[FW1] [FW-1] Log/Report question, FW-1 3.0b

Our firewall filters traffic for a class B and a class C network, a total of 65,792 (2^16 + 256) addresses. It's been noted that when we run reports such as fwlogsum and others that are home-grown, the number of targeted addresses within our LAN is never reported above approximately 57,600,

[FW1] Another port question: 47017/tcp, is it used by a trojan, etc.?

Got a heavy scan a while back that used port 47017/tcp. Anybody know of a trojan running on that port as a default, or any other info pertaining? Thanks, Chuck Sterling System / Network Administrator NASA White Sands Test Facility Las Cruces, New Mexico, USA 505-524-5661 Magic is REAL, unless

RE: [FW1] Problems with FW 4.1 SP 3

We found it necessary to lock in each UTP interface on our various sun systems running Solaris 2.6 in order to get sufficient throughput. Autonegotiate did not cut it. Some were locked at 100FD, others at 10HD, but in every case when we matched up the locked-in bridge settings with the I/F

[FW1] Can HTTP on unknown ports be blocked?

If someone sets up an HTTP server within my LAN, listening on an unknown (to me) port above 1023, can FW-1 (ver 3.0b or later) detect that the traffic is HTTP even though it is not running on port 80, and be configured to block attempts to access it automatically without interactive intervention

RE: [FW1] Rule question

I'm not an expert on this, but we have rules to control outbound connections and others to control inbound. It does add a bit of complexity as far as number of rules, but it is relatively simple to keep track of what rule does what. We put the outbound rules at the top of the list, inbound ones

[FW1] Removing objects using a command line ??

this sort of thing available? Thanks... Chuck Sterling Chuck Sterling System / Network Administrator NASA White Sands Test Facility Las Cruces, New Mexico, USA 505-524-5661 Magic is REAL, unless declar

RE: [FW1] Need help understanding snoop output

, like these, are always dropped. Thanks again, Chuck Sterling -- From: Roy G. Culley[SMTP:[EMAIL PROTECTED]] Sent: Friday, November 03, 2000 3:35 AM To: Sterling, Chuck Subject: Re: [FW1] Need help understanding "snoop" output Hi, What you

RE: [FW1] Need help understanding snoop output

To: Sterling, Chuck Subject: Re: [FW1] Need help understanding "snoop" output I hadn't seen any replies on the list to your message. So if you already have the answers you need please disregard and put directly in the trash now just let me know that you

[FW1] Need help understanding snoop output

Hello, The last few days we've been seeing a lot of more-or-less random ping traffic with an apparent source address of 207.88.240.101, as far as the FW-1 firewall log shows. Using "snoop" on Solaris 2.6, I captured a few packets, an example of which is below. I confess confusion. Note that

[FW1] Probe, apparently from Microsoft??

Hi all... Gotta question. A few minutes ago we received a minor barrage of probes with an apparent source of www.microsoft.com, all four addresses, attempting to hit random addresses on our network using ports 1024 and 3072. This has happened before, and often enough to finally make it onto my

RE: [FW1][SUMMARY] Urgent. I'm under attack

I wonder what "strings in.lpda" yields with the valid program... Chuck Sterling System/Network Administrator NASA White Sands Test Facility Magic is REAL, unless declared INTEGER. -- From: Joe Voisin[SMTP:[EMAIL PROTECTED]] Sent: Wednesday, August 02, 2000 8:04 AM

RE: [FW1] Name Resolution

declared INTEGER. -- From: Randall Kizer[SMTP:[EMAIL PROTECTED]] Sent: Friday, July 14, 2000 2:14 AM To: Sterling, Chuck Subject: Re: [FW1] Name Resolution Have you tried Web Trends? I believe you can specify name resolution as a feature of Web Trends

[FW1] Name Resolution

We attempt to do an log export nightly using DNS name resolution, however it often takes too long to be practical. Without name resolution it is very quick, of course. What I am looking for is a program or script that can accept the non-resolved export file as input and provide a name-resolved

RE: [FW1] Name Resolution

: Ivan Auger[SMTP:[EMAIL PROTECTED]] Reply To: Ivan Auger Sent: Thursday, July 13, 2000 2:10 PM To: Sterling, Chuck Subject: Re: [FW1] Name Resolution Check http://www.ginini.com.au/tools/fw1/ and use the -R option (i.e. Resolve IP addresses locally rather than in FW1 ). I

RE: [FW1] RE: icmp-type8 icmp code 0

That would be "echo request", and the idea is to get a response (type 0, echo reply) from all the hosts on the network, either to map it or to cause a denial-of-service. I think someone else already replied to the original message... Chuck Sterling System/Network Administrator NASA White Sands

[FW1] SYNDefender

Where can I get info on SYNDefender, a configuration option in FW-1? Why and how to use it, or why not... Thanks, Chuck Sterling System/Network Administrator NASA White Sands Test Facility Magic is REAL, unless declared INTEGER.

RE: [FW1] SYNDefender

Thanks to all that replied. Just what I needed... Chuck Sterling System/Network Administrator NASA White Sands Test Facility Magic is REAL, unless declared INTEGER. -- From: Sterling, Chuck Sent: Monday, June 19, 2000 7:55 AM To: 'Fw-1-Mailinglist (E-mail

[FW1] Jolt 2

My apologies if this has already been discussed. I just received this notice, among others, and would like advice on how to counter this tool, if possible. If the answers are already in the archives, just point me in the right direction... (Security Wire Digest, Vol. 2, No. 22; 12 June)