Our firewall filters traffic for a class B and a class C network, a total of
65,792 (2^16 + 256) addresses. It's been noted that when we run reports such
as fwlogsum and others that are home-grown, the number of targeted addresses
within our LAN is never reported above approximately 57,600,
Got a heavy scan a while back that used port 47017/tcp. Anybody know of a
trojan running on that port as a default, or any other info pertaining?
Thanks,
Chuck Sterling
System / Network Administrator
NASA White Sands Test Facility
Las Cruces, New Mexico, USA
505-524-5661
Magic is REAL, unless
We found it necessary to lock in each UTP interface on our various sun
systems running Solaris 2.6 in order to get sufficient throughput.
Autonegotiate did not cut it. Some were locked at 100FD, others at 10HD, but
in every case when we matched up the locked-in bridge settings with the I/F
If someone sets up an HTTP server within my LAN, listening on an unknown (to
me) port above 1023, can FW-1 (ver 3.0b or later) detect that the traffic is
HTTP even though it is not running on port 80, and be configured to block
attempts to access it automatically without interactive intervention
I'm not an expert on this, but we have rules to control outbound connections
and others to control inbound. It does add a bit of complexity as far as
number of rules, but it is relatively simple to keep track of what rule does
what. We put the outbound rules at the top of the list, inbound ones
this sort of thing available?
Thanks...
Chuck Sterling
Chuck Sterling
System / Network Administrator
NASA White Sands Test Facility
Las Cruces, New Mexico, USA
505-524-5661
Magic is REAL, unless declar
, like these, are always dropped.
Thanks again,
Chuck Sterling
--
From: Roy G. Culley[SMTP:[EMAIL PROTECTED]]
Sent: Friday, November 03, 2000 3:35 AM
To: Sterling, Chuck
Subject: Re: [FW1] Need help understanding "snoop" output
Hi,
What you
To: Sterling, Chuck
Subject: Re: [FW1] Need help understanding "snoop" output
I hadn't seen any replies on the list to your message. So if you
already have the answers you need please disregard and put directly in the
trash now just let me know that you
Hello,
The last few days we've been seeing a lot of more-or-less random ping
traffic with an apparent source address of 207.88.240.101, as far as the
FW-1 firewall log shows. Using "snoop" on Solaris 2.6, I captured a few
packets, an example of which is below. I confess confusion. Note that
Hi all...
Gotta question. A few minutes ago we received a minor barrage of probes with
an apparent source of www.microsoft.com, all four addresses, attempting to
hit random addresses on our network using ports 1024 and 3072. This has
happened before, and often enough to finally make it onto my
I wonder what "strings in.lpda" yields with the valid program...
Chuck Sterling
System/Network Administrator
NASA White Sands Test Facility
Magic is REAL, unless declared INTEGER.
--
From: Joe Voisin[SMTP:[EMAIL PROTECTED]]
Sent: Wednesday, August 02, 2000 8:04 AM
declared INTEGER.
--
From: Randall Kizer[SMTP:[EMAIL PROTECTED]]
Sent: Friday, July 14, 2000 2:14 AM
To: Sterling, Chuck
Subject: Re: [FW1] Name Resolution
Have you tried Web Trends? I believe you can specify name resolution as a
feature of Web Trends
We attempt to do an log export nightly using DNS name resolution, however it
often takes too long to be practical. Without name resolution it is very
quick, of course.
What I am looking for is a program or script that can accept the
non-resolved export file as input and provide a name-resolved
: Ivan Auger[SMTP:[EMAIL PROTECTED]]
Reply To: Ivan Auger
Sent: Thursday, July 13, 2000 2:10 PM
To: Sterling, Chuck
Subject: Re: [FW1] Name Resolution
Check http://www.ginini.com.au/tools/fw1/ and use the -R option (i.e.
Resolve
IP addresses locally rather than in FW1 ).
I
That would be "echo request", and the idea is to get a response (type 0,
echo reply) from all the hosts on the network, either to map it or to cause
a denial-of-service. I think someone else already replied to the original
message...
Chuck Sterling
System/Network Administrator
NASA White Sands
Where can I get info on SYNDefender, a configuration option in FW-1?
Why and how to use it, or why not...
Thanks,
Chuck Sterling
System/Network Administrator
NASA White Sands Test Facility
Magic is REAL, unless declared INTEGER.
Thanks to all that replied. Just what I needed...
Chuck Sterling
System/Network Administrator
NASA White Sands Test Facility
Magic is REAL, unless declared INTEGER.
--
From: Sterling, Chuck
Sent: Monday, June 19, 2000 7:55 AM
To: 'Fw-1-Mailinglist (E-mail
My apologies if this has already been discussed. I just received this
notice, among others, and would like advice on how to counter this tool, if
possible. If the answers are already in the archives, just point me in the
right direction...
(Security Wire Digest, Vol. 2, No. 22; 12 June)
18 matches
Mail list logo