To better add value for that class WE at RISCmanagement, Inc do port scans
and successive logon's while enabling CPMAD so students can get a good feel
on what it actually does and how it works! Rather than breezing through the
chapter and telling student "Hey sorry, but no labs for this chapter!".
--Michael
www.riscman.com
-----Original Message-----
From: Scott Schindler [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 29, 2000 2:08 PM
To: Samuel Wuethrich; [EMAIL PROTECTED]
Subject: Re: [FW1] Has anyone used CPMAD
The global setting is on. I am running everything on one machine. I get no
messages in the log regarding "sam inhibit", nothing but the normal failed
on cleanup rule message.
BTW This is not a production system. It is lab testing only. I train Check
Point and there is no lab for CPMAD and I have never actually heard of
anyone using it and I can't get it to do anything.
I am testing whether this is a marketing thing from Check Point or something
that actually adds value. If there is no lab, it makes me wonder if they
can even get it to work. But so few people use it, I can't get any
feedback.
----- Original Message -----
From: "Samuel Wuethrich" <[EMAIL PROTECTED]>
To: "Scott Schindler" <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, August 29, 2000 10:55 AM
Subject: RE: [FW1] Has anyone used CPMAD
> I've deal with this when I've set up Real Secure 5.0. Maybe
> MAD_system_mode=off instead on, found in $FWDIR/conf/cmpad_config.conf.
> You
> should receive some log entries with column 'Type' equal control and
> column
> 'Info' begins with 'SAM inhibit'. That what's happend when I try nmap
> (CP
> FW-1 4.1 SP2 DES).
> Another question: The ela proxy is running on the same platform as MAD
> is
> running??
>
> Regards,
> sAM
> -----Original Message-----
> From: Scott Schindler [mailto:[EMAIL PROTECTED]]
> Sent: Dienstag, 29. August 2000 16:43
> To: [EMAIL PROTECTED]
> Subject: [FW1] Has anyone used CPMAD
>
>
> The courseware does not come with a lab, so I used syn4k and nmap to
> attack
> a firewall. CPMAD is enabled by default, but I had to enable port scan
> detection. CPMAD did absolutely nothing. And I could have easily
> filled
> the hard drive with log entries. 4000 entries in about 45 seconds.
>
> Anyone have experience out there with CPMAD and actually use it or have
> seen
> it work? It defaults to fwalert, but no alerts showed up in system
> status.
>
> I am looking for those with actual experience only. I am not looking
> for
> web links.
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
