R: [FW1] Log source entry

Thu, 13 Jul 2000 08:06:07 -0700 


Thank you for your reply.
The problem is that these names there aren't in my firewall objects, wins,
dns, hosts or lmhost file... (I run FW-1 on NT).
So I really can't figure out how FW-1 resolves them...

May be that the workstation running FW-1 log viewer contacts the logged ip
address by way of Netbios, and the contacted machine returns its host name
as defined into Windows98 control panel, or is this a stupid think? (my
netbios outgoing traffic is opened at this moment).

Thank you.



-----Messaggio originale-----
Da: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Inviato: gioved� 13 luglio 2000 16.12
A: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Oggetto: Re: [FW1] Log source entry


Roberto,

Firewall objects first, local hosts file
second, then DNS. I'm not sure(not tested)
if FW-1 uses standard calls to resolve names
if they aren't found as an object. Based on this,
the system may resolve based on nsswitch
parameters(or the like).

For NT, it might be the same, unless WINS or
LMHOST(NETBIOS resolving) is adhered to.

Confused yet? ;) One of these days, I'll play
with this and know for sure. I would suggest
giving it try also.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> "Roberto Bazzano" <[EMAIL PROTECTED]> 7/12/00 8:56:28 AM >>>
>
>Hi.
>I'm new to FW-1, so sorry if this is too simple...
>
>In my FW-1 4.1 SP1 log viewer, there are entries with source address like
>"MATRICOLE2" or "CENTRALE" or "OEMCOMPUTER" or "E0230605" and so on.
>Where does FW-1 take these names?
>Other source entries are ip addresses, or fully qualified domain names, so
>what are such addresses?
>And then, how can I track these addresses if there isn't an IP address or a
>domain name?
>
>Thank you.
>
>Roberto Bazzano





================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to