Kathy,
Did you look on both the fw and the mgt systems(if
they're not on the same box) to see if mail is indeed
the same(alias) or defined as another service. It's there,
you just need to find it. You did look through the Managed
Service in the GUI right? Try and grep for it in the
$FWDIR/conf dir, /etc/services. Maybe you passed
over it.
Run a snoop and see if you can determine the actual
port number that the fw/mgt is seeing.
As for becoming your companies sec-guru, welcome!
It sounds like your off to a good start and auditing your
systems is a great way to understand what's going on.
if you haven't been on the list long, check out the
following sites for more info.
www.phoneboy.com/fw1
www.enteract.com/~lspitz
Robert
>>> "Kathy Chapman" <[EMAIL PROTECTED]> 8/30/00 10:24:30 AM >>>
>Robert,
>Thanks for the help. Yes, I am relatively new. Our administrator took another job
>recently, and
>although I had been the backup and did take the Checkpoint classes, I've been on my
>own for two
>months. I've been examing the logs and rulebase for holes and anomolies and trying
>to close/resolve
>them.
>
>I did look at /etc/services. The strange thing is the logviewer is showing both SMTP
>and MAIL in the
>services column. SMTP is accepted while MAIL is being dropped. If MAIL is an alias
>for SMTP, I
>would think it would be accepted.
>
>Kathy
>
>>>> "Robert MacDonald" <[EMAIL PROTECTED]> 08/30/00 10:11AM >>>
>Kathy,
>
>Generally it's an alias for SMTP.
>
>Look through the firewall services(most likely you
>did this), the /etc/services or $systemroot/system32/drivers/etc.
>
>Sounds like someone may have added this. Are you
>new to this system or administrating your fw? If so,
>you will want to verify _everything_ about that system(s),
>to make sure you understand why it designed & configured
>the way it is. Obviously (and _carefully_) disabling anything
>that you cannot verify is needed.
>
>If not, my apologies for making such a blunderous
>ASSumption. :)
>
>Robert
>
>- -
>Robert P. MacDonald, Network Engineer
>e-Business Infrastructure
>G o r d o n F o o d S e r v i c e
>Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
>>>> "Kathy Chapman" <[EMAIL PROTECTED]> 8/30/00 9:52:20 AM >>>
>>
>>Checkpoint 4.0 on Solaris
>>
>>The log is showing dropped tcp traffic for service "mail" to my SMTP server. I have
>a service SMTP
>>which is defined as TCP port 25 (which works fine). I have been unable to find out
>which port is
>>associated with this "mail" service - it's not defined in my rulebase.
>>
>>The rule that's dropping it is NOT: any, any, annoying-services, drop.
>>The cleanup rule is dropping it: any, any, any, drop.
>>
>>Any help is greatly appreciated.
>>
>>Kathy Chapman
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
