I've deal with this when I've set up Real Secure 5.0. Maybe
MAD_system_mode=off instead on, found in $FWDIR/conf/cmpad_config.conf. You
should receive some log entries with column 'Type' equal control and column
'Info' begins with 'SAM inhibit'. That what's happend when I try nmap (CP
FW-1 4.1 SP2 DES).
Another question: The ela proxy is running on the same platform as MAD is
running??
Regards,
sAM
-----Original Message-----
From: Scott Schindler [mailto:[EMAIL PROTECTED]]
Sent: Dienstag, 29. August 2000 16:43
To: [EMAIL PROTECTED]
Subject: [FW1] Has anyone used CPMAD
The courseware does not come with a lab, so I used syn4k and nmap to attack
a firewall. CPMAD is enabled by default, but I had to enable port scan
detection. CPMAD did absolutely nothing. And I could have easily filled
the hard drive with log entries. 4000 entries in about 45 seconds.
Anyone have experience out there with CPMAD and actually use it or have seen
it work? It defaults to fwalert, but no alerts showed up in system status.
I am looking for those with actual experience only. I am not looking for
web links.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
