Hi all -
At this point the Peering Personals part of the Peering BOF is full -
please do not send any more RSVPs.
Since there was confusion over this point the last time, there is no need
to RSVP to *attend* the Peering BOF, only to participate in the Peering
Personals during the second half
Dan == Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED] writes:
Dan http://xforce.iss.net/xforce/alerts/id/162
Dan http://xforce.iss.net/xforce/alerts/id/163
You know, I'm quite allergic to that word checkpoint. Perhaps I'm
completely wrong here, but ..
Might be a good idea to deploy
not that I'm a fan of any firewall product in particular, but...
On Thu, 5 Feb 2004, Suresh Ramasubramanian wrote:
Dan == Ingevaldson, Dan (ISS Atlanta) [EMAIL PROTECTED] writes:
Dan http://xforce.iss.net/xforce/alerts/id/162
Dan http://xforce.iss.net/xforce/alerts/id/163
You
Christopher L. Morrow [2/5/2004 10:45 PM] :
Sure, anything is dangerous in the 'right' (wrong?) hands. Is the fault
with the vendor or the person(s) implementing or the 'management' of said
person(s)? Even an openbsd firewall is a problem if not properly admin'd.
of course, but you do have to
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal with this beasts (we do
not use them, but some
Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal with this beasts (we do
not
again, not that I care about the vendor in question.. BUT
On Thu, 5 Feb 2004, Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network consultant,
who installed few hundred of them, and it
At 08:56 AM 2/5/2004, Suresh Ramasubramanian wrote:
Is there some really good network security for dummies book that I
can point such people at?
A social approach is often more effective than the technical approach
i.e. it is often easier to hack into a secured system via social
hacking. In a
Martin Hepworth wrote:
Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network
consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal
Is it still very counter intuitive to set up a PIX to _not_
do the eevul NAT? Is the PIX no longer PeeCee hardware underneath
(I know they got rid of the HDD) so not as to bring NOs down to the
level of the great unwashed throngs of desktop users?
Of course, PIX is still a CISCO - this
On PIX'en and FWSM it is very easy to disable the evil NAT all you
need is to enter the nat 0 command in global configuration mode. This
allows the PIX to pass addresses untranslated.
The Pixen are still based on intel hardware but to the best of my
knowledge they have never had a HDD and I
Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004
Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Vendor Notification
Rubens Kuhl Jr. wrote:
Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004
Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
In message [EMAIL PROTECTED], Rubens Kuhl Jr. writes:
Isn't it curious that two unrelated issues have been reported to CheckPoint
at the same day and the patches came out on the same day ?
Am I too paranoid, or it seems that CheckPoint had previous knowledge of the
bugs and they agreed with
Ok, I know that this is getting away from the original thread, but I've
always wondered this...
Why is the MTU on Ethernet 1500 bytes? I have looked through various
docs (eg IEEE Std 802.x) and can find where maxUntaggedFrameSize is
listed as 1518 octets, but there is no mention of why this
My point is that is very unlikely that both bugs had been discovered by ISS
within the same time frame. Two days is also little time do develop and
test, which raises the suspicion on this issue.
I'm not against notification before disclosure, but it seems that the dates
on this announcement
On Thu, 05 Feb 2004 14:56:13 EST, Steven M. Bellovin said:
Why is that bad? I have no objection to giving vendors a reasonable
amount of time to fix problems before announcing the whole. Or is your
point that two days hardly seems like enough time to develop -- and
*test* -- a fix?
Two
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
In the world of responsible release engineering, everything requires
regression testing.
Stephen
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
my memory from some decades in software product world is that
*any* change requires regression testing, especially the quick
little, it won't affect anything,
Why is the MTU on Ethernet 1500 bytes? I have looked through various
docs (eg IEEE Std 802.x) and can find where maxUntaggedFrameSize is
listed as 1518 octets, but there is no mention of why this was chosen.
I know where the minimum frame size comes from (CSMA/CD and propagation
times,
From: Warren Kumari [EMAIL PROTECTED]
Date: Thu, 5 Feb 2004 15:04:00 -0500
Sender: [EMAIL PROTECTED]
Ok, I know that this is getting away from the original thread, but I've
always wondered this...
Why is the MTU on Ethernet 1500 bytes? I have looked through various
docs (eg IEEE
Warren Kumari wrote:
Ok, I know that this is getting away from the original thread, but I've
always wondered this...
Why is the MTU on Ethernet 1500 bytes? I have looked through various
docs (eg IEEE Std 802.x) and can find where maxUntaggedFrameSize is
listed as 1518 octets, but there
Kevin Oberman wrote:
So there we are. Want to bet on whether 40 GigE will still have the 1522
byte limit?
What was the last year that automobiles had the fitting for
a crank on the front of the engine? (My recollection is that
it was several years after there was hole through the sheetmetal
On Thu, 05 Feb 2004 14:45:31 CST, Laurence F. Sheldon, Jr. [EMAIL PROTECTED] said:
[EMAIL PROTECTED] wrote:
Two days is plenty if it's a Homer Simpson-esque D'Oh! bug. Probably
not if it's something that requires some regression testing.
All bugs reduse to that, eventually, don't
As late as 1973 Dodge Power Wagons (WDX style, at least) still
had the aperture and the crankshaft end coupling for a hand crank. Dunno
about any later models.
David Leonard
ShaysNet
On Thu, 5 Feb
M. David Leonard wrote:
As late as 1973 Dodge Power Wagons (WDX style, at least) still
had the aperture and the crankshaft end coupling for a hand
crank. Dunno about any later models.
Kind of my point--I doubt that you could actually crank one
to start it (just guessing
26 matches
Mail list logo