TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any problems!
----------------------------------------------------------------------------
Sunny,
The "Kill" function on RealSecure simply sends a TCP packet with the
reset-bit set to the host originating suspicious traffic. The packet is
sent to the same port number that originated the suspicious traffic.
Another reset packet is sent to the host (and corresponding port) that was
the recipient of the suspicious traffic.
If the RealSecure Engine is on the same side of the firewall as either the
attacker host or the target host (which should be the case), then it will be
able to kill at least one side of the connection, regardless of the
firewall's settings.
Regarding reset packets going through the firewall to reach a host on the
other side (e.g., the attacker and target hosts are on different sides of
the firewall): If the firewall is allowing the attack host to communicate
with the target host using a specific socket pair (addresses + ports), then
the firewall is already allowing the kill packets to pass through. So, no
special configuration is required.
Douglas R. Steinbaum
Naval Research Lab Code 5544, Network Security Section
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Sunny Leung
Sent: Tuesday, January 26, 1999 10:21 PM
To: [EMAIL PROTECTED]
Subject: Realsecure and Firewall
TO UNSUBSCRIBE: email "unsubscribe issforum" in the body of your message to
[EMAIL PROTECTED] Contact [EMAIL PROTECTED] for help with any
problems!
----------------------------------------------------------------------------
Dear All,
After enabling the "KILL" function on ISS Realsecure which is behide a
Firewall(Check Point), which port(s) should i open on Firewall to allow the
"KILL" traffic pass through Firewall ?
Regards,
Sunny
