agreed... -----Original Message----- From: John Maestrale [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 7:26 AM To: '[EMAIL PROTECTED]' Subject: Why netscreen instead of say sonicwall
I guess if it doesn't have a point and click interface you wanna be engineers don't like it! There is nothing wrong with the PIX firewall. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 05, 2002 10:20 AM To: [EMAIL PROTECTED] Subject: Firewalls digest, Vol 1 #573 - 7 msgs Send Firewalls mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnac.net/mailman/listinfo/firewalls or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Firewalls digest..." Today's Topics: 1. RE: Why netscreen instead of say sonicwall (Ralph Los) 2. RE: Why netscreen instead of say sonicwall (Ron DuFresne) 3. pix pdm question (pd) 4. BGMP (Thiago Calicchio) 5. RE: BGMP (=?iso-8859-9?Q?L=FCtfi_Yelkenci?=) 6. unsuscribe [EMAIL PROTECTED] ([EMAIL PROTECTED]) 7. Re: BGMP (Adam Safier) --__--__-- Message: 1 From: "Ralph Los" <[EMAIL PROTECTED]> To: "'Pico GOH'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: Why netscreen instead of say sonicwall Date: Tue, 5 Mar 2002 01:23:35 -0500 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1C40E.47A77E70 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit In argument to the statement 'Check Point is still here - Still king of firewall'...I have to disagree. I've seen a lot of products lately - and I'm not so sure CheckPoint's arrogance is going to hold up as the de-facto standard for much longer. Yes, at one point they were the best...but now? Have you SEEN CyberGuard, and (if they cleaned up their 'slow' issues)SideWinder, or some of the open-source stuff? I certainly agree boxes like the PIX will never hope to catch up with their neanderthall interfaces and horrendous speeds - but there is competition now...and it's gaining FAST. Cheers all, ----------------------------------------| Ralph M. Los Sr. Security Consultant and Trainer EnterEdge Technology, L.L.C. Rlos at enteredge dot com (770) 955-9899 x.206 ----------------------------------------| ::-----Original Message----- ::From: Pico GOH [mailto:[EMAIL PROTECTED]] ::Sent: Saturday, March 02, 2002 5:57 PM ::To: [EMAIL PROTECTED] ::Subject: Why netscreen instead of say sonicwall :: :: ::Netscreen is quite simple firewall, it is more less Network ::device not a intelligent firewall..... ::If you need for the soho the mid-range firewalls are almost ::same in its performance. ::Netscreen's Perofmance should be examined in the real ::network, as it shows quite different performance. ::All of their products's performance are different from what ::they advertise. ::The Next Generation firewall is now on the way and it is ::built based on the network processor. ::Still SW based firewall works fine, ASIC Firewall is wee bit ::better in its performance ( But, A LOT OF LIMITS ), Network ::Processor Based Firewall show the true wire speed regard less ::packet size. Although Firewall -1 is old ,,,but its ::flexibility is quite well designed. ( ::Incomparable) :: ::And recognition of Check point is still there ( Still King Of ::Firewall) ........ :: ::please don't be confuse to with brand name of firewall..... ::wire speed is not what they says in the paper and in the labs. :: ::More question ... :: :: :: :: :: _____ :: ::Get more from the Web. FREE MSN Explorer download : http://explorer.msn.com ------_=_NextPart_001_01C1C40E.47A77E70 Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version = 5.5.2653.12"> <TITLE>RE: Why netscreen instead of say sonicwall</TITLE> </HEAD> <BODY> <P><FONT SIZE=3D2>In argument to the statement 'Check Point is still = here - Still king of firewall'...I have to disagree. I've seen a = lot of products lately - and I'm not so sure CheckPoint's arrogance is = going to hold up as the de-facto standard for much longer. Yes, = at one point they were the best...but now? Have you SEEN = CyberGuard, and (if they cleaned up their 'slow' issues)SideWinder, or = some of the open-source stuff? I certainly agree boxes like the = PIX will never hope to catch up with their neanderthall interfaces and = horrendous speeds - but there is competition now...and it's gaining = FAST.</FONT></P> <P><FONT SIZE=3D2>Cheers all,</FONT> </P> <P><FONT SIZE=3D2>----------------------------------------|</FONT> <BR><FONT SIZE=3D2>Ralph M. Los</FONT> <BR><FONT SIZE=3D2>Sr. Security Consultant and Trainer</FONT> <BR><FONT = SIZE=3D2> = EnterEdge Technology, L.L.C.</FONT> <BR><FONT = SIZE=3D2> Rlos at = enteredge dot com</FONT> <BR><FONT = SIZE=3D2> (770) = 955-9899 x.206</FONT> <BR><FONT SIZE=3D2>----------------------------------------| </FONT> </P> <P><FONT SIZE=3D2>::-----Original Message-----</FONT> <BR><FONT SIZE=3D2>::From: Pico GOH [<A = HREF=3D"mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</A>] </FONT> <BR><FONT SIZE=3D2>::Sent: Saturday, March 02, 2002 5:57 PM</FONT> <BR><FONT SIZE=3D2>::To: [EMAIL PROTECTED]</FONT> <BR><FONT SIZE=3D2>::Subject: Why netscreen instead of say = sonicwall</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::Netscreen is quite simple firewall, it is more = less Network </FONT> <BR><FONT SIZE=3D2>::device not a intelligent firewall..... = </FONT> <BR><FONT SIZE=3D2>::If you need for the soho the mid-range = firewalls are almost </FONT> <BR><FONT SIZE=3D2>::same in its performance. </FONT> <BR><FONT SIZE=3D2>::Netscreen's Perofmance should be examined in the = real </FONT> <BR><FONT SIZE=3D2>::network, as it shows quite different performance. = </FONT> <BR><FONT SIZE=3D2>::All of their products's performance are different = from what </FONT> <BR><FONT SIZE=3D2>::they advertise. </FONT> <BR><FONT SIZE=3D2>::The Next Generation firewall is now on the way and = it is </FONT> <BR><FONT SIZE=3D2>::built based on the network processor. </FONT> <BR><FONT SIZE=3D2>::Still SW based firewall works fine, ASIC Firewall = is wee bit </FONT> <BR><FONT SIZE=3D2>::better in its performance ( But, A LOT OF LIMITS = ), Network </FONT> <BR><FONT SIZE=3D2>::Processor Based Firewall show the true wire speed = regard less </FONT> <BR><FONT SIZE=3D2>::packet size. Although Firewall -1 is old = ,,,but its </FONT> <BR><FONT SIZE=3D2>::flexibility is quite well designed. (</FONT> <BR><FONT SIZE=3D2>::Incomparable)</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::And recognition of Check point is still there ( = Still King Of </FONT> <BR><FONT SIZE=3D2>::Firewall) ........ </FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::please don't be confuse to with brand name of = firewall..... </FONT> <BR><FONT SIZE=3D2>::wire speed is not what they says in the paper and = in the labs.</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::More question ... </FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>:: _____ </FONT> <BR><FONT SIZE=3D2>::</FONT> <BR><FONT SIZE=3D2>::Get more from the Web. FREE MSN Explorer download = : </FONT> <BR><FONT SIZE=3D2><A HREF=3D"http://explorer.msn.com"; = TARGET=3D"_blank">http://explorer.msn.com</A> </FONT> </P> <BR> </BODY> </HTML> ------_=_NextPart_001_01C1C40E.47A77E70-- --__--__-- Message: 2 Date: Tue, 5 Mar 2002 00:44:32 -0600 (CST) From: Ron DuFresne <[EMAIL PROTECTED]> To: Ralph Los <[EMAIL PROTECTED]> Cc: "'Pico GOH'" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: Why netscreen instead of say sonicwall On Tue, 5 Mar 2002, Ralph Los wrote: > In argument to the statement 'Check Point is still here - Still king of > firewall'...I have to disagree. I've seen a lot of products lately - and > I'm not so sure CheckPoint's arrogance is going to hold up as the de-facto > standard for much longer. Yes, at one point they were the best...but now? > Have you SEEN CyberGuard, and (if they cleaned up their 'slow' > issues)SideWinder, or some of the open-source stuff? I certainly agree > boxes like the PIX will never hope to catch up with their neanderthall > interfaces and horrendous speeds - but there is competition now...and it's > gaining FAST. > Two main points to consider here though still remain: 1> the best technology does not equate to the best product to do well in the market place. 2> once market share has been established and recognition claimed, it's hard for underdogs to rise above that leader, short of buying out your fellow uderdog competitors to gain a 'larger' share of that market space. We're seeing alot of this consolidation, still. And this tends to further weaken the technology thence forthcoming. I'm sure we'll see alot of speed related advances in all the current major players in the present market, I'm not so sure we'll see dramatic changes in the ratings of those leaders though. Certainly I trust the fw-1 folks to not stand still while their compentitors do R&D and push features to market, and vice-versa Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. --__--__-- Message: 3 Reply-To: "pd" <[EMAIL PROTECTED]> From: "pd" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: pix pdm question Date: Fri, 1 Mar 2002 13:36:04 +0100 This is a multi-part message in MIME format. ------=_NextPart_000_0053_01C1C126.091AE4C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable hi does anyboy know how to connecto to pix PDM by outside interface ?=20 thx --- piXi_MX3, mx3, 1600, 16V, 1995 http://kapsel.topnet.pl -- Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie! [ http://oferty.onet.pl ] ------=_NextPart_000_0053_01C1C126.091AE4C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4134.600" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT size=3D2>hi</FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>does anyboy know how to connecto to pix PDM by = outside=20 interface ? </FONT></DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2></FONT> </DIV> <DIV><FONT size=3D2>thx</FONT></DIV> <DIV><FONT size=3D2>---<BR>piXi_MX3, mx3, 1600, 16V, 1995<BR><A=20 href=3D"http://kapsel.topnet.pl";>http://kapsel.topnet.pl</A><BR></FONT></= DIV> <div align=left> <hr width=450> <br> <font size="-1" color="#000000" face="Verdana Ce, Verdana, Tahoma Ce, Tahoma, Arial Ce, Arial, Helvetica Ce, Helvetica"> Okresl Swoje potrzeby - my znajdziemy oferte za Ciebie!<br> [ <a href="http://oferty.onet.pl";>http://oferty.onet.pl</a> ] </font> <br> <hr width=450> </div></BODY></HTML> ------=_NextPart_000_0053_01C1C126.091AE4C0-- --__--__-- Message: 4 From: "Thiago Calicchio" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: BGMP Date: Fri, 1 Mar 2002 04:20:00 -0300 This is a multi-part message in MIME format. ------=_NextPart_000_006E_01C1C0D8.5A81A7C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable I performed a portscan on my firewall. Its listening on ports 264 and 265. What are they for? ------=_NextPart_000_006E_01C1C0D8.5A81A7C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-1"> <META content=3D"MSHTML 5.50.4522.1800" name=3DGENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=3D#ffffff> <DIV><FONT face=3DArial>I performed a portscan on my firewall. Its = listening<BR>on=20 ports 264 and 265. What are they for?<BR><BR></FONT></DIV></BODY></HTML> ------=_NextPart_000_006E_01C1C0D8.5A81A7C0-- --__--__-- Message: 5 From: =?iso-8859-9?Q?L=FCtfi_Yelkenci?= <[EMAIL PROTECTED]> To: Thiago Calicchio <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: BGMP Date: Tue, 5 Mar 2002 09:07:49 +0200 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C1C414.756221C0 Content-Type: text/plain; charset="iso-8859-9" They are for firewall's management services... Lutfi -----Original Message----- From: Thiago Calicchio [mailto:[EMAIL PROTECTED]] Sent: Friday, March 01, 2002 9:20 AM To: [EMAIL PROTECTED] Subject: BGMP I performed a portscan on my firewall. Its listening on ports 264 and 265. What are they for? ------_=_NextPart_001_01C1C414.756221C0 Content-Type: text/html; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <html xmlns:v=3D"urn:schemas-microsoft-com:vml" = xmlns:o=3D"urn:schemas-microsoft-com:office:office" = xmlns:w=3D"urn:schemas-microsoft-com:office:word" = xmlns:st1=3D"urn:schemas-microsoft-com:office:smarttags" = xmlns=3D"http://www.w3.org/TR/REC-html40";> <head> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Diso-8859-9"> <meta name=3DProgId content=3DWord.Document> <meta name=3DGenerator content=3D"Microsoft Word 10"> <meta name=3DOriginator content=3D"Microsoft Word 10"> <link rel=3DFile-List href=3D"cid:[EMAIL PROTECTED]";> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"time"/> <o:SmartTagType = namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags" name=3D"date"/> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:HyphenationZone>21</w:HyphenationZone> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <style> st1\:*{behavior:url(#default#ieooui) } </style> <![endif]--> <style> <!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:162; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:553679495 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:595.3pt 841.9pt; margin:70.85pt 70.85pt 70.85pt 70.85pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--> </head> <body bgcolor=3Dwhite lang=3DTR link=3Dblue vlink=3Dpurple = style=3D'tab-interval:35.4pt'> <div class=3DSection1> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>They are for firewall's management = services...<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'>Lutfi<o:p></o:p></span></font></p> <p class=3DMsoNormal><font size=3D2 color=3Dnavy face=3DArial><span = style=3D'font-size: 10.0pt;font-family:Arial;color:navy'><o:p> </o:p></span></font></p>= <p class=3DMsoNormal style=3D'margin-left:35.4pt'><font size=3D2 = face=3DTahoma><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:Tahoma;mso-ansi-language:EN-US'>--= ---Original Message-----<br> <b><span style=3D'font-weight:bold'>From:</span></b> Thiago Calicchio [mailto:[EMAIL PROTECTED]<span class=3DGramE>] <br> <b><span style=3D'font-weight:bold'>Sent</span></b></span><b><span style=3D'font-weight:bold'>:</span></b> </span></font><st1:date = Month=3D"3" Day=3D"1" Year=3D"2002"><font size=3D2 face=3DTahoma><span lang=3DEN-US = style=3D'font-size:10.0pt; font-family:Tahoma;mso-ansi-language:EN-US'>Friday, March 01, = 2002</span></font></st1:date><font size=3D2 face=3DTahoma><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:Tahoma; mso-ansi-language:EN-US'> </span></font><st1:time Hour=3D"9" = Minute=3D"20"><font size=3D2 face=3DTahoma><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:Tahoma; mso-ansi-language:EN-US'>9:20 AM</span></font></st1:time><font = size=3D2 face=3DTahoma><span lang=3DEN-US = style=3D'font-size:10.0pt;font-family:Tahoma; mso-ansi-language:EN-US'><br> <b><span style=3D'font-weight:bold'>To:</span></b> = [EMAIL PROTECTED]<br> <b><span style=3D'font-weight:bold'>Subject:</span></b> = BGMP</span></font></p> <p class=3DMsoNormal style=3D'margin-left:35.4pt'><font size=3D3 face=3D"Times New Roman"><span = style=3D'font-size:12.0pt'><o:p> </o:p></span></font></p> <div> <p class=3DMsoNormal = style=3D'mso-margin-top-alt:0cm;margin-right:0cm;margin-bottom: 12.0pt;margin-left:35.4pt'><font size=3D3 face=3DArial><span = style=3D'font-size:12.0pt; font-family:Arial'>I performed a portscan on my firewall. Its = listening<br> on ports 264 and 265. What are they for?</span></font><o:p></o:p></p> </div> </div> </body> </html> ------_=_NextPart_001_01C1C414.756221C0-- --__--__-- Message: 6 To: [EMAIL PROTECTED] Subject: unsuscribe [EMAIL PROTECTED] From: [EMAIL PROTECTED] Date: Tue, 5 Mar 2002 09:36:05 +0100 This is a multipart message in MIME format. --=_alternative 002F495FC1256B73_= Content-Type: text/plain; charset="us-ascii" unsuscribe [EMAIL PROTECTED] --=_alternative 002F495FC1256B73_= Content-Type: text/html; charset="us-ascii" <br><font size=1 face="sans-serif">unsuscribe [EMAIL PROTECTED]</font> --=_alternative 002F495FC1256B73_=-- --__--__-- Message: 7 From: "Adam Safier" <[EMAIL PROTECTED]> To: "L�tfi Yelkenci" <[EMAIL PROTECTED]>, "Thiago Calicchio" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: BGMP Date: Tue, 5 Mar 2002 10:23:47 -0500 This is a multi-part message in MIME format. ------=_NextPart_000_0017_01C1C42F.D6078A90 Content-Type: text/plain; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable Firfewall-1 listens to a series of management ports on all interfaces if = the "Accept VPN-1 & Firewall ...." implied rule under Security Policy = is checked. Bombarding the management ports with malformed / oversized = packets could cause old (2.1) FW-1 to hang hard - a DoS. I don't know = if they fixed it. The work around I came up with was to add a rule 1 so = that it only allowed management ports to and from internal trusted hosts = and then I uncheck the implied rule. I ran into trouble with this = method in FW-1 4.1 during a rush install (locked ourselves out) so we = left the implied rule checked and blocked the ports with an ACL on the = external router, just in case CP had not fixed the DoS vulnerability. =20 Adam Adam Safier=20 Global Systems & Strategies, Inc (GSS)=20 7000 Security Blvd, Suite 300=20 Baltimore, Md. 21244=20 (443) 436-6393=20 [EMAIL PROTECTED] ----- Original Message -----=20 From: L=FCtfi Yelkenci=20 To: Thiago Calicchio ; [EMAIL PROTECTED]=20 Sent: Tuesday, March 05, 2002 2:07 AM Subject: RE: BGMP They are for firewall's management services... Lutfi =20 -----Original Message----- From: Thiago Calicchio [mailto:[EMAIL PROTECTED]]=20 Sent: Friday, March 01, 2002 9:20 AM To: [EMAIL PROTECTED] Subject: BGMP =20 I performed a portscan on my firewall. Its listening on ports 264 and 265. What are they for? ------=_NextPart_000_0017_01C1C42F.D6078A90 Content-Type: text/html; charset="iso-8859-9" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML xmlns=3D"http://www.w3.org/TR/REC-html40"; xmlns:v =3D=20 "urn:schemas-microsoft-com:vml" xmlns:o =3D=20 "urn:schemas-microsoft-com:office:office" xmlns:w =3D=20 "urn:schemas-microsoft-com:office:word" xmlns:st1 =3D=20 "urn:schemas-microsoft-com:office:smarttags"><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Diso-8859-9"> <META content=3DWord.Document name=3DProgId> <META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR> <META content=3D"Microsoft Word 10" name=3DOriginator><LINK=20 href=3D"cid:[EMAIL PROTECTED]"; = rel=3DFile-List><o:SmartTagType=20 name=3D"time"=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT= ype><o:SmartTagType=20 name=3D"date"=20 namespaceuri=3D"urn:schemas-microsoft-com:office:smarttags"></o:SmartTagT= ype><!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:GrammarState>Clean</w:GrammarState> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:HyphenationZone>21</w:HyphenationZone> <w:EnvelopeVis/> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if !mso]> <STYLE>st1\:* { BEHAVIOR: url(#default#ieooui) } </STYLE> <![endif]--> <STYLE> <!-- /* Font Definitions */ @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:162; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:553679495 -2147483648 8 0 66047 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0cm; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} span.EmailStyle17 {mso-style-type:personal-reply; mso-style-noshow:yes; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; font-family:Arial; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} span.GramE {mso-style-name:""; mso-gram-e:yes;} @page Section1 {size:595.3pt 841.9pt; margin:70.85pt 70.85pt 70.85pt 70.85pt; mso-header-margin:35.4pt; mso-footer-margin:35.4pt; mso-paper-source:0;} div.Section1 {page:Section1;} --> </STYLE> <!--[if gte mso 10]> <style> /* Style Definitions */=20 table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman";} </style> <![endif]--><!--[if gte mso 9]><xml> <o:shapedefaults v:ext=3D"edit" spidmax=3D"1026" /> </xml><![endif]--><!--[if gte mso 9]><xml> <o:shapelayout v:ext=3D"edit"> <o:idmap v:ext=3D"edit" data=3D"1" /> </o:shapelayout></xml><![endif]--></HEAD> <BODY lang=3DTR style=3D"tab-interval: 35.4pt" vLink=3Dpurple = link=3Dblue bgColor=3Dwhite> <DIV><FONT face=3DArial size=3D2>Firfewall-1 listens to a series of = management ports=20 on all interfaces if the "Accept VPN-1 & Firewall ...." = implied rule=20 under Security Policy is checked. Bombarding the management ports = with=20 malformed / oversized packets could cause old (2.1) FW-1 to hang hard - = a=20 DoS. I don't know if they fixed it. The work around I = came up=20 with was to add a rule 1 so that it only allowed management=20 ports to and from internal trusted hosts and then I uncheck the = implied=20 rule. I ran into trouble with this method in FW-1 4.1 during a = rush=20 install (locked ourselves out) so we left the implied rule checked = and=20 blocked the ports with an ACL on the external router, just in case CP = had not=20 fixed the DoS vulnerability. </FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Adam</FONT></DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2></FONT> </DIV> <DIV><FONT face=3DArial size=3D2>Adam Safier <BR>Global Systems & = Strategies,=20 Inc (GSS) <BR>7000 Security Blvd, Suite 300 <BR>Baltimore, Md. 21244 = <BR>(443)=20 436-6393 <BR><A=20 href=3D"mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A></FONT></DIV> <BLOCKQUOTE dir=3Dltr=20 style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; = BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px"> <DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV> <DIV=20 style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: = black"><B>From:</B>=20 <A [EMAIL PROTECTED] = href=3D"mailto:[EMAIL PROTECTED]";>L=FCtfi=20 Yelkenci</A> </DIV> <DIV style=3D"FONT: 10pt arial"><B>To:</B> <A = [EMAIL PROTECTED]=20 href=3D"mailto:[EMAIL PROTECTED]";>Thiago Calicchio</A> ; <A=20 [EMAIL PROTECTED]=20 href=3D"mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A> = </DIV> <DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Tuesday, March 05, 2002 = 2:07=20 AM</DIV> <DIV style=3D"FONT: 10pt arial"><B>Subject:</B> RE: BGMP</DIV> <DIV><BR></DIV> <DIV class=3DSection1> <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: Arial">They are = for=20 firewall's management services...<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: = Arial">Lutfi<o:p></o:p></SPAN></FONT></P> <P class=3DMsoNormal><FONT face=3DArial color=3Dnavy size=3D2><SPAN=20 style=3D"FONT-SIZE: 10pt; COLOR: navy; FONT-FAMILY: = Arial"><o:p> </o:p></SPAN></FONT></P> <P class=3DMsoNormal style=3D"MARGIN-LEFT: 35.4pt"><FONT face=3DTahoma = size=3D2><SPAN=20 lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma; mso-ansi-language: = EN-US">-----Original=20 Message-----<BR><B><SPAN style=3D"FONT-WEIGHT: bold">From:</SPAN></B> = Thiago=20 Calicchio [mailto:[EMAIL PROTECTED]<SPAN class=3DGramE>] = <BR><B><SPAN=20 style=3D"FONT-WEIGHT: bold">Sent</SPAN></B></SPAN><B><SPAN=20 style=3D"FONT-WEIGHT: bold">:</SPAN></B> </SPAN></FONT><st1:date = Year=3D"2002"=20 Day=3D"1" Month=3D"3"><FONT face=3DTahoma size=3D2><SPAN lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma; mso-ansi-language: = EN-US">Friday,=20 March 01, 2002</SPAN></FONT></st1:date><FONT face=3DTahoma = size=3D2><SPAN=20 lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma; mso-ansi-language: = EN-US">=20 </SPAN></FONT><st1:time Minute=3D"20" Hour=3D"9"><FONT face=3DTahoma = size=3D2><SPAN=20 lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma; mso-ansi-language: = EN-US">9:20=20 AM</SPAN></FONT></st1:time><FONT face=3DTahoma size=3D2><SPAN = lang=3DEN-US=20 style=3D"FONT-SIZE: 10pt; FONT-FAMILY: Tahoma; mso-ansi-language: = EN-US"><BR><B><SPAN=20 style=3D"FONT-WEIGHT: bold">To:</SPAN></B> <A=20 = href=3D"mailto:[EMAIL PROTECTED]";>[EMAIL PROTECTED]</A><BR>= <B><SPAN=20 style=3D"FONT-WEIGHT: bold">Subject:</SPAN></B> BGMP</SPAN></FONT></P> <P class=3DMsoNormal style=3D"MARGIN-LEFT: 35.4pt"><FONT face=3D"Times = New Roman"=20 size=3D3><SPAN style=3D"FONT-SIZE: = 12pt"><o:p> </o:p></SPAN></FONT></P> <DIV> <P class=3DMsoNormal=20 style=3D"MARGIN-BOTTOM: 12pt; MARGIN-LEFT: 35.4pt; MARGIN-RIGHT: 0cm; = mso-margin-top-alt: 0cm"><FONT=20 face=3DArial size=3D3><SPAN style=3D"FONT-SIZE: 12pt; FONT-FAMILY: = Arial">I=20 performed a portscan on my firewall. Its listening<BR>on ports 264 and = 265.=20 What are they=20 for?</SPAN></FONT><o:p></o:p></P></DIV></DIV></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0017_01C1C42F.D6078A90-- --__--__-- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls End of Firewalls Digest _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
