNMP traps for things for various type of accesses > including any that change the configuration. My preference is to use SSH > for Telnet sessions and TACACS for auditing with SNMP traps for alert > notifications when configs get changed. > > -- Bill Stackpole, CISSP > > ----- Original Message ----- > From: "Rick Brown" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, January 14, 2002 7:44 AM > Subject: Telnet/SNMP security (Slightly OT) > > > > I'm trying to tighten security behind my firewall and > > thought you guys might be able to give me some > > feedback. I've got an all Cisco infrastructure and I > > want to secure access to the switches and routers. > > Should I use TACACS+ or SSH? I need something free > > (or close to it) because the bean counters are being > > tight. Also, what's the best way to secure SNMP? We > > use Novell's eDirectory and so it would be nice to > > find something that could work with LDAP but that may > > asking for too much. Could IPSec be used to secure > > any of this? Thanks! > > > > __________________________________________________ > > Do You Yahoo!? > > Send FREE video emails in Yahoo! Mail! > > http://promo.yahoo.com/videomail/ > > _______________________________________________ > > Firewalls mailing list > > [EMAIL PROTECTED] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > --__--__-- > > Message: 5 > Date: Mon, 14 Jan 2002 11:09:46 -0500 (EST) > From: "Paul D. Robertson" <[EMAIL PROTECTED]> > To: Rick Brown <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Subject: Re: Telnet/SNMP security (Slightly OT) > > On Mon, 14 Jan 2002, Rick Brown wrote: > > > I'm trying to tighten security behind my firewall and > > thought you guys might be able to give me some > > feedback. I've got an all Cisco infrastructure and I > > want to secure access to the switches and routers. > > Should I use TACACS+ or SSH? I need something free > > If you've got a one-time password scheme, you'd get more value from that > than securing the transport layer. The only pain is in having to wait a > minute between login and enable if you're using SecurID. > > With reusable passwords, security the transport layer will probably be > more productive. Don't forget that you can use access lists to limit > access to infrastructure, especially routers. > > > (or close to it) because the bean counters are being > > tight. Also, what's the best way to secure SNMP? We > > As well as the obvious community string and writable MIB issues, > there have been a few flaws in common implementations. I prefer to do > things like that out of band if I have to use them. Obvously that > generally requires an architecture change. > > > use Novell's eDirectory and so it would be nice to > > find something that could work with LDAP but that may > > asking for too much. Could IPSec be used to secure > > any of this? Thanks! > > IPSec could, but it's pretty resource-intensive for most low-level > devices like smaller routers. > > Paul > -------------------------------------------------------------------------- --- > Paul D. Robertson "My statements in this message are personal opinions > [EMAIL PROTECTED] which may have no basis whatsoever in fact." > > > --__--__-- > > Message: 6 > Subject: Ban Nokia interface? > To: [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Date: Mon, 14 Jan 2002 08:29:29 -0800 > > > We are running a Nokia IP330 3.3 SP3. We've found that if we set > up four servers in the DMZ to constantly ping a server in the internal > net, everything will work for hours, then suddenly all four servers will > fail to ping for about 10 seconds, and all at the same time. Then it all > comes back again. This will happen every few hours, but with no regularity. > > The stats through Voyager show no excessive interface errors, no interface > resets, nothing looks wrong. > > Everything is NAT'ed manually, no auto-Nat. Firewall1 logs show nothing > unusual. All translated source and destination addresses are correct. > > We eliminated all switches and hubs between these two networks as to being > the problem. > > There are no duplex mismatches with any of the devices. > > So now I am thinking that there is something going on deeper in > IPSO. I am reading up on running debug in IPSO to give me more > information, but I was wondering if anyone out there has any good debug > commands for me to try or anything in particular to look for? Any help > would be appreciated. Thanks. > > Scott > > > > --__--__-- > > Message: 7 > Subject: Re: Ban Nokia interface? > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] > From: [EMAIL PROTECTED] > Date: Mon, 14 Jan 2002 08:37:47 -0800 > > > I like Nokia's. Honest. I meant to type "Bad Nokia Interface?" Sorry. > > Scott > > > > |--------+------------------------------> > | | skirn@illuminations.| > | | com | > | | Sent by: | > | | firewalls-admin@list| > | | s.gnac.net | > | | | > | | | > | | 01/14/2002 08:29 AM | > | | | > |--------+------------------------------> > >--------------------------------------------------------------------------- ---------------------------------------------| > | | > | To: [EMAIL PROTECTED] | > | cc: | > | Subject: Ban Nokia interface? | > >--------------------------------------------------------------------------- ---------------------------------------------| > > > > > > We are running a Nokia IP330 3.3 SP3. We've found that if we set > up four servers in the DMZ to constantly ping a server in the internal > net, everything will work for hours, then suddenly all four servers will > fail to ping for about 10 seconds, and all at the same time. Then it all > comes back again. This will happen every few hours, but with no regularity. > > The stats through Voyager show no excessive interface errors, no interface > resets, nothing looks wrong. > > Everything is NAT'ed manually, no auto-Nat. Firewall1 logs show nothing > unusual. All translated source and destination addresses are correct. > > We eliminated all switches and hubs between these two networks as to being > the problem. > > There are no duplex mismatches with any of the devices. > > So now I am thinking that there is something going on deeper in > IPSO. I am reading up on running debug in IPSO to give me more > information, but I was wondering if anyone out there has any good debug > commands for me to try or anything in particular to look for? Any help > would be appreciated. Thanks. > > Scott > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > --__--__-- > > Message: 8 > From: "Florian Hobelsberger / BlueScreen" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Subject: Re: Off-topic or not? Is your son a computer hacker > Date: Mon, 14 Jan 2002 18:37:26 +0100 > > By the way, many parents really don't know what their kids are doing on the > computer (so are mine :). Some of the points there can really help to find > out, if the children are doing something you don't want them to do (but > still, a lot of the stuff written down there is just ridiculous). > > So, even it is a joke, never forget that jokes often are nearer to reality > than you think. > > Greetings, > > ------------------------------------------------------- > BlueScreen / Florian Hobelsberger (UIN: 101782087) > Member of: > www.IT-Checkpoint.net > www.Hackeinsteiger.de > www.NGSecurity.de > www.DvLdW.de.vu > > F�r Fragen im Bereich Datensicherheit wenden Sie sich bitte an: > www.Hackeinsteiger-Board.de > www.Securitypoint-board.de.vu > > > > > --__--__-- > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls > > > End of Firewalls Digest _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
