From owner-firewalls-list Sun Nov 30 23:59:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA28658; Sun, 30 Nov 1997 23:52:20 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA28651 for ; Sun, 30 Nov 1997 23:52:15 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id CAA08120; Mon, 1 Dec 1997 02:52:37 -0500 (EST) From: Adam Shostack Message-Id: <199712010752.CAA08120@homeport.org> Subject: Re: How do Firewalls deal with the Ident Protocol? In-Reply-To: <3.0.1.32.19971201132603.00a0ec40@mail01.cbr.hcn.net.au> from Peter Newman at "Dec 1, 97 01:26:03 pm" To: Peter.Newman@hcn.net.au (Peter Newman) Date: Mon, 1 Dec 1997 02:52:36 -0500 (EST) Cc: firewalls@GreatCircle.COM X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk As a FW admin, I'd see no reason to pass identd. It can't be relied on as an authentication mechanism, its been used as an attack vector. So, I'd disagree that 'correct' configuration is to send these auth checks to the interior host. The polite thing to do is to configure the packet filter to send a RST to any identd packet it gets, indicating that the recieving host doesn't support identd, and getting past the obnoxious timeouts. Adam Peter Newman wrote: | Hi, | | I was recently troubleshooting some SMTP and POP server problems | particularly dealing with firewall interaction. A client of ours was | hidden behind a firewall and was having some difficulty trying to use our | SMTP and POP servers. Now we have other clients behind other firewalls | which have absolutely no trouble using these services. However after some | debugging we determined that authentication requests were timing out on | port 113 (refer to rfc1413) at his firewall. So I disabled this request | needed by our POP server and set the timeout on our SMTP server to be much | less then the default 30 seconds defined by the sendmail 8.8.5 MTA. | | Still it strikes me that this third party vendor firewall product is not | correctly configured to send these auth checks to the correct host inside | the firewall. Can anybody confirm this for me? | | Not having a firewall background I do see conceptual problems in how | firewalls can return the auth request to the correct host - so how do | firewalls deal with the ident protocol? | | Regards, | Pete. | -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-list Mon Dec 1 03:56:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA14846; Mon, 1 Dec 1997 03:27:19 -0800 (PST) Received: from lithium.technet.net (lithium.technet.net [195.80.199.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA14839 for ; Mon, 1 Dec 1997 03:27:12 -0800 (PST) Received: from sco12.coconet.de ([192.108.31.106]) by lithium.technet.net (Netscape Messaging Server 3.0) with SMTP id AAA14733 for ; Mon, 1 Dec 1997 12:29:57 +0100 Received: from pc103.coconet.de by sco12.coconet.de with SMTP (5.65/GEN-1.2.4) Mon, 1 Dec 97 09:49:50 +0100 Message-Id: <34829F31.6F74@coconet.de> Date: Mon, 01 Dec 1997 12:27:45 +0100 From: Dirk Rudloff X-Mailer: Mozilla 3.0 (WinNT; I) Mime-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: FTP-security-lacks/risks Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, I want to secure the FTP-service from the Internet into a local network. Is there a chance to do so with a firewall-system or what kind of techniques must be used? Is anywhere a list available concerning all FTP-security-lacks/risks. Thanks in advance. Dirk From owner-firewalls-list Mon Dec 1 06:37:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA23694; Mon, 1 Dec 1997 06:16:20 -0800 (PST) Received: from mako.netlink.co.nz (mako.netlink.co.nz [202.37.60.47]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id GAA23687 for ; Mon, 1 Dec 1997 06:16:14 -0800 (PST) Received: from dave.loka.co.nz (loka.wn.netlink.net.nz [202.37.61.23]) by mako.netlink.co.nz (8.8.6/8.8.6) with SMTP id DAA27565 for ; Tue, 2 Dec 1997 03:19:05 +1300 (NZDT) Received: by dave.loka.co.nz with Microsoft Mail id <01BCFED1.9668C5C0@dave.loka.co.nz>; Tue, 2 Dec 1997 03:22:58 +1300 Message-ID: <01BCFED1.9668C5C0@dave.loka.co.nz> From: D Cathro To: "'Firewalls@GreatCircle.COM'" Subject: Dial-out modem pool Date: Tue, 2 Dec 1997 03:22:54 +1300 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Apologies if this is slightly off topic, and also if this has been = covered recently as I am new to this group..... I am looking for a product to provide a centrally managed pool of = dial-out modems on a LAN to replace modems attached to desktop PC's (to = improve security and management). I am aware of NT server based products like WinPort, but I am ideally = looking for a product that interfaces to the Telco via an IP based = access server (e.g. Cisco AS5200 or similar).=20 The requirements are: Dial-out is from Corporate LAN to various organisations such as = telerate, reuters, CompuServe etc. Support for PC clients on Win95, Win3.11, NT, DOS Redirection of the DOS INT14h, and Windows COM's API's. (and possibly = support for NASI) Communications between the PC, control server and access server should = be IP The control server should ideally run on AIX or NT but will consider = other options Authentication of the user before access to the pool is granted to the = PC (username-password authentication is ok) The ability to define "services" that the users can connect to, with = scripting of the dialling and numbers called being transparent to the = user =20 Logging of; username, service accessed, time, duration Access restrictions to services based on username, time of day Password ageing and user control of passwords Automatic hunt group for next available modem As transparent to the user as possible Yeah. I know I don't want much..... One product I am aware of is the SpartaCom/3Com joint development SAPS. = This appears to use a NetBIOS transport which is unsuitable for our = networking requirements. Does anyone have experience with or can make recommendations on a = suitable product? I have spent a bit of time looking on the net but = can't find much. =20 Thanks in anticipation ----- David Cathro =20 Loka Limited Email david@loka.co.nz Thoughts are mine alone. From owner-firewalls-list Mon Dec 1 08:14:50 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA00572; Mon, 1 Dec 1997 08:07:22 -0800 (PST) Received: from elmont.dart.org (elmont.dart.org [207.86.10.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id IAA00565 for ; Mon, 1 Dec 1997 08:07:17 -0800 (PST) Message-ID: <02D38234818D357C%02D38234818D357C@dart.org> Date: Mon, 1 Dec 1997 10:09:52 -0500 From: fw-list@dart.org To: firewalls@greatcircle.com Subject: Re: Dial-out modem pool X-SMF-Hop-Count: 1 MIME-Version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit X-Mailer: Connect2-SMTP 4.32 MHS/SMF to SMTP Gateway Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Message Source: http://207.86.10.38/msg/fw-list/M43.HTM From: Darwin Collins Sounds similar to Netware Connect. . you can install Win2NCS on Win31/95/NT workstations for seamless connectivity to modem pool. (application does not need to support modem pool) . for DOS workstation, you could use NASI or Int14. . logging. . authentication via NDS... or, disabled. . dialin/dialout. . supports ISDN as well as normal Async. We use it at work in a 1400user configuration. Everyone (including me) uses a 'pool modem' instead of a dedicated modem. Only some 'special' users in finance (big dollar money movements) get their own modems for security purposes. From owner-firewalls-list Mon Dec 1 08:30:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA00969; Mon, 1 Dec 1997 08:19:02 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA00962 for ; Mon, 1 Dec 1997 08:18:56 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Mon, 1 Dec 1997 08:17:29 -0800 Message-ID: From: "Stackpole, Bill" To: "'giri@symbols.com.sg'" , firewalls@greatcircle.com Subject: RE: How - WWWServer on internal LAN to be made accessible on the NET? Date: Mon, 1 Dec 1997 08:17:27 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > -----Original Message----- > From: Giridhar Nayak [SMTP:GIRI@symbols.com.sg] > Sent: Wednesday, November 26, 1997 5:33 PM > To: firewalls@greatcircle.com > Subject: Re: How - WWWServer on internal LAN to be made > accessible on the NET? > > Hi Guys, > > Thanks for the replies, Manuel & Bennet. > > Please bear with me. I have a few more questions. > 1. How do I create the DMZ? > [Bill Stackpole] Designate one Ethernet port on the router to be the > DMZ segment > > Internet > | > | > +------------+ > | |e1 DMZ > | router |-------------------------------------- > +-----------+ > | e0 > | Your internal network > --------------------------------------------------- > > 2. How should the DNS be configured? > [Bill Stackpole] If the hosts on the DMZ need to do DNS point them to > the ISP's DNS. > Insert the DMZ host names into your internal DNS so your local hosts > can find them and into the IPS's > DNS so external hosts can find them. > 3. How do I configure the router(cisco 4000) to allow only http > traffic to the WWW server? > [Bill Stackpole] Use an extended access-list and only allow port 80 > traffic inbound to the DMZ > 4. The WWW Server also has our mail server(Oracle InterOffice). If I > put the WWW Server in > the DMZ, what is the compromise on the security of the InterOffice > database? > [Bill Stackpole] I'd move the mail service to another server. > > Thanks & Regards, > Giri > > Giridhar Nayak, > System Access Pte. Ltd. (http://www.systemaccess.com) > Tel: 65. 3334533 Fax: 65. 3334133 > Email: giri@symbols.com.sg > =========================================== > << Message: RE: How - WWWServer on internal LAN to be made > accessible on the NET? >> From owner-firewalls-list Mon Dec 1 08:47:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA01455; Mon, 1 Dec 1997 08:27:31 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA01435 for ; Mon, 1 Dec 1997 08:27:25 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Mon, 1 Dec 1997 08:26:17 -0800 Message-ID: From: "Stackpole, Bill" To: "'ccf15429@cc.iitd.ernet.in'" , firewalls@greatcircle.com Cc: akhila@cc.iitd.ernet.in Subject: RE: NAT Security / static mapping Date: Mon, 1 Dec 1997 08:26:14 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk If you reverse the inside and outside interfaces you would translate inbound traffic to some address on the internal network. You could use this to direct traffic to some number of web servers in a round robin fashion. Raptor will translate port and address for inbound packets but it's not dynamic. > -----Original Message----- > From: ccf15429@cc.iitd.ernet.in [SMTP:ccf15429@cc.iitd.ernet.in] > Sent: Thursday, November 27, 1997 8:59 PM > To: firewalls@greatcircle.com > Cc: akhila@cc.iitd.ernet.in > Subject: NAT Security / static mapping > > Hello All. > > In this thread, it was mentioned several times that NAT > implementations only provide static mappings of internal > to external addresses for inward access....... > Is it feasible to have dynamic mappings and are there Unix > based firewall products which do this ? > > Also there was some talk about MS Proxy and reverse proxying. > I'd like to know how Reverse proxying works and if it can be > be used to dynamically assign internal IP addresses to published > addresses for access from outside ? > > >>>>> Akhila Sinha > > { Please excuse if this is being sent again, as it was not appearing > on the mailing list} > > > > From owner-firewalls-list Mon Dec 1 09:01:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA01570; Mon, 1 Dec 1997 08:29:08 -0800 (PST) Received: from VMSrelay1.pcy.mci.net (vmsrelay1.pcy.mci.net [204.71.1.60]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA01517 for ; Mon, 1 Dec 1997 08:28:55 -0800 (PST) Received: from msutliff_p5-75 (usr20-dialup38.mix2.Atlanta.mci.net) by MAIL-RELAY.PCY.MCI.NET (PMDF V5.1-10 #10044) with ESMTP id <01IQNP8QGQRA003ZYX@MAIL-RELAY.PCY.MCI.NET> for Firewalls@GreatCircle.COM; Mon, 1 Dec 1997 11:30:52 EST Date: Mon, 01 Dec 1997 10:30:09 -0600 From: Marcus Sutliff Subject: Re: Dial-out modem pool To: D Cathro Cc: "'Firewalls@GreatCircle.COM'" Message-id: <3482E611.949E2CEF@michaelgrp.com> MIME-version: 1.0 X-Mailer: Mozilla 4.01 [en] (WinNT; I) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit References: <01BCFED1.9668C5C0@dave.loka.co.nz> X-Priority: 3 (Normal) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk D Cathro wrote: > I am looking for a product to provide a centrally managed pool of > dial-out modems on a LAN to replace modems attached to desktop PC's > (to improve security and management). In my humble opinion, not that of my employer, you should look at the Shiva's Access Switch. It is expensive, but will do everything you want, and is transparent to the end user. Attach it to your PBX through a PRI or T-1 interface for greater line pool utilization of your inbound/outbound trunks. Connect it's ethernet port to an ethernet card on your Firewall, and load your firewall's "proxy" made specifically for the Access Switch (or put it into the DMZ). Use Shiva's management software to grant/deny user privlages to the Access switch from your LAN server (windows NT or Netware). Since your outside the U.S., check and see if you have a vendor called "Anixter". They are a licensed reseller and installer, and have locations world wide. Good luck, ---------- Marcus S. Sutliff; Consultant at THE MICHAEL GROUP, INC. Voice: 405-721-8875 Fax: 721-9161 http://www.michaelgrp.com Providing Independent consulting services for over twelve years upon voice, data, and video technology. The Michael Group, Inc. does not sell, lease, broker, nor service telecommunications equipment, long distance services, or computer hardware. We accept no compensation from any vendor as a result of a service or product we recommend, assuring our clients of total objectivity. From owner-firewalls-list Mon Dec 1 09:03:16 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA02594; Mon, 1 Dec 1997 08:45:54 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA02586 for ; Mon, 1 Dec 1997 08:45:49 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Mon, 1 Dec 1997 08:44:31 -0800 Message-ID: From: "Stackpole, Bill" To: "'Peter Newman'" , firewalls@greatcircle.com Subject: RE: How do Firewalls deal with the Ident Protocol? Date: Mon, 1 Dec 1997 08:44:29 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk If you have a circuit (generic) proxy set up to pass tcp packets on port 113 and you have a rule set up to allow requests and responses auth should work through your firewall. > -----Original Message----- > From: Peter Newman [SMTP:Peter.Newman@hcn.net.au] > Sent: Sunday, November 30, 1997 7:26 PM > To: firewalls@greatcircle.com > Subject: How do Firewalls deal with the Ident Protocol? > > Hi, > > I was recently troubleshooting some SMTP and POP server problems > particularly dealing with firewall interaction. A client of ours was > hidden behind a firewall and was having some difficulty trying to use > our > SMTP and POP servers. Now we have other clients behind other > firewalls > which have absolutely no trouble using these services. However after > some > debugging we determined that authentication requests were timing out > on > port 113 (refer to rfc1413) at his firewall. So I disabled this > request > needed by our POP server and set the timeout on our SMTP server to be > much > less then the default 30 seconds defined by the sendmail 8.8.5 MTA. > > Still it strikes me that this third party vendor firewall product is > not > correctly configured to send these auth checks to the correct host > inside > the firewall. Can anybody confirm this for me? > > Not having a firewall background I do see conceptual problems in how > firewalls can return the auth request to the correct host - so how do > firewalls deal with the ident protocol? > > Regards, > Pete. From owner-firewalls-list Mon Dec 1 09:04:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA02075; Mon, 1 Dec 1997 08:36:17 -0800 (PST) Received: from out5.ibm.net (out5.ibm.net [165.87.194.245]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA02066 for ; Mon, 1 Dec 1997 08:36:12 -0800 (PST) Received: from jnzbwtaw (slip-32-100-166-119.tx.us.ibm.net [32.100.166.119]) by out5.ibm.net (8.8.5/8.6.9) with ESMTP id QAA61100; Mon, 1 Dec 1997 16:38:53 GMT Message-ID: <3482E865.7001C1D5@ibm.net> Date: Mon, 01 Dec 1997 10:40:05 -0600 From: Michael Sorbera X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: William Cooper , firewalls@greatcircle.com Subject: Re: FW-1 makes OS not vulnerable? X-Priority: 3 (Normal) References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk William Cooper wrote: > All- > In examining the relative security of running Firewall-1 on Unix vs. > NT > I've been told that Check Point's Firewall-1 runs in such a way that > the > OS is not vulneralbe, or that the Firewall is not subject to > vulnerabilities that exist in the operating system itself. This would > > suggest that from a security standpoint, it doesn't matter which OS > FW-1 > is running on. I'm not trying to start a religious war, I'm really > just > looking to understand what this position is based on. Could someone > please explain to me what Check Point is doing that, in their opinion, > > allows FW-1 to overcome and/or protect against vulnerabilities that > exist > w/in the OS of the machine running FW-1 it's self. I would also > appreciate pointers to information that exists already that might help > me > understand this. I've searched dejanews and this list's archive but > still > have questions. > > Thanks, > > - bill > > cooper@io.com Bill, I'm no guru, but I do remember attacking a marketing droid about this very same question. His response, Huh? He finally passed me to a "engineer" and he said that when the Firewall is installed, that certain modules of NT are replaced with their "hack free" versions. (that was their claim...) Hope this helps some. I don't believe it though. How can another vendor produce a "hardened" version of NT when Microsloft can't? I'm sure this will generate a lot of "rant on's"! Later, Michael Sorbera Webmaster/Network Engineer Randolph-Brooks Federal Credit Union msorber@ibm.net From owner-firewalls-list Mon Dec 1 09:14:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA04220; Mon, 1 Dec 1997 08:57:58 -0800 (PST) Received: from ex.care.org ([155.229.236.50]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA04175 for ; Mon, 1 Dec 1997 08:57:45 -0800 (PST) Received: from IS-BELLJD by ex.care.org with SMTP (Microsoft Exchange Internet Mail Service Version 5.0.1458.49) id XV6V4SM4; Mon, 1 Dec 1997 11:56:31 -0500 Message-ID: <3482ED2B.C3987EAD@bellactive.com> Date: Mon, 01 Dec 1997 12:00:27 -0500 From: "J.D. Bell" X-Mailer: Mozilla 4.02 [en] (WinNT; I) MIME-Version: 1.0 To: "firewalls@GreatCircle.COM" Subject: New To Proxy Servers Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Thanks in advance for any assistance. I'm trying to assist a friend in setting up a "chat" client on a PC located behind a proxy server. I'm doing this by phone and have been given a proxy server host IP and port number (81) by the inexperienced Sys Admin. However, when I try to ping the host IP, I get a destination host unreachable error. Shouldn't I be able to at least ping the proxy from outside. If not, what IP do I give the chat client so that packets can get thru? Thanks - J.D. Bell Bell Interactive Development jdb@bellactive.com From owner-firewalls-list Mon Dec 1 09:31:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA04217; Mon, 1 Dec 1997 08:57:56 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA04158 for ; Mon, 1 Dec 1997 08:57:40 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Mon, 1 Dec 1997 08:56:32 -0800 Message-ID: From: "Stackpole, Bill" To: "'D Cathro'" , "'Firewalls@GreatCircle.COM'" Subject: RE: Dial-out modem pool Date: Mon, 1 Dec 1997 08:56:30 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My 2 cent for what it's worth. We've had a Novell based service, an NT based service and a Shiva access server and none of them worked any better than a terminal server configured for reverse telnets. Using WRQ's Reflection software I can telnet to the terminal server and it will rotor me to an open port. From there on I can use standard AT commands to configure and dial the modem. Just take a few simple changes to a generic connection script to accomplish this and it NOT TIED TO ANY VENDOR. If you have a Cisco router you can experiment with this using the AUX port. Set the port up (see Cisco paper on setting up modem connections on the AUX port) and telnet to the router @ port 6001. > -----Original Message----- > From: D Cathro [SMTP:david@loka.co.nz] > Sent: Monday, December 01, 1997 7:23 PM > To: 'Firewalls@GreatCircle.COM' > Subject: Dial-out modem pool > > Apologies if this is slightly off topic, and also if this has been > covered recently as I am new to this group..... > > I am looking for a product to provide a centrally managed pool of > dial-out modems on a LAN to replace modems attached to desktop PC's > (to improve security and management). > > I am aware of NT server based products like WinPort, but I am ideally > looking for a product that interfaces to the Telco via an IP based > access server (e.g. Cisco AS5200 or similar). > > > The requirements are: > > Dial-out is from Corporate LAN to various organisations such as > telerate, reuters, CompuServe etc. > Support for PC clients on Win95, Win3.11, NT, DOS > Redirection of the DOS INT14h, and Windows COM's API's. (and possibly > support for NASI) > Communications between the PC, control server and access server should > be IP > The control server should ideally run on AIX or NT but will consider > other options > Authentication of the user before access to the pool is granted to the > PC (username-password authentication is ok) > The ability to define "services" that the users can connect to, with > scripting of the dialling and numbers called being transparent to the > user > Logging of; username, service accessed, time, duration > Access restrictions to services based on username, time of day > Password ageing and user control of passwords > Automatic hunt group for next available modem > As transparent to the user as possible > > > Yeah. I know I don't want much..... > > > One product I am aware of is the SpartaCom/3Com joint development > SAPS. This appears to use a NetBIOS transport which is unsuitable for > our networking requirements. > > Does anyone have experience with or can make recommendations on a > suitable product? I have spent a bit of time looking on the net but > can't find much. > > Thanks in anticipation > ----- > David Cathro > Loka Limited Email david@loka.co.nz > > Thoughts are mine alone. From owner-firewalls-list Mon Dec 1 12:28:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA05844; Mon, 1 Dec 1997 11:47:44 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA05743 for ; Mon, 1 Dec 1997 11:47:21 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Mon, 1 Dec 1997 11:45:59 -0800 Message-ID: From: "Stackpole, Bill" To: "'Marcus Sutliff'" , D Cathro Cc: "'Firewalls@GreatCircle.COM'" Subject: RE: Dial-out modem pool Date: Mon, 1 Dec 1997 11:45:58 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Well almost everything. Our lines have an accounting code tone on them that the Shiva thought was a busy signal so it wouldn't connect to anything. Call Shiva, they said so sorry but Shiva don't do that. Figured out by adding a dozen commas at the end I could get it to work sometimes. > -----Original Message----- > From: Marcus Sutliff [SMTP:msutliff@michaelgrp.com] > Sent: Monday, December 01, 1997 8:30 AM > To: D Cathro > Cc: 'Firewalls@GreatCircle.COM' > Subject: Re: Dial-out modem pool > > D Cathro wrote: > > I am looking for a product to provide a centrally managed pool of > > dial-out modems on a LAN to replace modems attached to desktop PC's > > (to improve security and management). > > In my humble opinion, not that of my employer, you should look at the > Shiva's Access Switch. It is expensive, but will do everything you > want, and is transparent to the end user. Attach it to your PBX > through > a PRI or T-1 interface for greater line pool utilization of your > inbound/outbound trunks. Connect it's ethernet port to an ethernet > card > on your Firewall, and load your firewall's "proxy" made specifically > for > the Access Switch (or put it into the DMZ). > > Use Shiva's management software to grant/deny user privlages to the > Access switch from your LAN server (windows NT or Netware). > > Since your outside the U.S., check and see if you have a vendor called > "Anixter". They are a licensed reseller and installer, and have > locations world wide. > > Good luck, > > ---------- > Marcus S. Sutliff; Consultant at THE MICHAEL GROUP, INC. > Voice: 405-721-8875 Fax: 721-9161 http://www.michaelgrp.com > Providing Independent consulting services for over twelve years upon > voice, data, and video technology. The Michael Group, Inc. > does not sell, lease, broker, nor service telecommunications > equipment, long distance services, or computer hardware. We accept no > > compensation from any vendor as a result of a service or product > we recommend, assuring our clients of total objectivity. From owner-firewalls-list Mon Dec 1 12:41:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA27821; Mon, 1 Dec 1997 11:13:44 -0800 (PST) Received: from relay1.shore.net (relay1.shore.net [192.233.85.129]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA27785 for ; Mon, 1 Dec 1997 11:13:34 -0800 (PST) Received: from [198.115.179.81] (vin.shore.net [198.115.179.81]) by relay1.shore.net (8.8.7/8.8.7) with ESMTP id OAA14359; Mon, 1 Dec 1997 14:16:05 -0500 (EST) Message-Id: In-Reply-To: References: <01bcef2b$3adb1600$0201a8c0@john.software.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 1 Dec 1997 13:29:53 -0500 To: firewalls@greatcircle.com From: Vin McLellan Subject: Re: Internal Access control options -secureid, BoKS, ... Cc: Martin Hepworth , "John Pettitt" , "Mike D. Kail" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A week ago, I posted a brief description of SDTI's BoKS system for authentication, access control, and encryption services (including RSA-based PKI.) I erroneously described one of the largest BoKS installation as a US bank network with 400 BoKS servers configured to be full Replicas of the BoKS master server. I apologize to anyone my post confused or misinformed. Even the largest and most active BoKS domains, those designed to stress high availability and fault tolerance, seem to typically support no more12-15 Replicas, in addition to the BoKS Manager Master Server. The Dynasoft gurus never recommend more than 20 Replicas in a domain, (and in practice, no one seems to maintain an active network with more than 16.) Details are best gathered from the horse's mouth at Again, humble apologies. _Vin -------- prior message excerpt ---------- > The financial community -- under great pressure from both their >internal and external auditors -- has created a mini-bandwagon for BoKS, >particularly in volatile, high-security, trading-floor environments (bonds, >currencies, stocks, etc.) Chase Manhattan, Citibank, and Wells Fargo >(three of the top four US banks) are reportedly standardizing on BoKS' >access control systems. Typically, however, these banks are using BoKS in >all-UNIX environments, and for now, only for centralized authentication and >access control (supplementary to the file-level access control that is >still maintained in each Unix host.) > The banks wanted, above all, robust, scalable, and >cryptographically-secure authentication -- centralized and easily audited >-- for legacy UNIX applications. > > One US bank's internal network, for example, already has _400_ >synchronized (replicated-master) BoKS servers in a much larger global >network. I think the largest BoKS installation today is on a Swedish >government network that supports 15,000 users -- but the BoKS design spec >credibly promises support for up to100,000 users. Vin McLellan + The Privacy Guild + 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> -- From owner-firewalls-list Mon Dec 1 12:45:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA28012; Mon, 1 Dec 1997 11:14:29 -0800 (PST) Received: from sl001.infi.net (sl001.infi.net [205.219.238.210]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA27827 for ; Mon, 1 Dec 1997 11:13:48 -0800 (PST) Received: (from swright@localhost) by sl001.infi.net (8.8.8/8.8.5) id OAA13083; Mon, 1 Dec 1997 14:08:20 -0500 (EST) Date: Mon, 1 Dec 1997 14:08:19 -0500 (EST) From: "Steven R. Wright" To: "Stackpole, Bill" cc: "'D Cathro'" , "'Firewalls@GreatCircle.COM'" Subject: RE: Dial-out modem pool In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In agreement with Bill..... At an ISP I worked for we used a Livingston Terminal Server for the same purpose that Bill is talking about. You telnet'd to the terminal server and it connected you to your choice of service dialing out(Compuserv, AOL, another dial-in interface for corporate use, etc.). The Livingston TS can be used in conjunction with the Radius protocol, or without. It sounds as though that this reverse telnet solution maybe what you are looking for. You can configure a Livingston Terminal Server to only accept telnet connections for certain IP's or subnets, for purposes of security. www.livingston.com.... Well that's my two cents..... Steve Sr. Software Engineer V-ONE Corporation On Mon, 1 Dec 1997, Stackpole, Bill wrote: > My 2 cent for what it's worth. We've had a Novell based service, an NT > based service and a Shiva access server and none of them worked any > better than a terminal server configured for reverse telnets. Using > WRQ's Reflection software I can telnet to the terminal server and it > will rotor me to an open port. From there on I can use standard AT > commands to configure and dial the modem. Just take a few simple > changes to a generic connection script to accomplish this and it NOT > TIED TO ANY VENDOR. If you have a Cisco router you can experiment with > this using the AUX port. Set the port up (see Cisco paper on setting up > modem connections on the AUX port) and telnet to the router @ port 6001. > > > > -----Original Message----- > > From: D Cathro [SMTP:david@loka.co.nz] > > Sent: Monday, December 01, 1997 7:23 PM > > To: 'Firewalls@GreatCircle.COM' > > Subject: Dial-out modem pool > > > > Apologies if this is slightly off topic, and also if this has been > > covered recently as I am new to this group..... > > > > I am looking for a product to provide a centrally managed pool of > > dial-out modems on a LAN to replace modems attached to desktop PC's > > (to improve security and management). > > > > I am aware of NT server based products like WinPort, but I am ideally > > looking for a product that interfaces to the Telco via an IP based > > access server (e.g. Cisco AS5200 or similar). > > > > > > The requirements are: > > > > Dial-out is from Corporate LAN to various organisations such as > > telerate, reuters, CompuServe etc. > > Support for PC clients on Win95, Win3.11, NT, DOS > > Redirection of the DOS INT14h, and Windows COM's API's. (and possibly > > support for NASI) > > Communications between the PC, control server and access server should > > be IP > > The control server should ideally run on AIX or NT but will consider > > other options > > Authentication of the user before access to the pool is granted to the > > PC (username-password authentication is ok) > > The ability to define "services" that the users can connect to, with > > scripting of the dialling and numbers called being transparent to the > > user > > Logging of; username, service accessed, time, duration > > Access restrictions to services based on username, time of day > > Password ageing and user control of passwords > > Automatic hunt group for next available modem > > As transparent to the user as possible > > > > > > Yeah. I know I don't want much..... > > > > > > One product I am aware of is the SpartaCom/3Com joint development > > SAPS. This appears to use a NetBIOS transport which is unsuitable for > > our networking requirements. > > > > Does anyone have experience with or can make recommendations on a > > suitable product? I have spent a bit of time looking on the net but > > can't find much. > > > > Thanks in anticipation > > ----- > > David Cathro > > Loka Limited Email david@loka.co.nz > > > > Thoughts are mine alone. > From owner-firewalls-list Mon Dec 1 12:49:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA07425; Mon, 1 Dec 1997 11:52:52 -0800 (PST) Received: from radius.ispc.net ([195.188.105.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA07274 for ; Mon, 1 Dec 1997 11:52:21 -0800 (PST) Received: from firebird.worldhq.com..worldhq.com. (p060.5399-2.routers.ispc.net [195.188.105.140]) by radius.ispc.net (8.8.5/8.8.5) with SMTP id TAA14769; Mon, 1 Dec 1997 19:43:45 GMT Date: Mon, 1 Dec 1997 19:43:45 GMT Message-Id: <199712011943.TAA14769@radius.ispc.net> From: Edward Cracknell To: Firewalls Alias Cc: Security Mailing List Subject: Social Engineering MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Mailer: Becky! ver 1.22 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I am doing a study into the aspects of Social engineering to then publish on my web site. Your valued input is encouraged. What are the unique examples of social engineering you know of? Thanks in anticipation ----------------------------------------------------------------- Edward Cracknell - From owner-firewalls-list Mon Dec 1 12:57:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA19208; Mon, 1 Dec 1997 12:52:36 -0800 (PST) Received: from gras-varg.worldgate.com (gras-varg.worldgate.com [198.161.84.12]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id MAA19121 for ; Mon, 1 Dec 1997 12:52:17 -0800 (PST) Received: (from skafte@localhost) by gras-varg.worldgate.com (8.8.8/8.6.12) id NAA26490; Mon, 1 Dec 1997 13:55:09 -0700 (MST) Message-ID: <19971201135509.49935@worldgate.com> Date: Mon, 1 Dec 1997 13:55:09 -0700 From: Greg Skafte To: firewalls@GreatCircle.COM Subject: Re: How do Firewalls deal with the Ident Protocol? References: <3.0.1.32.19971201132603.00a0ec40@mail01.cbr.hcn.net.au> <199712010752.CAA08120@homeport.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.88 In-Reply-To: <199712010752.CAA08120@homeport.org>; from Adam Shostack on Mon, Dec 01, 1997 at 02:52:36AM -0500 Organization: WorldGate Inc. X-PGP-Fingerprint: 42 9C 2C A8 4D 2B C9 C4 7D B6 00 B0 50 47 20 97 X-URL: http://gras-varg.worldgate.com/~skafte Sender: firewalls-owner@GreatCircle.COM Precedence: bulk exactly .... because many irc sites require their windows users to run and identd, the users can freely set their id to anything they want.... unless the ident server is on a _reasonably_ secured multiuser box ident is of little value.... Quoting Adam Shostack (adam@homeport.org) On Subject: Re: How do Firewalls deal with the Ident Protocol? Date: Mon, Dec 01, 1997 at 02:52:36AM -0500 > As a FW admin, I'd see no reason to pass identd. It can't be > relied on as an authentication mechanism, its been used as an attack > vector. So, I'd disagree that 'correct' configuration is to send > these auth checks to the interior host. > > The polite thing to do is to configure the packet filter to > send a RST to any identd packet it gets, indicating that the recieving > host doesn't support identd, and getting past the obnoxious timeouts. > > Adam > > Peter Newman wrote: > | Hi, > | > | I was recently troubleshooting some SMTP and POP server problems > | particularly dealing with firewall interaction. A client of ours was > | hidden behind a firewall and was having some difficulty trying to use our > | SMTP and POP servers. Now we have other clients behind other firewalls > | which have absolutely no trouble using these services. However after some > | debugging we determined that authentication requests were timing out on > | port 113 (refer to rfc1413) at his firewall. So I disabled this request > | needed by our POP server and set the timeout on our SMTP server to be much > | less then the default 30 seconds defined by the sendmail 8.8.5 MTA. > | > | Still it strikes me that this third party vendor firewall product is not > | correctly configured to send these auth checks to the correct host inside > | the firewall. Can anybody confirm this for me? > | > | Not having a firewall background I do see conceptual problems in how > | firewalls can return the auth request to the correct host - so how do > | firewalls deal with the ident protocol? > | > | Regards, > | Pete. > | > > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume > -- Email: skafte@worldgate.com Voice: +403 413 1910 Fax: +403 421 4929 #575 Sun Life Place * 10123 99 Street * Edmonton, AB * Canada * T5J 3H1 -- -- When things can't get any worse, they simplify themselves by getting a whole lot worse then complicated. A complete and utter disaster is the simplest thing in the world; it's preventing one that's complex. (Janet Morris) From owner-firewalls-list Mon Dec 1 15:00:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA11288; Mon, 1 Dec 1997 14:40:53 -0800 (PST) Received: from proxy.fonorola.com (internet.fONOROLA.COM [204.191.25.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA11224 for ; Mon, 1 Dec 1997 14:40:38 -0800 (PST) Received: from proxy.fonorola.com (localhost [127.0.0.1]) by proxy.fonorola.com (8.7.6/8.7.3) with SMTP id RAA15595; Mon, 1 Dec 1997 17:41:17 -0500 Message-ID: <34833D0A.5B5D7569@fonorola.com> Date: Mon, 01 Dec 1997 17:41:14 -0500 From: Alan Hill Organization: fonorola.com X-Mailer: Mozilla 3.01 (X11; I; Linux 2.0.18 i586) MIME-Version: 1.0 To: Michael Sorbera CC: firewalls@GreatCircle.COM Subject: Re: FW-1 makes OS not vulnerable? References: <3482E865.7001C1D5@ibm.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, you invited this flame ;-) Michael Sorbera wrote: How can another vendor produce a "hardened" version of NT when Microsloft can't? Gee, anything MircoSlop Can't do, can't be done? Wow, imagine all those charletines with the disk compression, and disk repairs, and replacement command.com's. Hey, I remember BIGDOS, to give a bigger type ahead command buffer, and scroll back function. Gee, didn't DR.Dos make a lot of wonderfull stuff that would take about 2 more revisions before MS could catch up. Gee, didn't Digital Research have a multi-user multi-tasker called MCP/M running on the old 80286 chip set? (and MS still can't do it) Wait, they also had GEM, which was out about the same time as Lisa. Also for 80286, and about 2.5 years before the first demo of windozzz? It ain't hard to replace a module or a stack, it's a matter of wanting to, and having the reason to do it. In other words, Mr. Bill ain't gonna bother, cause he don't have to. There is no reason for him to do it at this time. Heck, look how long it took for a simple tcp/ip stack to be available. AND THE NFS STILL ISN'T CORRECT. Uh, sorry about that, I have spent a lot of time on that last 'feature'. -- Alan Hill, Unix Systems, Fonorola, Montreal Quebec Canada 514 390-4052 From owner-firewalls-list Mon Dec 1 15:13:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA14542; Mon, 1 Dec 1997 14:58:45 -0800 (PST) Received: from matilda.hcn.net.au (matilda.hcn.net.au [203.61.211.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA14508 for ; Mon, 1 Dec 1997 14:58:26 -0800 (PST) Received: from kryton (d35-1.cpe.Canberra.aone.net.au [203.12.189.35]) by matilda.hcn.net.au (8.8.5/8.8.5) with SMTP id KAA03759; Tue, 2 Dec 1997 10:04:28 +1100 (EST) Message-Id: <3.0.1.32.19971202090113.00a226c0@mail01.cbr.hcn.net.au> X-Sender: ha000840@mail01.cbr.hcn.net.au X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 02 Dec 1997 09:01:13 +1000 To: Adam Shostack From: Peter Newman Subject: Re: How do Firewalls deal with the Ident Protocol? Cc: firewalls@GreatCircle.COM In-Reply-To: <199712010752.CAA08120@homeport.org> References: <3.0.1.32.19971201132603.00a0ec40@mail01.cbr.hcn.net.au> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Adam, At 02:52 1/12/97 -0500, Adam Shostack wrote: > As a FW admin, I'd see no reason to pass identd. It can't be >relied on as an authentication mechanism, its been used as an attack >vector. So, I'd disagree that 'correct' configuration is to send >these auth checks to the interior host. ...agreed. > The polite thing to do is to configure the packet filter to >send a RST to any identd packet it gets, indicating that the recieving >host doesn't support identd, and getting past the obnoxious timeouts. This is a courtesy thing I realise, however the only loss of service is to the users inside the firewall. So my point of view is that the firewall connecting a LAN to the internet should be configured to co-operate with all internet protocols. Polite refusals where needed for security reasons of course. FW admins might disagree with me on this point? Regards, Pete. From owner-firewalls-list Mon Dec 1 16:27:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA20115; Mon, 1 Dec 1997 15:39:10 -0800 (PST) Received: from bpo_dev.cnalife.com (bposmtp.cnalife.com [208.146.97.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA20061 for ; Mon, 1 Dec 1997 15:38:56 -0800 (PST) Received: by bposmtp.cnalife.com with Internet Mail Service (5.0.1458.49) id ; Mon, 1 Dec 1997 17:44:30 -0600 Message-ID: <03996BE1CD53D111A0AC00805FE6BEFE024452@NASHEXCH> From: "Krammes,Jim" To: firewalls@greatcircle.com, firewall-wizards@nfr.net Subject: OnGuard Internet Manager: Request for Information Date: Mon, 1 Dec 1997 17:36:25 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Anyone having experience or opinions (good/bad) with OnGuard Internet Manager, please send them via e-mail so as not to clutter up the list. I'll summarize if there's any interest. Thanks in advance. - Jim --------------------------------------- V. James Krammes Manager, Network Development CNA Life Insurance Companies --------------------------------------- From owner-firewalls-list Mon Dec 1 16:36:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA18096; Mon, 1 Dec 1997 15:23:01 -0800 (PST) Received: from pse01.pios.com (PSE01.PIOS.COM [199.33.129.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA18061 for ; Mon, 1 Dec 1997 15:22:44 -0800 (PST) Received: by pse01.pios.com; (5.65v3.2/1.3/10May95) id AA32254; Mon, 1 Dec 1997 18:25:24 -0500 Received: from pio_mail2.cle2.pios.com by gemini.pios.com (PMDF V5.0-6 #18985) id <01IQO3Q04PGG8WXGY7@gemini.pios.com> for Firewalls@GreatCircle.COM; Mon, 01 Dec 1997 18:25:37 -0500 (EST) Received: by pio_mail2.cle2.pios.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BCFE86.9DE080E0@pio_mail2.cle2.pios.com>; Mon, 01 Dec 1997 18:26:18 -0500 Date: Mon, 01 Dec 1997 18:26:17 -0500 From: "Stout, William" Subject: RE: Is OS Vulnerable w/ FW-1? To: "'Firewalls-GC'" Message-Id: Mime-Version: 1.0 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > ----- Original Message ----- > From: William Cooper [SMTP:cooper@io.com] > Sent: Saturday, November 29, 1997, 1:52:38 > To: Stout, William > Subject: Is OS Vulnerable w/ FW-1? > > Hello- > I've heard it said that Check Point's Firewall-1 runs in such a way that > the OS is not vulnerable, or the Firewall is not subject to > vulnerabilities that exist in the operating system itself. I'm hoping The theory is that if you catch a packet low enough on the OSI stack, you prevent the upper layers from reading data in the packet. Or, dangerous data in the packet from reaching the upper layers. The problem comes in how you define dangerous data. With a packet filter system you filter the packets either by pattern matching or monitoring packet state (part of TCP) or adding a quasi-state function to UDP packets. Attempting to define dangerous packets by content is difficult at the packet layer, since the gatekeeper needs to find a way to emulate application behavior using packet filter programming rules. But I digress. Since the level of protection is at the lower OSI layers, any service on the firewall O.S. is seen by a remote system the same as a service running on an internal machine. If services in the O.S. (or protocol stack) are vulnerable to; SYN, packet fragmentation attacks, OOB, LAND, teardrop, latierra, etc, and the firewall is not programmed to recognize methods used by those attacks, the FW O.S. is as vulnerable as internal systems. If you turn off services in the firewall, that closes a few avenues of attack, but that is the gatekeeper protecting the firewall, not necessarily the firewall filtering protecting the O.S.. Checkpoint has added 'stealth mode' to the firewall which 'effectively' makes it invisible, which should help protect the firewall itself. Correct me if I'm wrong, but I don't think that Checkpoint replaced the MS-TCP stack in NT FW-1. I believe it's 'shimmed' with a MAC level driver. Bill Stout From owner-firewalls-list Mon Dec 1 17:12:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA05773; Mon, 1 Dec 1997 17:09:26 -0800 (PST) Received: from smftp1.classifind.com (mail.classifind.com [206.19.68.15]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA05759 for ; Mon, 1 Dec 1997 17:09:17 -0800 (PST) Received: from jsinnott ([206.19.68.43]) by smftp1.classifind.com (Post.Office MTA v3.1 release PO203a ID# 0-34366U600L2S100) with SMTP id AAA48 for ; Mon, 1 Dec 1997 17:16:41 -0800 From: jsinnott@classifind.com (ClassiFind - John Sinnott) To: Subject: Example network configurations - especially for Web/SQL service in a DMZ Date: Mon, 1 Dec 1997 17:14:34 -0800 Message-ID: <01bcfebf$a66f6c60$2b00a8c0@jsinnott.classifind.com> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Could anyone give me some URLs which point to case studies/network designs for web and sql farms running in a DMZ? Looking for examples of fault tolerance and scalability. Thanks From owner-firewalls-list Mon Dec 1 18:28:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA16965; Mon, 1 Dec 1997 18:15:56 -0800 (PST) Received: from cebu.mozcom.com (cebu.mozcom.com [207.0.115.45]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA15832 for ; Mon, 1 Dec 1997 18:05:04 -0800 (PST) Received: from localhost (derts@localhost) by cebu.mozcom.com (8.8.8/8.6.9) with SMTP id KAA24891; Tue, 2 Dec 1997 10:00:20 GMT Date: Tue, 2 Dec 1997 10:00:20 +0000 ( ) From: Ederlindo Cojuangco To: D Cathro cc: "'Firewalls@GreatCircle.COM'" Subject: Re: Dial-out modem pool In-Reply-To: <01BCFED1.9668C5C0@dave.loka.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 2 Dec 1997, D Cathro wrote: > The requirements are: ******* some parts deleted ******* > Authentication of the user before access to the pool is granted to the PC (username-password authentication is ok) =========== Am not good at Linux..but we used xtacacs for dial-up. Any information out there? =========== > The ability to define "services" that the users can connect to, with scripting of the dialling and numbers called being transparent to the user > Logging of; username, service accessed, time, duration > Access restrictions to services based on username, time of day > Password ageing and user control of passwords > Automatic hunt group for next available modem > As transparent to the user as possible =========== In our company, as an ISP we used USRobotics M/16 V.34, a modem pool. So far it's doing fine and have been tested by our company for many years. We even highly recommend USR modem to our subscribers. With regards to 3com, we used their LANCard. We have many problems before on our clients who uses any LANcard other than 3com. With regards to the auto-trunking to search for the next available modem...we requested the Telco to make all our dial-up lines with auto-trunk hunting feature....and of course with a pilot line. Ops! I forgot..from the modem pool ---> cisco access server. Hope this helps. EDERTS From owner-firewalls-list Tue Dec 2 00:31:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA07624; Mon, 1 Dec 1997 23:24:16 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-971021-1) id XAA07606 for firewalls@greatcircle.com; Mon, 1 Dec 1997 23:24:12 -0800 (PST) Received: from m6.sprynet.com (m6.sprynet.com [165.121.1.89]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id OAA26348 for ; Wed, 26 Nov 1997 14:24:16 -0800 (PST) Received: from [0.0.0.0] (hdn88-027.hil.compuserve.com [206.175.98.27]) by m6.sprynet.com (8.6.12/8.6.12) with SMTP id OAA12898; Wed, 26 Nov 1997 14:26:18 -0800 Message-Id: <199711262226.OAA12898@m6.sprynet.com> Comments: Authenticated sender is From: "Steve Kruse" Organization: Personal To: firewalls@GreatCircle.COM (Non Receipt Notification Requested), manuel.ricca@pararede.pt Date: Wed, 26 Nov 1997 17:32:30 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: Quoted-printable Subject: RE: Network Address Translation Security Reply-to: jsk347@sprynet.com X-mailer: Pegasus Mail for Windows (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I agree that a well configured router (i.e., with good access lists) can be a major barrier for many attacks. However, if you consider the cost of a breech of security against the cost of a firewall, often times it is easy to justify the firewall. Lets just say: You have 50 employees, 20 of which are actively working on projects. A security hole causes several (lets say 10) of your big SGI's to go down. Lets also say the loaded cost per employee is $50 per hour (probably VERY low vs. reality) and as you said, it takes all day to get the machines back up. 8 hours * $50/hr=3D $400 * 10 employees unproductive =3D $4000, not including YOUR time. That's for 1 incident. Do your own math on this. Incidently, could you get, say 10 machines, back up in one day by yourself? Add in additonal help working on the problem, plus the cost of what they SHOULD have been doing when working this problem. Now also, if you are working on post-production video for a major Hollywood studio, the accidental release of video from an upcoming but unreleased block-buster movie could add significantly to your amount if you are sued!!! It doesn't take long for a single incident to add up to big dollars. So...often times the firewall is a pretty minor amount. Good luck! > From: manuel.ricca@pararede.pt > Date: 26 Nov 97 17:05:43 +0000 > Subject: RE: Network Address Translation Security > To: firewalls@GreatCircle.COM (Non Receipt Notification Reque= sted) > > > If security is not a major concern and the budget is low, you could cons= ider installing a product like RealSecure (from ISS) in your Intranet. > It detects, logs and takes action against most attacks, even Denial of S= ervice. > If you're going to have a (well-configured) router doing NAT with an ISD= N connection to the ISP it should provide fairly good > security. If however you're thinking of exposing services to/via the Int= ernet, you should consider installing a Firewall. > > I would also like to hear some comments on this. > > Regards, > manuel > > ----------------- > Manuel Ricca > ParaRede - Tecnologias de Comunica=E7ao, S.A. > R. D. Constantino de Bragan=E7a, 12 1400 Lisboa > Tel: +351 1 3020451 > Fax: +351 1 3020444 > E-mail: manuel.ricca@pararede.pt > > > ------------------- > From: firewalls-owner@GreatCircle.COM > To: firewalls@greatcircle.com > Cc: > Subject: Network Address Translation Security > Date: 25-11-1997 23:30 > > > I have a Cisco router and am considering upgrading to IOS 11.2.9 and > implementing Network Address Translation. All my _inside_ hosts are > using "unassigned" addresses (192.168.xxx.xxx). How secure will this > environment be. > > More Info: > I work for a small company with about less than fifty computers - > mostly Macs, Intel/nt [for accounting], and a few big SGI systems > [running Discreet Logic applications]. As it is, the systems requiring > Internet access have modems. This has kept things pretty secure until > now, but the pressures from management to implement email and > internetworking for everyone are overwhelming. > My concern about security isn_t so much about company secrets as about > > my concern for one of my big systems going down from an outside attack > [getting this back up and running would likely take an entire day]. We > are a Video/Film Post Production company. Fairly unrestricted root > access is required for administration and operation in our graphics > environment. > I looked at a couple firewall systems, but I think management will die > of sticker shock when I cut a Purchase Order for a $20,000 firewall > [it_s a lot of money for email+internet access]. > ********************************************************* * Steve Kruse Milkyway Networks * * Network Sales Support 1342 E. Vine St. #224 * * http://www.milkyway.com Kissimmee, FL 34744 * * Bus: skruse@milkyway.com Pers: jsk347@sprynet.com * ********************************************************* From owner-firewalls-list Tue Dec 2 01:12:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id AAA14032; Tue, 2 Dec 1997 00:37:05 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id AAA14005 for ; Tue, 2 Dec 1997 00:36:56 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id DAA03485; Tue, 2 Dec 1997 03:37:35 -0500 (EST) From: Adam Shostack Message-Id: <199712020837.DAA03485@homeport.org> Subject: Re: How do Firewalls deal with the Ident Protocol? In-Reply-To: <3.0.1.32.19971202090113.00a226c0@mail01.cbr.hcn.net.au> from Peter Newman at "Dec 2, 97 09:01:13 am" To: Peter.Newman@hcn.net.au (Peter Newman) Date: Tue, 2 Dec 1997 03:37:35 -0500 (EST) Cc: firewalls@greatcircle.com (Firewalls mailing list) X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I disagree fundamentally with the claim that a firewall should be configured to cooperate except where needed for security reasons. Is the TCP echo service dangerous (port 7)? Many people said no, until the idea of combining it with address spoofing became popular. The idea of allowing everything but the needed protocols leaves you vulnerable to every new attack that comes along. It creates a constituency for things with small business justification, as people have been able to do all sorts of things, and now you have to turn them off. Choose carefully what you need to pass (in both directions), and deny everything else. Those who do this spend fewer weekends in the office patching the latest holes. (This argument is expounded on at great length in the introduction to Cheswick & Bellovin's excellent little book 'Firewalls and Internet Security.' There have been lots of books on firewalls published since theirs; few contain so much useful knowledge, and none of those comes in at less than three times the page count.) Adam Peter Newman wrote: | Adam, | | At 02:52 1/12/97 -0500, Adam Shostack wrote: | > As a FW admin, I'd see no reason to pass identd. It can't be | >relied on as an authentication mechanism, its been used as an attack | >vector. So, I'd disagree that 'correct' configuration is to send | >these auth checks to the interior host. | | ...agreed. | | > The polite thing to do is to configure the packet filter to | >send a RST to any identd packet it gets, indicating that the recieving | >host doesn't support identd, and getting past the obnoxious timeouts. | | This is a courtesy thing I realise, however the only loss of service is to | the users inside the firewall. So my point of view is that the firewall | connecting a LAN to the internet should be configured to co-operate with | all internet protocols. Polite refusals where needed for security reasons | of course. FW admins might disagree with me on this point? -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-list Tue Dec 2 03:08:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA08081; Mon, 1 Dec 1997 23:26:31 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-971021-1) id XAA08009 for firewalls@greatcircle.com; Mon, 1 Dec 1997 23:26:08 -0800 (PST) Received: from m6.sprynet.com (m6.sprynet.com [165.121.2.89]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id NAA08732 for ; Thu, 27 Nov 1997 13:19:00 -0800 (PST) Received: from [0.0.0.0] (hdn90-091.hil.compuserve.com [206.175.99.91]) by m6.sprynet.com (8.6.12/8.6.12) with SMTP id NAA12484; Thu, 27 Nov 1997 13:20:59 -0800 Message-Id: <199711272120.NAA12484@m6.sprynet.com> Comments: Authenticated sender is From: "Steve Kruse" Organization: Personal To: David Watson , Ming Lu Date: Thu, 27 Nov 1997 16:27:48 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: [FW1] Firewall Server Sizing Reply-to: jsk347@sprynet.com CC: fw-1-mailinglist@us.checkpoint.com, firewalls@GreatCircle.COM X-mailer: Pegasus Mail for Windows (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Remember that there are a lot of things that affect the speed of encryption, whether on FW-1, Cisco or any other solutions. In the case of a 'stand-alone' en/decryptor there may be dedicated cpu cycles, whereas in the case of a Firewall, it is doing many things simultaneously. When you add routing in, particularly DYNAMIC routing, it gets even more intensive in computing power as it is doing many table look ups at the same time. Take into consideration such factors also as the size of the pipe feeding the encryption engine vs. the size of the pipe exiting the engine (queueing delays), the size of the packets being decrypted (telnet vs. ftp stream), and of course the actual power of the CPU/Memory size of the machine, you can get speed bumps ranging from very small to z-z-z-z-z!. Let us not forget the algorithm and key-size being used...40 bit is a lot faster than 128 bit. In a lot of the testing I have seen, the 'RULE OF THUMB' is that encryption will give you a 10 - 25% 'hit' on performance, but it can range much higher if you have unfavorable conditions. Steve > Date: Thu, 27 Nov 1997 12:35:52 -0500 (EST) > From: Ming Lu > To: David Watson > Cc: fw-1-mailinglist@us.checkpoint.com, firewalls@GreatCircle.COM > Subject: Re: [FW1] Firewall Server Sizing > David: > > One way to be sure is to get test machine from Sun (forget about NT, just > look at http://www.standishgroup.com/syst.html), or other UNIX vendors. As > my understanding is that VPN's encryption take a lot of CPU cycles (I have > observed this on the Cisco 7507, tunneling, VPN plus BGP4 routing table > with one RSP, it was pretty bad). I guess that you could try Ultra-2 with > 2cpus, 256MG ram, 2.1 G hard drive, plus extra hme interface (assume you > only need two altogether), of cause, solaris 2.6 (I am very pleased this > version compared with 2.5.1). Trick thing s are, on the UNIX box, that you > can do a lot of performance tunning, if you know the tricks. > > Ipsilon 400 sound s good, never used, but I imagine that (just for the > throughput) it has to be good in term of data throughput. But remember, > the center of VPN is encrytion of data, not just data throughput. > > ask you UNIX vendors about the data sheet of their machines' I/O > throughput. > > > _ming > > On Thu, 27 Nov 1997, David Watson wrote: > > ->Hi, > -> > ->I know this is a grey area, but I was wondering if anyone could provide me > ->with any references to Firewall-1 v3 server sizing information or real > ->world performance examples. > -> > ->We have a customer who requries either 512Kbit, 1Mbit or 2Mbit per second > ->of VPN bandwidth constantly available for use in PC video conferencing. The > ->network availability is guaranteed, but we are unsure of the hardware > ->requirments at either end. > -> > ->Does anyone have any experience of the performance requirements for running > ->VPNs with constant bandwidth, or the server performance required to easily > ->perform VPN on a traffic such as video conferencing? Either Solaris 2.x or > ->NT4 details would be appreciated. > -> > ->As far as i`m aware, there is very little server sizing information > ->available from Checkpoint or anyone else. > -> > ->Thanks for you help, i`m happy to summarize, > -> > ->David > ->-- > ->David Watson Voice: UK 01904 438000 > ->Facilities Manager Fax: UK 01904 435196 > ->Infocom UK Ltd E-Mail: david.watson@info-com.com > -> > > ============================================================================ > Ming Lu Email: mlu@hq.si.net > Network Tech Consulting Engineer Phone: 703-689-5290 (w) > Engineering Division 703-855-4194 (m) > Global One Telecommunications, LLT. 703-716-0872 (h) > ============================================================================ > "Do not pay attention to every word people say, or you may hear your > servant cursing you ---- for you know in your heart that many times you > yourself have cursed others." > ********************************************************* * Steve Kruse Milkyway Networks * * Network Sales Support 1342 E. Vine St. #224 * * http://www.milkyway.com Kissimmee, FL 34744 * * Bus: skruse@milkyway.com Pers: jsk347@sprynet.com * ********************************************************* From owner-firewalls-list Tue Dec 2 03:43:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA07637; Tue, 2 Dec 1997 03:37:57 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA07617 for ; Tue, 2 Dec 1997 03:37:47 -0800 (PST) From: mht@clark.net Received: from highlander (50.new-york-10.ny.dial-access.ATT.net [12.68.9.50]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id GAA06986 for ; Tue, 2 Dec 1997 06:40:03 -0500 Message-Id: <3.0.3.32.19971202063958.039b4a00@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 02 Dec 1997 06:39:58 -0500 To: firewalls@greatcircle.com Subject: Growing trend.. In-Reply-To: References: <01BCFED1.9668C5C0@dave.loka.co.nz> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk As I just opened the morning paper, I read that Axent Technologies just purchased Raptor Systems for a very large sum of money.. earlier last week I read Checkpoint Technologies to integrate ISS RealSecure into their firewall offering. PGP was purchased by Network Associates. Lucent Technologies purchases Livingston Enterprises. Earlier this summer, Trusted Information Systems acquired HayStack .. Would anybody predict what is next?? :) -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Tue Dec 2 04:42:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id EAA12372; Tue, 2 Dec 1997 04:07:48 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id EAA12319 for ; Tue, 2 Dec 1997 04:07:32 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id HAA04364; Tue, 2 Dec 1997 07:07:08 -0500 (EST) From: Adam Shostack Message-Id: <199712021207.HAA04364@homeport.org> Subject: Re: [FW1] Firewall Server Sizing In-Reply-To: <199711272120.NAA12484@m6.sprynet.com> from Steve Kruse at "Nov 27, 97 04:27:48 pm" To: jsk347@sprynet.com Date: Tue, 2 Dec 1997 07:07:07 -0500 (EST) Cc: david.watson@info-com.com, mlu@privsys.gip.net, fw-1-mailinglist@us.checkpoint.com, firewalls@GreatCircle.COM X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The algorithm used for encryption matters a lot for speed; IDEA is faster than 3des. (Effective keylengths 128 and 112 bit, respectively). The keylength affects security, not speed. For example, 40 and 128 bit rc4 work equally quickly. This is because the key is filled out with 0s to 256 bits of key data before the key expansion phase. I can design you a system with a long keylength (say, 64kbits) that is extremely fast (and insecure.) xor the plaintext with the key. Reuse the ey when you run out. The expensive bit of work is usually the key exchange system, where DH or RSA is used to exchange keys. This can take a substantial chunk of a second to accomplish. If your firewall is going lots of public key work, look at accelerators, like those from nCipher. (Note that V-One, Kerberos, and some other schemes use key exhange mechanisms which are shared secret based, and much faster. Theres setup overhead to share the keys, which then goes away on a per connection basis. Adam Steve Kruse wrote: | Remember that there are a lot of things that affect the speed of | encryption, whether on FW-1, Cisco or any other solutions. In the case | of a 'stand-alone' en/decryptor there may be dedicated cpu cycles, whereas | in the case of a Firewall, it is doing many things simultaneously. | When you add routing in, particularly DYNAMIC routing, it gets even | more intensive in computing power as it is doing many table look ups | at the same time. Take into consideration such factors also as the | size of the pipe feeding the encryption engine vs. the size of the | pipe exiting the engine (queueing delays), the size of the packets | being decrypted (telnet vs. ftp stream), and of course the actual | power of the CPU/Memory size of the machine, you can get speed bumps | ranging from very small to z-z-z-z-z!. Let us not forget the | algorithm and key-size being used...40 bit is a lot faster than 128 | bit. -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-list Tue Dec 2 04:58:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA07204; Mon, 1 Dec 1997 23:20:31 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-971021-1) id XAA07196 for firewalls@greatcircle.com; Mon, 1 Dec 1997 23:20:27 -0800 (PST) Received: from geocities.com (mail5.geocities.com [209.1.224.25]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA00419 for ; Wed, 26 Nov 1997 07:13:10 -0800 (PST) Received: from www.test.ro (ppp01.braila.iiruc.ro [193.226.145.211]) by geocities.com (8.8.5/8.8.5) with SMTP id HAA20260 for ; Wed, 26 Nov 1997 07:08:35 -0800 (PST) Message-Id: <199711261508.HAA20260@geocities.com> Comments: Authenticated sender is From: "Gabriel Dura" To: firewalls@GreatCircle.COM Date: Wed, 26 Nov 1997 17:13:16 +0200 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: SOCKS compliant programming Reply-to: dura@geocities.com X-mailer: Pegasus Mail for Windows (v2.54) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi everybody!! Can anyone point me to a very good guide for writing secure socket and/or socks compliant Windows applications? Than you very much, Gabriel From owner-firewalls-list Tue Dec 2 05:50:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA21954; Tue, 2 Dec 1997 05:16:31 -0800 (PST) Received: from panix2.panix.com (panix2.panix.com [198.7.0.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id FAA21831 for ; Tue, 2 Dec 1997 05:16:04 -0800 (PST) Received: (from guy@localhost) by panix2.panix.com (8.8.5/8.7/PanixU1.3) id IAA02269; Tue, 2 Dec 1997 08:19:02 -0500 (EST) Date: Tue, 2 Dec 1997 08:19:02 -0500 (EST) From: Information Security Message-Id: <199712021319.IAA02269@panix2.panix.com> To: firewalls@greatcircle.com Subject: Re: Growing trend.. Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > From: mht@clark.net > Date: Tue, 02 Dec 1997 06:39:58 -0500 > To: firewalls@GreatCircle.COM > Subject: Growing trend.. > > As I just opened the morning paper, I read that Axent Technologies just > purchased Raptor Systems for a very large sum of money.. earlier last week > I read Checkpoint Technologies to integrate ISS RealSecure into their > firewall offering. PGP was purchased by Network Associates. Lucent > Technologies purchases Livingston Enterprises. Earlier this summer, > Trusted Information Systems acquired HayStack .. > > Would anybody predict what is next?? :) The NSA will purchase Marcus J. Ranum. ---guy ;-) From owner-firewalls-list Tue Dec 2 07:32:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA11008; Tue, 2 Dec 1997 07:11:57 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA10993 for ; Tue, 2 Dec 1997 07:11:52 -0800 (PST) From: mht@clark.net Received: from highlander (134.middletown-07.va.dial-access.ATT.net [12.68.19.134]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id KAA08416; Tue, 2 Dec 1997 10:14:02 -0500 Message-Id: <3.0.3.32.19971202101359.0085d170@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 02 Dec 1997 10:13:59 -0500 To: Information Security , firewalls@GreatCircle.COM Subject: Re: Growing trend.. In-Reply-To: <199712021319.IAA02269@panix2.panix.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Interesting.. :) One of my predictions is that after all the corporations mentioned on previous posts bug each other, the telecommunications companies who own the pipe will buy them all up.. Just like GTE and AT&T have been doing steadily for a while now... :) /mht > > > > Would anybody predict what is next?? :) > >The NSA will purchase Marcus J. Ranum. > >---guy ;-) > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Tue Dec 2 07:33:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA12389; Tue, 2 Dec 1997 07:21:34 -0800 (PST) Received: from relay.rv.tis.com (relay.rv.tis.com [204.254.155.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA12366 for ; Tue, 2 Dec 1997 07:21:26 -0800 (PST) Received: by relay.rv.tis.com; id KAA17040; Tue, 2 Dec 1997 10:25:50 -0500 (EST) Received: from rubicon.rv.tis.com(10.0.1.144) by relay.rv.tis.com via smap (4.0a) id xma017025; Tue, 2 Dec 97 10:25:28 -0500 Received: from inno-laptop.rv.tis.com (inno-laptop.rv.tis.com [10.0.1.112]) by rubicon.rv.tis.com (8.8.5/8.7.3) with SMTP id KAA18425; Tue, 2 Dec 1997 10:20:42 -0500 (EST) Message-Id: <3.0.1.32.19971202102130.0075f8f0@10.0.1.144> X-Sender: eroraha@10.0.1.144 X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 02 Dec 1997 10:21:30 -0500 To: jsinnott@classifind.com (ClassiFind - John Sinnott), From: Inno Eroraha Subject: Re: Example network configurations - especially for Web/SQL service in a DMZ In-Reply-To: <01bcfebf$a66f6c60$2b00a8c0@jsinnott.classifind.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk There is a document at: http://www.tis.com/docs/support/apthree-interfaces-32.html that could be helpful. Although this example is specific to Gauntlet, it could be customized for other firewalls or devices acting as such. This example config is merely taking advantage of the FW to do load balancing, among other functions. At 05:14 PM 12/1/97 -0800, ClassiFind - John Sinnott wrote: >Could anyone give me some URLs which point to case studies/network designs >for web and sql farms running in a DMZ? Looking for examples of fault >tolerance and scalability. > >Thanks > > > > -0- inno From owner-firewalls-list Tue Dec 2 07:43:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA13317; Tue, 2 Dec 1997 07:33:28 -0800 (PST) Received: from VMSrelay1.pcy.mci.net (vmsrelay1.pcy.mci.net [204.71.1.60]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA13282 for ; Tue, 2 Dec 1997 07:33:17 -0800 (PST) Received: from msutliff_p5-75 (usr25-dialup39.mix2.Atlanta.mci.net) by MAIL-RELAY.PCY.MCI.NET (PMDF V5.1-10 #10044) with ESMTP id <01IQP1LG7WO8004BCC@MAIL-RELAY.PCY.MCI.NET> for Firewalls@GreatCircle.COM; Tue, 2 Dec 1997 10:35:34 EST Date: Tue, 02 Dec 1997 09:34:44 -0600 From: Marcus Sutliff Subject: Re: Dial-out modem pool To: "'Firewalls@GreatCircle.COM'" Message-id: <34842A94.62344E32@michaelgrp.com> MIME-version: 1.0 X-Mailer: Mozilla 4.01 [en] (WinNT; I) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit References: X-Priority: 3 (Normal) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I don't mean any disrespect, or to step on anyone's toes, but 'TRANSPARENT TO THE USER' is an important need that is overlooked if the user must Telnet to a host.. Try to explain TELNET to someone (as Dilbert would say--explain it to your boss or someone in marketing) in any organization where that someone doesn't understand digital communication--or for that matter, to someone that does not really understand how to use a mouse, MS-Word/Corel WordPerfect, etc. Then, three days later, re-explain it... :-) For this particular need, the Shiva (again, this is my humble opinion and not that of my employer) Access SWITCH with Access Manager is a good solution. I have seen it in action.. It does not require the user to telnet. It is very transparent, but it is also very expensive.. But, I see the hardware/software as a one-time expense. It migrates with the Novel NDS, NT's user database, etc., and provides a means for allowing multiple services inbound, and outbound.. It's a sophisticated product, and they support many operating systems (not just windoze). If your users are sophisticated, then maybe there are some other alternatives, but again, using Telnet is a two-step process--that gets old if you perform it many times per day. > In agreement with Bill..... > same purpose that Bill is talking about. You telnet'd to the terminal > server and it connected you to your choice of service dialing > out(Compuserv, AOL, another dial-in interface for corporate use, > etc.). ---------- Marcus S. Sutliff; Consultant at THE MICHAEL GROUP, INC. Voice: 405-721-8875 Fax: 721-9161 http://www.michaelgrp.com Providing Independent consulting services for over twelve years upon voice, data, and video technology. The Michael Group, Inc. does not sell, lease, broker, nor service telecommunications equipment, long distance services, or computer hardware. We accept no compensation from any vendor as a result of a service or product we recommend, assuring our clients of total objectivity. From owner-firewalls-list Tue Dec 2 08:31:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA15161; Tue, 2 Dec 1997 08:16:41 -0800 (PST) Received: from julia.ultra.net (julia.ultra.net [199.232.56.45]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA15154 for ; Tue, 2 Dec 1997 08:16:35 -0800 (PST) Received: from joespc.judgefamily.org (joesmac.ultranet.com [199.232.59.222]) by julia.ultra.net (8.8.5/ult.n14767) with SMTP id LAA09273; Tue, 2 Dec 1997 11:19:13 -0500 (EST) Received: by joespc.judgefamily.org with Microsoft Mail id <01BCFF14.1B3024A0@joespc.judgefamily.org>; Tue, 2 Dec 1997 11:19:08 -0500 Message-ID: <01BCFF14.1B3024A0@joespc.judgefamily.org> From: Joseph Judge To: Peter Newman , "'Adam Shostack'" Cc: Firewalls mailing list Subject: RE: How do Firewalls deal with the Ident Protocol? Date: Tue, 2 Dec 1997 11:19:06 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have to agree. If you take the stance as Adam offers, then you are the "deny all except what you choose to allow" --- which places you in a *proactive* position. If you do not, then you are the "all everything (or a lot of things) except what you choose not to allow" -- which places you in a *reactive* position. Again -- this is not black and white. The more you move away from the first position ... the more you expose, the more you move down the gradient towards that second position. The Ches&Bellovin "if you don't need it, don't install it" philosophy enforces the first stance -- as Adam just explained. Its the simple choices like the "lets do ident" or "why not let echo through" that set the stage for pain later on (and I know of this pain from personal experience :-) - joe ---------- From: Adam Shostack[SMTP:adam@homeport.org] Sent: Monday, December 01, 1997 10:37 PM To: Peter Newman Cc: Firewalls mailing list Subject: Re: How do Firewalls deal with the Ident Protocol? I disagree fundamentally with the claim that a firewall should be configured to cooperate except where needed for security reasons. Is the TCP echo service dangerous (port 7)? Many people said no, until the idea of combining it with address spoofing became popular. The idea of allowing everything but the needed protocols leaves you vulnerable to every new attack that comes along. It creates a constituency for things with small business justification, as people have been able to do all sorts of things, and now you have to turn them off. Choose carefully what you need to pass (in both directions), and deny everything else. Those who do this spend fewer weekends in the office patching the latest holes. (This argument is expounded on at great length in the introduction to Cheswick & Bellovin's excellent little book 'Firewalls and Internet Security.' There have been lots of books on firewalls published since theirs; few contain so much useful knowledge, and none of those comes in at less than three times the page count.) Adam Peter Newman wrote: | Adam, | | At 02:52 1/12/97 -0500, Adam Shostack wrote: | > As a FW admin, I'd see no reason to pass identd. It can't be | >relied on as an authentication mechanism, its been used as an attack | >vector. So, I'd disagree that 'correct' configuration is to send | >these auth checks to the interior host. | | ...agreed. | | > The polite thing to do is to configure the packet filter to | >send a RST to any identd packet it gets, indicating that the recieving | >host doesn't support identd, and getting past the obnoxious timeouts. | | This is a courtesy thing I realise, however the only loss of service is to | the users inside the firewall. So my point of view is that the firewall | connecting a LAN to the internet should be configured to co-operate with | all internet protocols. Polite refusals where needed for security reasons | of course. FW admins might disagree with me on this point? -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-list Tue Dec 2 08:32:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA16058; Tue, 2 Dec 1997 08:24:48 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id IAA16039 for ; Tue, 2 Dec 1997 08:24:42 -0800 (PST) Received: (qmail 24357 invoked from smtpd); 2 Dec 1997 16:27:48 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 2 Dec 1997 16:27:48 -0000 Received: from baileynm.com (grendel.nmti.com [198.178.0.150]) by web.nmti.com (8.6.12/8.6.9) with SMTP id KAA13398; Tue, 2 Dec 1997 10:20:17 -0600 Received: by baileynm.com; (5.65v3.2/1.1.8.2/08Sep97-0924AM) id AA30252; Tue, 2 Dec 1997 10:17:51 -0600 From: Peter da Silva Message-Id: <9712021617.AA30252@baileynm.com> Subject: Re: Growing trend.. To: mht@clark.net Date: Tue, 2 Dec 1997 10:17:51 -0600 (CST) Cc: firewalls@greatcircle.com In-Reply-To: <3.0.3.32.19971202063958.039b4a00@pop3.clark.net> from "mht@clark.net" at Dec 2, 97 06:39:58 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Would anybody predict what is next?? :) Microsoft acquires Sun, Apple, Intel, and the US Justice Department. From owner-firewalls-list Tue Dec 2 09:13:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA19463; Tue, 2 Dec 1997 08:58:17 -0800 (PST) Received: from servant (servant.mccaw-stg.com [205.172.10.40]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id IAA19448 for ; Tue, 2 Dec 1997 08:58:06 -0800 (PST) Received: from radiatore.mccaw-stg.com by servant (SMI-8.6/SMI-SVR4) id JAA27096; Tue, 2 Dec 1997 09:00:14 -0800 Received: by radiatore.mccaw-stg.com (SMI-8.6/SMI-SVR4) id JAA04149; Tue, 2 Dec 1997 09:00:14 -0800 Date: Tue, 2 Dec 1997 09:00:14 -0800 From: peter.gregory-unix@mccaw-stg.com (Peter Gregory) Message-Id: <199712021700.JAA04149@radiatore.mccaw-stg.com> To: firewalls@greatcircle.com Subject: Re: Growing trend.. Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: aqiO8GPJpvl3le3aGJSvgA== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > As I just opened the morning paper, I read that Axent Technologies just > > purchased Raptor Systems for a very large sum of money. earlier last week > > I read Checkpoint Technologies to integrate ISS RealSecure into their > > firewall offering. PGP was purchased by Network Associates. Lucent > > Technologies purchases Livingston Enterprises. Earlier this summer, > > Trusted Information Systems acquired HayStack .. > > > > Would anybody predict what is next?? :) > > The NSA will purchase Marcus J. Ranum. Then Microsoft will buy the NSA. -pg -- Peter Gregory [NICname PG11] peter.gregory@attws.com IT Manager, AT&T Wireless Services, Strategic Technologies Group From owner-firewalls-list Tue Dec 2 11:02:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA26050; Tue, 2 Dec 1997 09:38:41 -0800 (PST) Received: from relay1.smtp.psi.net (relay1.smtp.psi.net [38.8.14.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA26028 for ; Tue, 2 Dec 1997 09:38:34 -0800 (PST) Received: from ccmailink.vsebav.com by relay1.smtp.psi.net (8.8.5/SMI-5.4-PSI) id MAA17702; Tue, 2 Dec 1997 12:41:41 -0500 (EST) Received: from ccMail by ccmailink.vsebav.com (IMA Internet Exchange 2.02 Enterprise) id 48447F50; Tue, 2 Dec 97 12:40:05 -0500 Mime-Version: 1.0 Date: Tue, 2 Dec 1997 12:38:54 -0500 Message-ID: <48447F50.@vsebav.com> From: List_Mail@vsebav.com (List_Mail) Subject: Seesion Wall-3 To: firewalls@GreatCircle.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In Windows NT Magazine, October 1997 issue page 85, there is an article on Session Wall-3, a firewall that you can place inside the internal network. It's both a network monitor and a firewall. Does anyone has any experience with this product ? I am looking at Checkpoint 3.x and Cyberguard as the firewall for my company. If you have any comments on these product please email me. Thanks in advance for your assistance. From owner-firewalls-list Tue Dec 2 11:03:34 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA04473; Tue, 2 Dec 1997 10:16:06 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA02264 for ; Tue, 2 Dec 1997 10:07:02 -0800 (PST) From: mht@clark.net Received: from highlander (134.middletown-07.va.dial-access.ATT.net [12.68.19.134]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id NAA09725; Tue, 2 Dec 1997 13:09:15 -0500 Message-Id: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 02 Dec 1997 13:09:13 -0500 To: peter.gregory-unix@mccaw-stg.com (Peter Gregory), firewalls@GreatCircle.COM Subject: Re: Growing trend.. In-Reply-To: <199712021700.JAA04149@radiatore.mccaw-stg.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk OK, the growing trend for companies is produce a product which interoperates with other products that other companies are manufacturing at some point in time either they strategically align together or combine themselves together to make one entity instead of two.. The growing trend in the last few months is for policy type products and intrusion type test companies to merge with firewall software and/hardware companies. This takes care of the product side of things. Over the summer months and early fall, we saw the big auditing type companies combine their work force together to enhance their consulting type offerings and combine their customer base. The next logical step is to combine product companies with the auditing type companies.. The final step after that is to combine the auditing companies and the long distance carrier companies together.. combining all product, all people and telecommunication together. One stop shopping.. my .02 /mht -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Tue Dec 2 11:57:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA15387; Tue, 2 Dec 1997 11:15:57 -0800 (PST) Received: from mhub0.tc.umn.edu (mhub0.tc.umn.edu [128.101.131.50]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id KAA12134 for ; Tue, 2 Dec 1997 10:51:47 -0800 (PST) Received: from ngwmail1.ndis.umn.edu by mhub0.tc.umn.edu; Tue, 2 Dec 97 12:54:19 -0600 Received: from UMN-Message_Server by ngwmail1.ndis.umn.edu with Novell_GroupWise; Tue, 02 Dec 1997 12:54:35 -0600 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Tue, 02 Dec 1997 12:54:42 -0600 From: Paul Vitko To: peter@baileynm.com, mht@CLARK.NET Cc: firewalls@GreatCircle.COM Subject: Re: Growing trend.. -Reply Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Bill sees the light, wanders the earth babbling about light, sound and time while the rest of the industry falls in the hands of the 'mob of darkness' which brings about industry standardization thru basic persuasive methods of threats, which brings us right back to Bill, who was last seen wandering the earth... >>> Peter da Silva 12/02/97 10:17am >>> > Would anybody predict what is next?? :) Microsoft acquires Sun, Apple, Intel, and the US Justice Department. From owner-firewalls-list Tue Dec 2 11:59:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA19986; Tue, 2 Dec 1997 11:39:03 -0800 (PST) Received: from gotham.mcny.com ([207.122.13.30]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA19950 for ; Tue, 2 Dec 1997 11:38:53 -0800 (PST) Received: from localhost (mcnyweb@localhost) by gotham.mcny.com (8.8.5/8.7.2) with SMTP id OAA17423; Tue, 2 Dec 1997 14:37:40 -0500 (EST) Date: Tue, 2 Dec 1997 14:37:40 -0500 (EST) From: Media Connection To: Joseph Judge cc: Peter Newman , "'Adam Shostack'" , Firewalls mailing list Subject: RE: How do Firewalls deal with the Ident Protocol? In-Reply-To: <01BCFF14.1B3024A0@joespc.judgefamily.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Can someone please tell me how to usubscribe and subsubcribe? Thanks! On Tue, 2 Dec 1997, Joseph Judge wrote: > > > I have to agree. > > If you take the stance as Adam offers, then you are the > "deny all except what you choose to allow" --- which > places you in a *proactive* position. > > If you do not, then you are the "all everything (or a lot of > things) except what you choose not to allow" -- which > places you in a *reactive* position. > > Again -- this is not black and white. The more you move > away from the first position ... the more you expose, > the more you move down the gradient towards that second > position. > > The Ches&Bellovin "if you don't need it, don't install it" > philosophy enforces the first stance -- as Adam just > explained. > > Its the simple choices like the "lets do ident" or "why not let > echo through" that set the stage for pain later on (and I know > of this pain from personal experience :-) > > - joe > > > ---------- > From: Adam Shostack[SMTP:adam@homeport.org] > Sent: Monday, December 01, 1997 10:37 PM > To: Peter Newman > Cc: Firewalls mailing list > Subject: Re: How do Firewalls deal with the Ident Protocol? > > > I disagree fundamentally with the claim that a firewall should be > configured to cooperate except where needed for security reasons. > > Is the TCP echo service dangerous (port 7)? Many people said no, > until the idea of combining it with address spoofing became popular. > > The idea of allowing everything but the needed protocols leaves you > vulnerable to every new attack that comes along. It creates a > constituency for things with small business justification, as people > have been able to do all sorts of things, and now you have to turn > them off. > > Choose carefully what you need to pass (in both directions), and deny > everything else. Those who do this spend fewer weekends in the office > patching the latest holes. > > (This argument is expounded on at great length in the introduction to > Cheswick & Bellovin's excellent little book 'Firewalls and Internet > Security.' There have been lots of books on firewalls published since > theirs; few contain so much useful knowledge, and none of those > comes in at less than three times the page count.) > > Adam > > > Peter Newman wrote: > | Adam, > | > | At 02:52 1/12/97 -0500, Adam Shostack wrote: > | > As a FW admin, I'd see no reason to pass identd. It can't be > | >relied on as an authentication mechanism, its been used as an attack > | >vector. So, I'd disagree that 'correct' configuration is to send > | >these auth checks to the interior host. > | > | ...agreed. > | > | > The polite thing to do is to configure the packet filter to > | >send a RST to any identd packet it gets, indicating that the recieving > | >host doesn't support identd, and getting past the obnoxious timeouts. > | > | This is a courtesy thing I realise, however the only loss of service is to > | the users inside the firewall. So my point of view is that the firewall > | connecting a LAN to the internet should be configured to co-operate with > | all internet protocols. Polite refusals where needed for security reasons > | of course. FW admins might disagree with me on this point? > > > -- > "It is seldom that liberty of any kind is lost all at once." > -Hume > > > > > > From owner-firewalls-list Tue Dec 2 12:51:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA21710; Tue, 2 Dec 1997 11:51:45 -0800 (PST) Received: from main.aeneas.net (main.aeneas.net [207.203.176.23]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id LAA21685 for ; Tue, 2 Dec 1997 11:51:39 -0800 (PST) Received: from pmj330.aeneas.net (pmj330.aeneas.net [207.203.177.45]) by main.aeneas.net (8.6.12/8.6.9) with SMTP id NAA24571 for ; Tue, 2 Dec 1997 13:54:48 -0600 Message-ID: <348482D6.649@aeneas.net> Date: Tue, 02 Dec 1997 13:51:18 -0800 From: Guy X-Mailer: Mozilla 2.02E-BSNET (Win16; U) MIME-Version: 1.0 To: firewalls@GreatCircle.com Subject: Security Training Question Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Jumping on the thread I saw recently on the subject of security training etc. - has anyone ever attended any seminars/training sessions given by MISTI? Sorry I don't remember what the letters stand for right now - I'm sure (something) Information Security Training Institute. I would appreciate any comments from anyone who attended one of their sessions. I need to know if they are worthwhile. Thanks, Guy Turner From owner-firewalls-list Tue Dec 2 12:51:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA21077; Tue, 2 Dec 1997 11:47:07 -0800 (PST) Received: from freedom.gmsociety.org ([209.116.153.41]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA21043 for ; Tue, 2 Dec 1997 11:46:53 -0800 (PST) Received: (from brad@localhost) by freedom.gmsociety.org (8.8.8/8.8.5) id OAA20051; Tue, 2 Dec 1997 14:49:33 -0500 From: Brad Message-Id: <199712021949.OAA20051@freedom.gmsociety.org> Subject: Re: Growing trend.. To: peter@baileynm.com (Peter da Silva) Date: Tue, 2 Dec 1997 14:49:32 -0500 (EST) Cc: firewalls@greatcircle.com In-Reply-To: <9712021617.AA30252@baileynm.com> from "Peter da Silva" at Dec 2, 97 10:17:51 am X-Mailer: ELM [version 2.4 PL25 PGP7] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ok, this may be a little too far but.... Microsoft acquires Church of Scientology, and the Mormon Church, and promptly disolves both as being non-compatible with WindowsNT. Microsoft aquires rights to Branch Davidion label for its new line of firewalls. Microsoft goes straightto the source, acquires God......God 2.0, with service packs will ba available in late '98. From owner-firewalls-list Tue Dec 2 14:59:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA00113; Tue, 2 Dec 1997 12:41:21 -0800 (PST) Received: from filer1.isc.rit.edu (filer1.isc.rit.edu [129.21.3.106]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id MAA29954 for ; Tue, 2 Dec 1997 12:41:09 -0800 (PST) Received: from grace.isc.rit.edu by osfmail.isc.rit.edu (PMDF V5.1-10 #21576) with ESMTP id <0EKK00C01XLMO1@osfmail.isc.rit.edu> for firewalls@GreatCircle.COM; Tue, 2 Dec 1997 15:44:10 -0500 (EST) Received: from localhost (jlt8903@localhost) by grace.isc.rit.edu (8.8.5/8.8.5) with SMTP id PAA23231 for ; Tue, 02 Dec 1997 15:44:12 -0500 (EST) Date: Tue, 02 Dec 1997 15:44:12 -0500 (EST) From: Jason Terwilliger Subject: Building my library X-Sender: jlt8903@grace.isc.rit.edu To: firewalls@GreatCircle.COM Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII X-Authentication-warning: grace.isc.rit.edu: jlt8903 owned process doing -bs Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi everyone.. I was wondering if any of you could give some reccomendations on building my computer security library. Right now, I have the most well known books as the cornerstone of my collection: Essential System Administration (Frisch) Internet Security Professional Reference (Hare, et. al) Internet Firewalls and Network Security (Siyan and Hare) Practicle UNIX and Internet Security (Garfinkel and Spafford) Building Internet Firewalls (Chapman and Zwicky) I'd appreciate any other reccomendations (books, magazines, etc) that would expand on the basics. Also, I would like reccomendations on UNIX Scripting books..I have found only two around, any reccomendations in that are also gratefully accepted. thanks for your help! ~Jason From owner-firewalls-list Tue Dec 2 15:07:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id NAA07049; Tue, 2 Dec 1997 13:16:39 -0800 (PST) Received: from out.tracor.com (in.tracor.com [131.189.127.250]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id NAA05270 for ; Tue, 2 Dec 1997 13:09:03 -0800 (PST) Received: from galileo.tracor.com (galileo.tracor.com [131.189.101.200]) by out.tracor.com (8.6.12/8.6.12) with ESMTP id PAA09259 for ; Tue, 2 Dec 1997 15:12:37 -0600 Received: from trexchaus1.tracor.com ([131.189.209.250]) by galileo.tracor.com (8.6.12/8.6.12) with ESMTP id PAA10527 for ; Tue, 2 Dec 1997 15:12:35 -0600 Received: by TREXCHAUS1 with Internet Mail Service (5.0.1458.49) id ; Tue, 2 Dec 1997 15:12:48 -0600 Message-ID: <71C24EF75442D111A26F00805F952E1803EA6E@TREXCHAUS1> From: "Duplissey, Tom" To: "'firewalls@greatCircle.com'" Cc: "'list_mail@vsebav.com'" Subject: RE: Seesion Wall-3 Date: Tue, 2 Dec 1997 15:12:47 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Session Wall-3 is a great product but it is not a stateful inspection firewall such as CheckPoint. It is a great monitoring tool. The best I've seen to date. The Eval is available at: www.abirnet.com. Enjoy! > -----Original Message----- > From: List_Mail@vsebav.com [SMTP:List_Mail@vsebav.com] > Sent: Tuesday, December 02, 1997 11:39 AM > To: firewalls@GreatCircle.COM > Subject: Seesion Wall-3 > > In Windows NT Magazine, October 1997 issue page 85, there is an > article on Session Wall-3, a firewall that you can place inside > the > internal network. It's both a network monitor and a firewall. > Does > anyone has any experience with this product ? > > I am looking at Checkpoint 3.x and Cyberguard as the firewall for > my > company. If you have any comments on these product please email > me. > > Thanks in advance for your assistance. From owner-firewalls-list Tue Dec 2 15:13:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA25521; Tue, 2 Dec 1997 14:42:58 -0800 (PST) Received: from master.ibmcyrix.org (slip129-37-123-198.mo.us.ibm.net [129.37.123.198]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA25496 for ; Tue, 2 Dec 1997 14:42:49 -0800 (PST) From: daemond@ibm.net Received: (from smap@localhost) by master.ibmcyrix.org (8.8.8/8.8.5) id RAA04915; Tue, 2 Dec 1997 17:50:33 -0500 (EST) X-Authentication-Warning: master.ibmcyrix.org: smap set sender to using -f Received: from localhost(127.0.0.1) by master.ibmcyrix.org via smap (V2.0) id xma004913; Tue, 2 Dec 97 17:50:25 -0500 Date: Tue, 2 Dec 1997 17:50:18 -0500 (EST) X-Sender: daemond@master.ibmcyrix.org To: Michael Sorbera cc: William Cooper , firewalls@greatcircle.com Subject: Re: FW-1 makes OS not vulnerable? In-Reply-To: <3482E865.7001C1D5@ibm.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Hope this helps some. I don't believe it though. How can another > vendor produce a "hardened" version of NT when Microsloft can't? Need you ask? Geoff daemond@ibm.net From owner-firewalls-list Tue Dec 2 15:57:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA22056; Tue, 2 Dec 1997 14:25:05 -0800 (PST) Received: from ivy.tc.pw.com (ivy.tc.pw.com [131.209.1.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA21981 for ; Tue, 2 Dec 1997 14:24:47 -0800 (PST) From: Omer_Useche@venezuela.notes.pw.com Received: by ivy.tc.pw.com; id OAA03522; Tue, 2 Dec 1997 14:38:04 -0800 (PST) Received: from cactus.tc.pw.com(131.209.7.48) by ivy.tc.pw.com via smap (3.2) id xma003256; Tue, 2 Dec 97 14:37:37 -0800 Received: (from notes@localhost) by cactus.tc.pw.com (8.8.4/8.7.3) id OAA18475; Tue, 2 Dec 1997 14:37:10 -0800 (PST) Message-Id: <199712022237.OAA18475@cactus.tc.pw.com> To: mht@clark.net cc: firewalls@greatcircle.com Date: Tue, 2 Dec 97 17:15:05 EST Subject: Re: Growing trend.. Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Would anybody predict what is next?? :) Microsoft acquires Sun, Apple, Intel, and the US Justice Department. From owner-firewalls-list Tue Dec 2 16:02:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA21272; Tue, 2 Dec 1997 14:21:03 -0800 (PST) Received: from gotham.mcny.com ([207.122.13.30]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA21148 for ; Tue, 2 Dec 1997 14:20:37 -0800 (PST) Received: from localhost (security@localhost) by gotham.mcny.com (8.8.5/8.7.2) with SMTP id RAA14972 for ; Tue, 2 Dec 1997 17:19:54 -0500 (EST) Date: Tue, 2 Dec 1997 17:19:54 -0500 (EST) From: MCNY Security Officer To: firewalls@GreatCircle.COM Subject: NT Domains In-Reply-To: <199712022049.MAA01639@honor.greatcircle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Thanks in advance for any help. We have 2 Networks, one private and one public. There is a domain controller that controlled all of our NT machines before we installed the firewall. We moved some of the machines onto the public network (numbering them 206.24.16.* net mask 255.255.255.128). We moved the other machines onto the private network (number them 10.24.16.* net mask 255.255.255.0). The Domain Controller remains on the private network. Needless to say, the Public machines cannot logon to the Domain Controller since the Public Machines cannot speak to the private network. How should we configure the Domain Controller so the Public machines can logon to the network? Should we: 1) Allow the public machines to access the domain controller through the firewall (what protocol is this, btw?) 2) Create a new Domain for the Public Machines? Any help with this configuration would be greatly appreciated. Thanks, Lou http://www.mcny.com From owner-firewalls-list Tue Dec 2 16:15:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA23635; Tue, 2 Dec 1997 14:33:08 -0800 (PST) Received: from ee.net (ee.net [206.31.38.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA23583 for ; Tue, 2 Dec 1997 14:32:50 -0800 (PST) Received: from squirrel (modem5.columbus.ee.net [206.222.0.5]) by ee.net (8.8.5/8.8.5) with SMTP id RAA06742 for ; Tue, 2 Dec 1997 17:38:22 -0500 (EST) Message-Id: <3.0.1.32.19971202175629.00685b94@ee.net> X-Sender: clydew@ee.net X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Tue, 02 Dec 1997 17:56:29 -0500 To: firewalls@GreatCircle.COM From: Clyde Williamson Subject: Firewall choice Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- Before I get any Anti-NT flames, understrand that I am a UNIX supporter. However my client is not.... They've had experience with NT and Cisco and that's where they want to stay. I'm looking at three options for them: 1) Cisco PIX (my choice of the three) The client uses all Cisco routers so using PIX should be an easy job. 2) Cisco Centri I haven't played with this at all but it's supposedly based on the PIX technology. Any comments or experience with it would be helpful. 3)Raptor's "Eagle NT" I haven't played with the NT version of Eagle either. Any thoughts? I'm looking for the most secure answers... they want two to choose from so I'm going to offer PIX and one NT option.... Thanks for any help!!!! -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.0 Charset: noconv iQEVAwUBNISSCseWPtttGqZhAQENrQf/R8yKo0jvSPDdAyxtuEZu9uD4uib3tu+j rYR+taiHlOvFuPSMfjDueONbMC6zf4QE5etwt+kq0DwCqWQ+0JUwyPwhsgtlKyze YDxfjFe2LPtkb7kwmpWWpbXfr3VN9TK8HbNeiTm/j6hXkoO6ihJEFumwUfF2C9tD X3vSUZ+DJnHutuCeoKD107dd+UWKO1FxygRDW63Jhyn5oqllC6MRkyMuZ1dBP1qe 9ZCuqos+2981ww4BYDEjNqk2bzT9guC4q9XkZ3CD/UiMVafdQRNPaRFg72KdU0+q tbdL/yVj85R1PMvIh5muK6KP+OeJxIjPZpVluFDYXK4BPmNBHZg/PQ== =4Idc -----END PGP SIGNATURE----- Clyde Williamson http://users1.ee.net/clydew Death to smalll keys! We cracked DES!!! http://www.frii.com/~rcv/deschall.htm From owner-firewalls-list Tue Dec 2 16:58:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA07606; Tue, 2 Dec 1997 15:39:52 -0800 (PST) Received: from cti06.citenet.net (cti06.citenet.net [206.123.38.70]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA07587 for ; Tue, 2 Dec 1997 15:39:45 -0800 (PST) Received: from martin-dion (MatriX_Spi@g39-214.citenet.net [206.123.39.214]) by cti06.citenet.net (8.8.7/8.6.12) with SMTP id SAA15600; Tue, 2 Dec 1997 18:48:39 -0500 (EST) Message-Id: <2.2.32.19971202234248.006afca8@citenet.net> X-Sender: matrix@citenet.net X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 02 Dec 1997 18:42:48 -0500 To: Jason Terwilliger , firewalls@GreatCircle.COM From: MatriX Spider Subject: Re: Building my library Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've bought a good one a few weeks ago... good tutorial approach, howesome piece for teacher who might like to drive a class on Infosec... Network and Internetwork Security: Principles & Practice by William Stallings published by Prentice Hall. From owner-firewalls-list Tue Dec 2 17:19:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA01099; Tue, 2 Dec 1997 15:11:13 -0800 (PST) Received: from mr.malmstrom.af.mil ([131.53.129.233]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA01030 for ; Tue, 2 Dec 1997 15:10:59 -0800 (PST) Received: from stitzelj.malmstrom.af.mil (stitzelj.malmstrom.af.mil [131.53.129.82]) by mr.malmstrom.af.mil (8.7.6/8.7.3) with SMTP id RAA15455 for ; Tue, 2 Dec 1997 17:26:12 -0700 Message-Id: <3.0.2.32.19971202160914.007a6b20@mr.malmstrom.af.mil> X-Sender: stitzelj@mr.malmstrom.af.mil X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.2 (32) Date: Tue, 02 Dec 1997 16:09:14 -0700 To: firewalls@GreatCircle.COM From: Jon Stitzel Subject: Gauntlet console Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm in the process of testing a Gauntlet Firewall (v4.0) for my network and was wondering if there is any way to connect an admin console directly to the firewall via serial? I've got the Gauntlet on a Sparc20 running Solaris v2.5.1 and the admin machine is a pc running Win95. I've looked through all the FAQs I could find, but no luck. Has anyone heard of this arrangement being possible? From owner-firewalls-list Tue Dec 2 17:57:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA23125; Tue, 2 Dec 1997 16:46:56 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA05893 for ; Tue, 2 Dec 1997 15:33:25 -0800 (PST) Received: from mail.the-wire.com by mycroft.GreatCircle.COM (8.8.5/SMI-4.1/Brent-970426) id PAA12549; Tue, 2 Dec 1997 15:35:35 -0800 (PST) Received: from anton.the-wire.com (anton.the-wire.com [205.206.32.227]) by mail.the-wire.com (8.8.8/8.8.8) with SMTP id SAA16014; Tue, 2 Dec 1997 18:34:34 -0500 (EST) Message-Id: <3.0.32.19971202182745.00a32100@mail.the-wire.com> X-Sender: anton@mail.the-wire.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 02 Dec 1997 18:37:23 -0500 To: Peter da Silva , mht@clark.net From: Anton J Aylward Subject: Re: Growing trend.. Cc: firewalls@GreatCircle.COM Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 10:17 AM 02/12/97 -0600, Peter da Silva wrote: ## Reply Start ## >> Would anybody predict what is next?? :) > >Microsoft acquires Sun, Apple, Intel, and the US Justice Department. I seem to recall seeing a April Fools style press release which stated that Microsoft had taken over the US Government. Peter, perhaps you would like to redo your posting in that style, and add comments about making Java Active-X compliant ;-) /anton ## Reply End ## From owner-firewalls-list Tue Dec 2 18:12:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA09800; Tue, 2 Dec 1997 17:51:11 -0800 (PST) Received: from kokoro.kokoro.com (user023.innisres.utoronto.ca [128.100.192.23]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA09749 for ; Tue, 2 Dec 1997 17:51:01 -0800 (PST) Received: from localhost (hakim@localhost) by kokoro.kokoro.com (8.8.4/8.8.4) with SMTP id UAA01091; Tue, 2 Dec 1997 20:53:18 -0500 X-Authentication-Warning: kokoro.kokoro.com: hakim owned process doing -bs Date: Tue, 2 Dec 1997 20:53:18 -0500 (EST) From: Richard Hakim X-Sender: hakim@kokoro Reply-To: richard@kokoro.com To: firewalls@greatcircle.com, linux-security@redhat.com Subject: Securing a Linux Kernel Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi there, There has been some discussion previously about the merits of various OS's as firewall hosts. One post that caught my eye especially was someone saying "Well, I can configure a Linux kernel so it never goes down, but as with all things you need to know what to enable and what to disable." That, in essence, is my question. I'd like to set up a Linux system as a firewall, and want to know what kernel options should be disabled to make a secure (and stable!) system. Thanks, Richard Hakim richard@kokoro.com From owner-firewalls-list Tue Dec 2 18:27:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA05212; Tue, 2 Dec 1997 17:31:05 -0800 (PST) Received: from cortex.NSMA.Arizona.EDU (cortex.NSMA.Arizona.EDU [128.196.180.125]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA05184 for ; Tue, 2 Dec 1997 17:30:53 -0800 (PST) Received: from cortex (localhost [127.0.0.1]) by cortex.NSMA.Arizona.EDU (8.7.5/8.7.5) with ESMTP id SAA01367; Tue, 2 Dec 1997 18:36:53 -0700 (MST) Message-Id: <199712030136.SAA01367@cortex.NSMA.Arizona.EDU> To: firewalls@greatcircle.com Cc: Jason Terwilliger , ddw@cortex.NSMA.Arizona.EDU Subject: Re: Building my library In-reply-to: Your message of "Tue, 02 Dec 1997 15:44:12 EST." Date: Tue, 02 Dec 1997 18:36:52 -0700 From: Doug Wellington Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Previously: > I was wondering if any of you could give some reccomendations on >building my computer security library. Right now, I have the most well >known books as the cornerstone of my collection: > > Essential System Administration (Frisch) Add (or replace with, as the case may be): Unix System Administration Handbook (Nemeth, Snyder, Seebass and Hein) > Internet Security Professional Reference (Hare, et. al) > Internet Firewalls and Network Security (Siyan and Hare) Don't know anything about those... > Practicle UNIX and Internet Security (Garfinkel and Spafford) > Building Internet Firewalls (Chapman and Zwicky) Good books. Add: Cheswick and Bellovin - my old brain can't remember the actual title. (Something about tracking the wiley hacker or some such - should be the first book on your list though, IMHO...) >I'd appreciate any other reccomendations (books, magazines, etc) that >would expand on the basics. Hmmm, those last couple go way past the basics... If you want to add anything, get Rich Stevens' three TCP/IP, Illustrated books and maybe the Design and Implementation of 4.4BSD OS and The Magic Garden books. Oh, and don't forget John Lyons' commentary on the Unix source code... Get the O'Reilly book on NIS and NFS, and then a couple of the O'Reilly books on X windows - #8, the Administrator's Guide, and #0, the Protocol Reference Manual. Get O'Reilly's book on Sendmail and Fred Avolio's (Hmm, hope I spelled that right Fred...) book on Sendmail. Oh, yeah, don't forget O'Reilly's book on DNS and BIND. Hell, just buy the whole damn O'Reilly line! Also get The Web Security Handbook. (Apologies to the other authors, but the only author name I remember on that is Marcus Ranum...) Get the apache source code and read it... Cruise the COAST web site and read all the public papers, hit the CERT web site and do the same. Wander down to the Auscert site, then hit your favorite web index and search for unix and security. Oh yeah, don't forget to go to the ATT site and read their other papers about security. Look for "Berford". Don't forget the site security handbook, which is RFC 2196, available free at any RFC site near you. Get all the RFCs that you can stand and read them. Sign up for the LACC, BOS, Bugtraq, NTbugtraq, etc email lists... Get all the freebee firewall tools and read all the source code. For starters, get the tcp wrappers, socks, ipfw, ipfilter and maybe fwtk and freestone... Get the Linux, FreeBSD, NetBSD and OpenBSD source code and read the networking code... Get a cisco router and learn how to program it... Learn SNMP and RMON... If you're interested in the encryption side, get pgp and kerberos and of course skey and opie... Buy Bruce Schneier's book on crypto and maybe the books from CRC press and that really good German publisher that I can never remember the name of... ...oh, yeah, Springer Verlag! Then again, the best way to find out about security is to put your own Unix box on the Internet and wait for it to be broken into. Use a plain vanilla SunOS, SGI or Linux box and don't try to secure it first. If you want to draw hackers to your site, but up a provocative web page on it... ;-) (If you really want to see how the hacking is done, have a second box grabbing all the packets off the wire as it's happening...) >Also, I would like reccomendations on UNIX Scripting books.. Shell scripting? Check out the man pages or the documentation that comes with bash, pdksh or tcsh... Or scripting languages? Check out the O'Reilly books on Perl and Python and Brent Welch's Practical Programming in Tcl and Tk. Also Exploring Expect by Don Libes. If you really want to get into Unix, get The Unix Programming Environment, Twenty Five Years of Unix, The Unix Philosophy, and Life With Unix... Once you get past The Unix Programming Environment, get Rich Stevens' Advanced Programming in the Unix Environment. If you like his TCP/IP books, you might also want to get his Unix Network Programming book, which he just revised. ...just a few things off the top of my head. I'm pretty sure I didn't get all the names and/or titles right, but they should be close enough... Let me know when you've gotten through all that. There will be a quiz...! ;-) -Doug Doug Wellington ddw@nsma.arizona.edu Network and System Administrator ARL, Division of Neural Systems, Memory and Aging The University of Arizona, Tucson, AZ (520) 626-6023 (520) 291-0481 pager (520) 626-2618 fax I DON'T buy anything from spammers, and I KEEP TRACK OF WHO SPAMS ME. I put up with ads on the TV because they pay for programming. When spammers pay for the Internet, then I'll start putting up with spam. From owner-firewalls-list Tue Dec 2 18:57:34 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id NAA09623; Tue, 2 Dec 1997 13:28:23 -0800 (PST) Received: from mako.netlink.co.nz (mako.netlink.co.nz [202.37.60.47]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id NAA09594 for ; Tue, 2 Dec 1997 13:28:14 -0800 (PST) Received: from dave.loka.co.nz (loka.wn.netlink.net.nz [202.37.61.23]) by mako.netlink.co.nz (8.8.6/8.8.6) with SMTP id KAA02896 for ; Wed, 3 Dec 1997 10:31:17 +1300 (NZDT) Received: by dave.loka.co.nz with Microsoft Mail id <01BCFFD7.323DE560@dave.loka.co.nz>; Wed, 3 Dec 1997 10:35:38 +1300 Message-ID: <01BCFFD7.323DE560@dave.loka.co.nz> From: D Cathro To: "'Firewalls@GreatCircle.COM'" Subject: Re: Dial-out modem pool Date: Wed, 3 Dec 1997 10:35:36 +1300 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Thanks to all for the helpful advice regarding dial-out modem pools, and = I hope to have fun over the next few days sorting out which product set = to use. I have had several people suggest the Shiva Access Switch with Access = Manager. Others suggestions included the Emulex product, Spartacom, and = Netware Connect. Others have suggested using Telnet sessions to the access server and = using Radius or Tacacs to do the authentication and accounting. I have = been told that at least some of the Cisco Access Severs also support a = NASI interface to make life a bit easier, although I think this would = mandate the use of IPX within the network. =20 I need to point out an error on my part in my original posting. I said = quote" One product I am aware of is the SpartaCom/3Com joint development = SAPS. This appears to use a NetBIOS transport which is unsuitable for = our networking requirements."=20 I have checked the Spartacom Web site and it appears that SAPS will use = any NetBIOS compatible transport. e.g.. NetBIOS over IP, IPX, etc. Thanks -- David Cathro Email david@loka.co.nz The opinions expressed are mine, and do not necessarily those of my = employer.=20 From owner-firewalls-list Tue Dec 2 18:57:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA12582; Tue, 2 Dec 1997 18:05:17 -0800 (PST) Received: from matilda.hcn.net.au (matilda.hcn.net.au [203.61.211.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA12543 for ; Tue, 2 Dec 1997 18:04:55 -0800 (PST) Received: from kryton (d2-1.cpe.Canberra.aone.net.au [203.12.189.2]) by matilda.hcn.net.au (8.8.5/8.8.5) with SMTP id NAA04412; Wed, 3 Dec 1997 13:08:15 +1100 (EST) Message-Id: <3.0.1.32.19971203120459.00a13100@mail01.cbr.hcn.net.au> X-Sender: ha000840@mail01.cbr.hcn.net.au X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Wed, 03 Dec 1997 12:04:59 +1000 To: Joseph Judge , "'Adam Shostack'" From: Peter Newman Subject: RE: How do Firewalls deal with the Ident Protocol? Cc: Firewalls mailing list In-Reply-To: <01BCFF14.1B3024A0@joespc.judgefamily.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Guys, I realise my view is somewhat simplistic (and even a little naive) from an open systems perspective. Guys who give their opinions without having proper backgrounds I find annoying. Will be reading the Cheswick's and Bellovin's text now... Cheers, Pete. At 11:19 2/12/97 -0500, Joseph Judge wrote: > > >I have to agree. > >If you take the stance as Adam offers, then you are the >"deny all except what you choose to allow" --- which >places you in a *proactive* position. > >If you do not, then you are the "all everything (or a lot of >things) except what you choose not to allow" -- which >places you in a *reactive* position. > >Again -- this is not black and white. The more you move >away from the first position ... the more you expose, >the more you move down the gradient towards that second >position. > >The Ches&Bellovin "if you don't need it, don't install it" >philosophy enforces the first stance -- as Adam just >explained. > >Its the simple choices like the "lets do ident" or "why not let >echo through" that set the stage for pain later on (and I know >of this pain from personal experience :-) > > - joe > > >---------- >From: Adam Shostack[SMTP:adam@homeport.org] >Sent: Monday, December 01, 1997 10:37 PM >To: Peter Newman >Cc: Firewalls mailing list >Subject: Re: How do Firewalls deal with the Ident Protocol? > > >I disagree fundamentally with the claim that a firewall should be >configured to cooperate except where needed for security reasons. > >Is the TCP echo service dangerous (port 7)? Many people said no, >until the idea of combining it with address spoofing became popular. > >The idea of allowing everything but the needed protocols leaves you >vulnerable to every new attack that comes along. It creates a >constituency for things with small business justification, as people >have been able to do all sorts of things, and now you have to turn >them off. > >Choose carefully what you need to pass (in both directions), and deny >everything else. Those who do this spend fewer weekends in the office >patching the latest holes. > >(This argument is expounded on at great length in the introduction to >Cheswick & Bellovin's excellent little book 'Firewalls and Internet >Security.' There have been lots of books on firewalls published since >theirs; few contain so much useful knowledge, and none of those >comes in at less than three times the page count.) > >Adam > > >Peter Newman wrote: >| Adam, >| >| At 02:52 1/12/97 -0500, Adam Shostack wrote: >| > As a FW admin, I'd see no reason to pass identd. It can't be >| >relied on as an authentication mechanism, its been used as an attack >| >vector. So, I'd disagree that 'correct' configuration is to send >| >these auth checks to the interior host. >| >| ...agreed. >| >| > The polite thing to do is to configure the packet filter to >| >send a RST to any identd packet it gets, indicating that the recieving >| >host doesn't support identd, and getting past the obnoxious timeouts. >| >| This is a courtesy thing I realise, however the only loss of service is to >| the users inside the firewall. So my point of view is that the firewall >| connecting a LAN to the internet should be configured to co-operate with >| all internet protocols. Polite refusals where needed for security reasons >| of course. FW admins might disagree with me on this point? > > >-- >"It is seldom that liberty of any kind is lost all at once." > -Hume > > > > > > > From owner-firewalls-list Tue Dec 2 19:27:30 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA21834; Tue, 2 Dec 1997 18:46:02 -0800 (PST) Received: from mrin84.mail.aol.com (mrin84.mx.aol.com [198.81.19.194]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA20135 for ; Tue, 2 Dec 1997 18:38:39 -0800 (PST) From: Osticknis1@aol.com Received: (from root@localhost) by mrin84.mail.aol.com (8.8.5/8.7.3/AOL-2.0.0) id VAA07203; Tue, 2 Dec 1997 21:41:39 -0500 (EST) Date: Tue, 2 Dec 1997 21:41:39 -0500 (EST) Message-ID: <971202214139_-1573628988@mrin84.mail.aol.com> To: ryanr@sybase.com, dlang@diginsite.com cc: banz@membrain.com, firewalls@greatcircle.com Subject: Re: Cisco PIX Firewall -- comments? Sender: firewalls-owner@GreatCircle.COM Precedence: bulk How do you get removed from this mailing list again? From owner-firewalls-list Tue Dec 2 19:49:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA20878; Tue, 2 Dec 1997 18:41:32 -0800 (PST) Received: from cs.oberlin.edu (occs.cs.oberlin.edu [132.162.30.128]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA20698 for ; Tue, 2 Dec 1997 18:40:55 -0800 (PST) Received: from occs.cs.oberlin.edu (occs.cs.oberlin.edu [132.162.30.128]) by cs.oberlin.edu (8.8.7/8.6.12) with SMTP id VAA19000 for ; Tue, 2 Dec 1997 21:43:56 -0500 Date: Tue, 2 Dec 1997 21:43:56 -0500 (EST) From: Spencer Mullen To: firewalls@greatcircle.com Subject: Firewall 1 Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does Firewall 1 support tunelling in the manner of pptp? we have the following setup: remote user ------ our cisco ---- fw gatewall ---- mail server We want the cisco to only let have one port/ip open for tunneling. So if remote users wants to check mail, the header of their packet is addressed to fw gateway, which then decrypts the packet and sends it to mail server. When remote user wants to finger @ mail server, the packet is addressed to the same port on fw gateway (the tunnel port) which then decrypts and sends to mail server. thanks for any help, charles mullen From owner-firewalls-list Tue Dec 2 21:12:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id TAA27013; Tue, 2 Dec 1997 19:11:58 -0800 (PST) Received: from mcfeely.bsfs.org (mcfeely.bsfs.org [204.91.13.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id TAA26997 for ; Tue, 2 Dec 1997 19:11:52 -0800 (PST) Received: (from wombat@localhost) by mcfeely.bsfs.org (8.6.12/8.6.12) id UAA25728; Tue, 2 Dec 1997 20:52:32 -0500 Date: Tue, 2 Dec 1997 20:52:29 -0500 (EST) From: Rabid Wombat To: Marcus Sutliff cc: "'Firewalls@GreatCircle.COM'" Subject: Re: Dial-out modem pool In-Reply-To: <34842A94.62344E32@michaelgrp.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 2 Dec 1997, Marcus Sutliff wrote: > I don't mean any disrespect, or to step on anyone's toes, but > 'TRANSPARENT TO THE USER' is an important need that is overlooked if the > user must Telnet to a host.. Try to explain TELNET to someone (as > Dilbert would say--explain it to your boss or someone in marketing) in Telnet access can be scripted, and the script launched by an icon, clicked by a moron. You can even get clever, and have the local script check the local username, and pass that to the telnet session, in case the user can't remember who they are. Procomm and WRQ both have excellent scripting capability. I wonder if all the security on the front end of this could be bypassed by the user entering a cleardown followed by a dial command if Hayes commands are left enabled on the modem ... From owner-firewalls-list Tue Dec 2 22:04:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id VAA22913; Tue, 2 Dec 1997 21:55:47 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id VAA22845 for ; Tue, 2 Dec 1997 21:55:32 -0800 (PST) From: mht@clark.net Received: from highlander (197.new-york-10.ny.dial-access.ATT.net [12.68.9.197]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id AAA13586; Wed, 3 Dec 1997 00:58:05 -0500 Message-Id: <3.0.3.32.19971203005612.0389e4d0@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 03 Dec 1997 00:56:12 -0500 To: Anton J Aylward , Peter da Silva Subject: Re: Growing trend.. Cc: firewalls@GreatCircle.COM In-Reply-To: <3.0.32.19971202182745.00a32100@mail.the-wire.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yes, I saw that post a while back. Actually, my concern is that every one is out buying each other, and products are not being carefully tested or reviewed before release. /mht At 06:37 PM 12/2/97 -0500, Anton J Aylward wrote: >At 10:17 AM 02/12/97 -0600, Peter da Silva wrote: >## Reply Start ## > >>> Would anybody predict what is next?? :) >> >>Microsoft acquires Sun, Apple, Intel, and the US Justice Department. > >I seem to recall seeing a April Fools style press release which >stated that Microsoft had taken over the US Government. >Peter, perhaps you would like to redo your posting in that style, >and add comments about making Java Active-X compliant ;-) > >/anton > >## Reply End ## > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Tue Dec 2 22:12:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id VAA22568; Tue, 2 Dec 1997 21:49:14 -0800 (PST) Received: from perki.connect.com.au (perki.connect.com.au [192.189.54.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id VAA22541 for ; Tue, 2 Dec 1997 21:49:03 -0800 (PST) From: peter.williams@hendersons.com.au Received: from henders.UUCP (Uhenders@localhost) by perki.connect.com.au with UUCP id QAA03147 (8.8.5/IDA-1.6 for firewalls@GreatCircle.COM); Wed, 3 Dec 1997 16:52:07 +1100 (EST) Received: from porky.hendersons.com.au (porky [203.7.210.30]) by tulyar.hendersons.com.au with ESMTP id PAA02523 (8.7.6/IDA-1.6 for ); Wed, 3 Dec 1997 15:56:06 +1100 (EST) Received: (from Administrator@localhost) by porky.hendersons.com.au (8.6.9/8.6.9) id PAA00195 for firewalls@GreatCircle.COM; Wed, 03 Dec 1997 15:59:15 +1000 Date: Wed, 03 Dec 1997 15:59:15 +1000 Message-Id: <199712030559.PAA00195@porky.hendersons.com.au> Subject: RE: Building my library X-Mailer: MailNet 3.1 Apparently-To: firewalls@GreatCircle.COM Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Previously: > I was wondering if any of you could give some reccomendations on >building my computer security library. Right now, I have the most well >known books as the cornerstone of my collection: > > Essential System Administration (Frisch) Add (or replace with, as the case may be): Unix System Administration Handbook (Nemeth, Snyder, Seebass and Hein) ** An excellent read as well as a good reference** > Practicle UNIX and Internet Security (Garfinkel and Spafford) > Building Internet Firewalls (Chapman and Zwicky) Good books. Add: Cheswick and Bellovin - my old brain can't remember the actual title. (Something about tracking the wiley hacker or some such - should be the first book on your list though, IMHO...) ** Firewalls and Internet security - Repelling the wily hacker. Addison-Wesley Publishing Company - ISBN 0-201-63357-4 An excellent choice. Peter. From owner-firewalls-list Tue Dec 2 22:27:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA23471; Tue, 2 Dec 1997 22:01:58 -0800 (PST) Received: from ns.acadiacom.net (ns.acadiacom.net [206.104.52.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA23451 for ; Tue, 2 Dec 1997 22:01:50 -0800 (PST) Received: from unitedcouncil.org (unverified [209.12.219.206]) by ns.acadiacom.net (Rockliffe SMTPRA 2.1.4) with ESMTP id for ; Wed, 03 Dec 1997 00:07:28 -0600 Message-ID: <3469E15F.A81A4281@unitedcouncil.org> Date: Wed, 12 Nov 1997 12:03:28 -0500 From: Sandman Reply-To: sandman@unitedcouncil.org X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: Good Books To Read Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> Building Internet Firewalls (Chapman and Zwicky) >Good books. Add: >Cheswick and Bellovin - my old brain can't remember the actual title. >(Something about tracking the wiley hacker or some such - should be >the first book on your list though, IMHO...) " The Kucoo's Egg " written by Clifford Stall is a book about a Unix admin tracking down a hacker that was brakeing in to his computer along with other goverment computers. Its a very good book. " Take Down " is another grate book. It was written by Tsutomu Shimomura about how he tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," They even have a web page that you can visit http://www.takedown.com. As for a little history www.takedown.com web page was hacked the 1st day it was online. The hackers rename it to " Taken Down " " The Watchman ", written by Jonathan Littman is a book about the life story of Hacker Kevin Poulsen. These are all grate books to read and are all true storys. - Sandman - The United Council www.unitedcouncil.org sandman@unitedcouncil.org From owner-firewalls-list Tue Dec 2 23:17:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA05476; Tue, 2 Dec 1997 23:06:19 -0800 (PST) Received: from ns.acadiacom.net (ns.acadiacom.net [206.104.52.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA05346 for ; Tue, 2 Dec 1997 23:05:55 -0800 (PST) Received: from unitedcouncil.org (unverified [209.12.219.206]) by ns.acadiacom.net (Rockliffe SMTPRA 2.1.4) with ESMTP id for ; Wed, 03 Dec 1997 01:11:33 -0600 Message-ID: <3469F066.8FBAC7AA@unitedcouncil.org> Date: Wed, 12 Nov 1997 13:07:35 -0500 From: Sandman Reply-To: security@unitedcouncil.org X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: Good Books To Read Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> Building Internet Firewalls (Chapman and Zwicky) >Good books. Add: >Cheswick and Bellovin - my old brain can't remember the actual title. >(Something about tracking the wiley hacker or some such - should be >the first book on your list though, IMHO...) " The Kucoo's Egg " written by Clifford Stall is a book about a Unix admin tracking down a hacker that was brakeing in to his computer along with other goverment computers. Its a very good book. " Take Down " is another grate book. It was written by Tsutomu Shimomura about how he tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," They even have a web page that you can visit http://www.takedown.com. As for a little history www.takedown.com web page was hacked the 1st day it was online. The hackers rename it to " Taken Down " " The Watchman ", written by Jonathan Littman is a book about the life story of Hacker Kevin Poulsen. These are all grate books to read and are all true storys. - Sandman - The United Council http://www.unitedcouncil.org sandman@unitedcouncil.org From owner-firewalls-list Tue Dec 2 23:25:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA24706; Tue, 2 Dec 1997 22:14:04 -0800 (PST) Received: from wbsnyc2.wbs.com ([205.136.174.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA24655 for ; Tue, 2 Dec 1997 22:13:46 -0800 (PST) Received: from unitedcouncil.org (pppc206.gatormail.com [209.12.219.206]) by wbsnyc2.wbs.com (8.8.7/8.8.7) with SMTP id BAA14201 for ; Wed, 3 Dec 1997 01:06:04 -0500 (EST) Received: from unitedcouncil.org by unitedcouncil.orgwith smtp (Smail3.1.29.1 #3) id f3kethN-1800LDL; Wed, 12 Nov97 12:15:22 PAT Message-Id: <988602043423.DLS30157@unitedcouncil.org> X-Mailer: Elm 2.4 (unix) Date: Wed, 12 Nov 1997 12:15:22 PAT To: firewalls@GreatCircle.COM From: security@unitedcouncil.org Subject: Good Books To Read Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> Building Internet Firewalls (Chapman and Zwicky) >Good books. Add: >Cheswick and Bellovin - my old brain can't remember the actual title. >(Something about tracking the wiley hacker or some such - should be >the first book on your list though, IMHO...) " The Kucoo's Egg " written by Clifford Stall is a book about a Unix admin tracking down a hacker that was brakeing in to his computer along with other goverment computers. Its a very good book. " Take Down " is another grate book. It was written by Tsutomu Shimomura about how he tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," They even have a web page that you can visit http://www.takedown.com. As for a little history www.takedown.com web page was hacked the 1st day it was online. The hackers rename it to " Taken Down " " The Watchman ", written by Jonathan Littman is a book about the life story of Hacker Kevin Poulsen. These are all grate books to read and are all true storys. - Sandman - The United Council www.unitedcouncil.org sandman@unitedcouncil.org From owner-firewalls-list Wed Dec 3 00:34:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA13875; Tue, 2 Dec 1997 23:46:13 -0800 (PST) Received: from fw4.tns.co.za (fw4.tns.co.za [196.4.160.32]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA10237 for ; Tue, 2 Dec 1997 23:25:33 -0800 (PST) Received: by fw4.tns.co.za; id JAA03996; Wed, 3 Dec 1997 09:28:36 +0200 (SAT) Received: from unknown(89.0.14.20) by fw4.tns.co.za via smap (V3.1.1) id xma003977; Wed, 3 Dec 97 09:28:19 +0200 Received: from billyv.vslabs.co.za ([89.0.4.243]) by mail.medscheme.co.za (8.8.4/8.8.4) with SMTP id HAA02420 for ; Wed, 3 Dec 1997 07:54:44 +0200 From: "Billy Verreynne" To: Subject: Re: Growing trend.. Date: Wed, 3 Dec 1997 08:26:49 +0200 Message-ID: <01bcffb4$6fd41f20$f3040059@billyv.vslabs.co.za> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hiroshima '45 Chernobyl '86 Windows '95 need we say more? ;-) Billy From owner-firewalls-list Wed Dec 3 00:43:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA08492; Tue, 2 Dec 1997 23:18:58 -0800 (PST) Received: from upshield.uniq.com.au (upstop.uniq.com.au [192.195.152.113]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA08219 for ; Tue, 2 Dec 1997 23:18:10 -0800 (PST) Received: (from smtp@localhost) by upshield.uniq.com.au id SAA07329 (8.8.7/IDA-1.6 for ); Wed, 3 Dec 1997 18:21:21 +1100 (EST) Received: from upshoo.uniq.com.au(192.195.152.130), claiming to be "upserv.uniq.com.au" via SMTP by upshield.uniq.com.au, id smtpdAAAa001mV; Wed Dec 3 18:21:18 1997 Received: from basil.uniq.com.au (basil.uniq.com.au [192.168.3.1]) by upserv.uniq.com.au with ESMTP id SAA09287 (8.8.5/IDA-1.6 for ); Wed, 3 Dec 1997 18:21:15 +1100 (EST) Received: (from pauline@localhost) by basil.uniq.com.au id SAA29437 (8.8.5/IDA-1.6 for firewalls@GreatCircle.COM); Wed, 3 Dec 1997 18:20:54 +1100 (EST) Date: Wed, 3 Dec 1997 18:20:54 +1100 (EST) From: Pauline van Winsen - Uniq Professional Services Message-ID: <199712030720.SAA29437@basil.uniq.com.au> To: firewalls@GreatCircle.COM Subject: RE: Building my library Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: FAf9yIAeXE3lDJ6ZLOMbvA== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Practicle UNIX and Internet Security (Garfinkel and Spafford) > > Building Internet Firewalls (Chapman and Zwicky) i generally think all o'reilly books are good value, the latest by garfinkel & spafford: web security & commerce, gels a lot of info. on certificates, encryption, active content & web server security. ISBN: 1-56592-269-7 for a very different perspective - try underground - by suelette dreyfuss. my copy has been borrowed, but a quick look in amazon.com will find the gory details. hope this helps, pauline Pauline van Winsen pauline@uniq.com.au Uniq Professional Services Pty Ltd www.uniq.com.au PO Box 70, Paddington, NSW 2021, (Sydney) Australia Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000 "One important point often overlooked is that colours should be selected so that they will not clash with your own personal colouring. After all, you will be living in the house & each room must provide a suitable background for you." Home decorating - Introduction, Woman's World, circa 1964. From owner-firewalls-list Wed Dec 3 01:46:33 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA08750; Tue, 2 Dec 1997 23:19:46 -0800 (PST) Received: from cih-gw.cih.com (cih-gw.cih.com [204.69.206.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA08363 for ; Tue, 2 Dec 1997 23:18:35 -0800 (PST) Received: (from mail@localhost) by cih-gw.cih.com (8.7.6/8.6.9) id CAA28453; Wed, 3 Dec 1997 02:25:26 -0500 X-Authentication-Warning: cih-gw.cih.com: mail set sender to using -f Received: from cih-gw.cih.com(204.69.206.1) via SMTP by cih-gw.cih.com, id smtpd28451aaa; Wed Dec 3 07:25:21 1997 Date: Wed, 3 Dec 1997 02:25:21 -0500 (EST) From: "Craig I. Hagan" Reply-To: hagan@cih.com To: mht@clark.net cc: Anton J Aylward , Peter da Silva , firewalls@GreatCircle.COM, ping@cih.com Subject: Re: Growing trend.. In-Reply-To: <3.0.3.32.19971203005612.0389e4d0@pop3.clark.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Actually, my concern is that every one is out buying each other, and > products are not being carefully tested or reviewed before release. hmm. I'd add three things to to that. First: IMHO, there is a large focus [particularly] in the fw/security system arena towards filling out marketing checkoffs and other features whicn increase the complexity of the product rather than creating systems which easily and accurately solves the customers needs. Second: QA seems to be declining at about the same rate that code is bloating. This is doubly frightening as this seems to tell me that bugs per kloc are increasing exponentially. I've a bad feeling that companies are trying to shovel software out to the market and are concentrating so much on the feature/time side of the equation that they don't mind that quality slips (F*T*Q = const). This agrees very much with what mark is saying, and (sigh) with the crap that i'm about to spew below :) Third: Another other `trend' which is, unfortunately, growing: pre-announcing what you think you might do in the next [few] release[s] of product (vaporware). I've seen this used a lot by certain 'established' software companies in an effort to either protect their turf from others, or to destabalize the competition. I've been saddened to see that this has gone from exageration with some outright BS (from companies known to BS) to a race to see who can come up with the best tall tale of them all. You'd think that Scott Adams' fictitious corporation was generating the marketing plans. example: suppose one was in a concentrating on creating a network product which provided service X. Suppose that SUN hinted that it was considering adding X to be integrated into solaris 2.x+1. Many potential customers which have long purchase cycles (e.g. large companies) would delay even further to see suns offering. If your company was small enough, the perturbation in the cash flow could be enough to sink it, even should sun decide that it wasn't going to implement X after all. Hey, as long as i'm climbing towards the 1+K mark, i'll add in even more verbal spewage :) I've a feeling that the industry has a good shot of hitting a crossroads. If the job market continues at its current pace, the value of having superlative people and managers will make and break companies much like the NE patriots when they lost parcells. [SO?! we new that] I think (hope?) that a fundamental change will take place in how companies manage their people. by fundamental, i mean something similar to how the industrial revolution completely changed the way that labor was percieved. Currently people are seen as replacables, and the computers are capital assets to be zealously guarded. As everyone in hot tech markets knows, companies who think like that can quickly run out of top notch engineering staff :) I'd like to see some sort of analysis of mainline rags/mags talking about intellectual capital over time. I've a feeling that as the security industry blooms (and screams "YOU FOOLS!!!") this issue will be more rapidly brought into the limelight since security inherently deals with where the real assets of the company lie and how to manage the risk inherent with posessing them. I'm also waiting for bona fide lawsuits involving a company being sued for deliberately attacking/disabling/whatevering a competetors computer/network/whatever infrastructure to gain competetive advantage. [i wonder if the on-line investing companies may see this first] The other is a person/country being nailed for using data communication networks to conduct hostile activities against a foreign power. Sort of a bona fide information war (hot war, cold war, bit war). I'm not thinking hacking, i'm thinking bona fide national policy to have people/mercenaries brought in to deliberaty wreak havoc on the target sovereign. > >I seem to recall seeing a April Fools style press release which > >stated that Microsoft had taken over the US Government. > >Peter, perhaps you would like to redo your posting in that style, > >and add comments about making Java Active-X compliant ;-) would inactive-X be the new gov't standard? -- craig ------------------------------------------------------------------------------- Craig I. Hagan "It's a small world, but I wouldn't want to back it up" hagan(at)cih.com "True hackers don't die, their ttl expires" "It takes a village to raise an idiot, but an idiot can raze a village" Stop the spread of spam, use a sendmail condom! http://www.cih.com/~hagan/smtpd-hacks From owner-firewalls-list Wed Dec 3 02:48:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA01756; Tue, 2 Dec 1997 22:51:41 -0800 (PST) Received: from mandarin.rz.hu-berlin.de (mandarin.rz.hu-berlin.de [141.20.3.149]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA01715 for ; Tue, 2 Dec 1997 22:51:31 -0800 (PST) Received: (from mail@localhost) by mandarin.rz.hu-berlin.de (8.8.5/8.8.5) id HAA01564; Wed, 3 Dec 1997 07:54:40 +0100 Message-Id: <199712030654.HAA01564@mandarin.rz.hu-berlin.de> X-Authentication-Warning: mandarin.rz.hu-berlin.de: mail set sender to using -f Received: from localhost(127.0.0.1) by mandarin.rz.hu-berlin.de via smap (X.X) id xma001557; Wed, 3 Dec 97 07:54:22 +0100 X-Mailer: exmh version 2.0zeta 7/24/97 To: List_Mail@vsebav.com (List_Mail) Cc: firewalls@GreatCircle.COM Subject: Re: Seesion Wall-3 In-Reply-To: Your message of "Tue, 02 Dec 1997 12:38:54 EST." <48447F50.@vsebav.com> X-Url: http://www.hu-berlin.de/~h0271cbj/ Organization: data center of Humboldt university, Berlin From: Alexander Geschonneck Reply-To: geschonneck@rz.hu-berlin.de Date: Wed, 03 Dec 1997 07:54:21 +0100 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- > article on Session Wall-3, a firewall that you can place inside th= e = > internal network. It's both a network monitor and a firewall. Do= es = You should not use this tool as a firewall solution. It=B4s only a = monitor, but very powerfull. = First you have to protect the monitor machine itself, because it runs wit= h Win95 or NT ;-) Alexander Geschonneck - ----------------------------------------------------------------- data center of Humboldt-Universitaet zu Berlin Unter den Linden 6,10099 Berlin-Germany, Phone: +49-30-2093 2482 PGP key via http://www.hu-berlin.de/~h0271cbj/mykey.html or any keyserver - ----------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCVAwUBNIUCHeEyPj9c+UxxAQHN/gQArdHFi1M+iPVBTRTr/TWVaEWt1l1/XciN 0xkS5blx3wTTpfM5fgFShUq9sPqoBTwxQOHB007Gt5QNZ1M685SeQYt34kwtq5Qi nAYeAKGvVBNzZN5Mj6vJWUx+s3UlOsFZRCALj0EDcB+IEje4uGUUQRucWADsYzgQ nmD6hNjwCWk= =AaeR -----END PGP SIGNATURE----- From owner-firewalls-list Wed Dec 3 03:09:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA03441; Tue, 2 Dec 1997 22:57:47 -0800 (PST) Received: from mandarin.rz.hu-berlin.de (mandarin.rz.hu-berlin.de [141.20.3.149]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA03360 for ; Tue, 2 Dec 1997 22:57:30 -0800 (PST) Received: (from mail@localhost) by mandarin.rz.hu-berlin.de (8.8.5/8.8.5) id IAA01604; Wed, 3 Dec 1997 08:00:40 +0100 Message-Id: <199712030700.IAA01604@mandarin.rz.hu-berlin.de> X-Authentication-Warning: mandarin.rz.hu-berlin.de: mail set sender to using -f Received: from localhost(127.0.0.1) by mandarin.rz.hu-berlin.de via smap (X.X) id xma001598; Wed, 3 Dec 97 08:00:20 +0100 X-Mailer: exmh version 2.0zeta 7/24/97 To: richard@kokoro.com Cc: firewalls@GreatCircle.COM Subject: Re: Securing a Linux Kernel In-Reply-To: Your message of "Tue, 02 Dec 1997 20:53:18 EST." X-Url: http://www.hu-berlin.de/~h0271cbj/ Organization: data center of Humboldt university, Berlin From: Alexander Geschonneck Reply-To: geschonneck@rz.hu-berlin.de Date: Wed, 03 Dec 1997 08:00:20 +0100 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- > That, in essence, is my question. I'd like to set up a Linux system as a > firewall, and want to know what kernel options should be disabled to make > a secure (and stable!) system. As a packet screen or as a bastion host? There is are some good FAQs about these questions: Summaries: http://www.wmd.de/wmd/staff/pauck/misc/fwtk_on_linux.html Linux firewall/proxy HOWTO: http://sunsite.unc.edu:80/pub/Linux/docs/HOWTO/Firewall-HOWTO Alexander Geschonneck - ----------------------------------------------------------------- data center of Humboldt-Universitaet zu Berlin Unter den Linden 6,10099 Berlin-Germany, Phone: +49-30-2093 2482 PGP key via http://www.hu-berlin.de/~h0271cbj/mykey.html or any keyserver - ----------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3i Charset: noconv iQCUAwUBNIUDg+EyPj9c+UxxAQHqvQP2J9RKOrFsivFDG6Bi6qbylIN7j6CHBQEe JwC2DG0vqz7ZTlRL/F0/4qRU9N2evcvjsaFAwH4CMtYtEuqhxsGw7U9JAE8Yw0X0 qwufKtxf1PMhdhgXo1xiJSBGNPltkxALqzht6yY/YFb0dpKffVk+JEoJweUCV+f6 j+Zir057Ig== =8Pm3 -----END PGP SIGNATURE----- From owner-firewalls-list Wed Dec 3 03:35:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA25734; Tue, 2 Dec 1997 22:22:22 -0800 (PST) Received: from dfw-ix2.ix.netcom.com (dfw-ix2.ix.netcom.com [206.214.98.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA25696 for ; Tue, 2 Dec 1997 22:22:11 -0800 (PST) Received: (from smap@localhost) by dfw-ix2.ix.netcom.com (8.8.4/8.8.4) id AAA03667; Wed, 3 Dec 1997 00:25:16 -0600 (CST) Received: from lax-ca39-45.ix.netcom.com(205.184.226.173) by dfw-ix2.ix.netcom.com via smap (V1.3) id rma003654; Wed Dec 3 00:24:54 1997 Received: by localhost with Microsoft MAPI; Tue, 2 Dec 1997 22:21:39 -0800 Message-ID: <01BCFF70.A8E548F0@bealls@ix.netcom.com> From: Eric Schultze To: "'list_mail@vsebav.com'" Cc: "'firewalls@greatcircle.com'" Subject: session wall 3 Date: Tue, 2 Dec 1997 22:21:33 -0800 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4025 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've done a bunch of testing with SW3. I can't remember which SW version NT magazine reviewed. The current version, 1.2, has some pretty good stuff. They have added a number of intrusion detection features, though these are not nearly as advanced as RealSecure or NFR. The SW product is a nice tool to use IN ADDITION TO a firewall mechanism. It is not a true firewall in any sense of the word, nor do they try and market it that way. Yes, they do have a "blocker" mechanism, but this is not the same as an application or packet-filtering firewall. This software works on a single-homed machine and views all the packets as they pass on the segment. In this capacity, it provides a good snapshot of the activity that you are filtering for. It is very easy from the point-and-click perspective, and can be used to easily generate reports of web-usage, etc. Because it views all packets, then analyzes them, it provides "after the fact" reporting. If it notices something that should be "blocked", it spoofs resets from both the source and destination addresses to kill the connection. This does not necessarily say that the initial packet will be stopped from making it to its destination. Another factor to consider, if the SW machine gets backed up or overloaded with traffic, it may stop capturing images of all the packets. Worse yet, if you are using SW3 as a firewall and the box goes down, the network is unprotected. It works very nice as a tool in addition to your regular collection of firewall and monitoring mechanisms. The reporting capabilities, ease of use, and the ability for it to parse the packets and present images of web pages, emails (and passwords), etc. are nice features for a non-technical admin. It becomes an easier to understand tool than net x-ray for packet sniffing, etc. and it has some neat packet filtering customization features - very easy to use... but please, do not consider this product as a single firewall solution. --e From owner-firewalls-list Wed Dec 3 03:42:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id CAA19918; Wed, 3 Dec 1997 02:33:44 -0800 (PST) Received: from cicese.cicese.mx (cicese.cicese.mx [158.97.1.33]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id CAA19890 for ; Wed, 3 Dec 1997 02:33:35 -0800 (PST) Received: from prisma.cicese.mx by cicese.cicese.mx (4.1/SMI-4.1) id AA05515; Wed, 3 Dec 97 02:36:45 PST Received: from fisicas.cicese.mx by prisma.cicese.mx (SMI-8.6/SMI-SVR4) id CAA07518; Wed, 3 Dec 1997 02:28:29 -0800 Received: by fisicas.cicese.mx (4.1/SMI-4.1) id AA27052; Wed, 3 Dec 97 02:36:43 PST Date: Wed, 3 Dec 1997 02:36:43 -0800 (PST) From: Humberto Chavez Gomez To: Firewalls@GreatCircle.COM Subject: dinamics filtering rules. Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Hello people! Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone could explaid me if exist a form that I can filter packets in a firewall in a dinamic form. I need the rules change if a situation is presented. Or anyone can tell me if it is possible or not. Regards and thanks in advance. Hubert. From owner-firewalls-list Wed Dec 3 04:29:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA04018; Wed, 3 Dec 1997 03:46:20 -0800 (PST) Received: from europa.lif.icnet.uk (europa.lif.icnet.uk [143.65.100.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id DAA27658 for ; Wed, 3 Dec 1997 03:17:06 -0800 (PST) From: harley@icrf.icnet.uk Message-Id: <199712031117.DAA27658@honor.greatcircle.com> Received: by europa.lif.icnet.uk; Wed, 3 Dec 1997 11:20:29 GMT Subject: re: Building my library To: firewalls@greatcircle.com Date: Wed, 3 Dec 1997 11:20:29 +0000 (GMT) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Hi everyone.. > I was wondering if any of you could give some reccomendations on > building my computer security library. Right now, I have the most well > known books as the cornerstone of my collection: > > Essential System Administration (Frisch) > Internet Security Professional Reference (Hare, et. al) > Internet Firewalls and Network Security (Siyan and Hare) > Practicle UNIX and Internet Security (Garfinkel and Spafford) > Building Internet Firewalls (Chapman and Zwicky) > With some of the other suggestions that have been made, sounds like a promising start. Another I quite like is "Security in Computing" 2nd ed. by Charles P. Pfleeger. Other suggestions would probably depend on your main areas of interest. I'd suggest some reading round viruses, which usually get the weakest treatment in books by virus non-specialists. Robert Slade's book (Springer) is still one of the best (most accurate), though beginner to intermediate rather than advanced. Unfortunately all the better books in this area are showing their age (so are most of the dross, mind you....) > I'd appreciate any other reccomendations (books, magazines, etc) that > would expand on the basics. Elsevier have a number of relevant publications, notably Computers and Security. Again, often weak on virus matters: the authorative mag. in that area is still Virus Bulletin. Secure Computing is generally sound though. www.elsevier.nl www.virusbtn.com www.westcoast.com And don't forget Information Security Bulletin (infosec@idiscover.co.uk) > Also, I would like reccomendations on UNIX > Scripting books..I have found only two around, any reccomendations in that > are also gratefully accepted. > I still get lots of use from my ancient copy of Unix Shell Programming (Kochan & Wood - Hayden Books). Bill Rosenblatt wrote a book for O'Reilly on Learning the Korn Shell which goes a fair way beyond basics. These days you really need to spend some time with perl etc., though. -- David Harley | alt.comp.virus FAQ D.Harley@icrf.icnet.uk | & Anti-Virus Web Page Support & Security Analyst | Folk London On-Line gig-list Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/ From owner-firewalls-list Wed Dec 3 04:29:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA07171; Wed, 3 Dec 1997 01:38:22 -0800 (PST) Received: from voland.freenet.bishkek.su (voland.freenet.bishkek.su [193.125.230.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA07124 for ; Wed, 3 Dec 1997 01:38:02 -0800 (PST) Received: from freenet.bishkek.su (fygrave@freenet.bishkek.su [193.125.230.1]) by voland.freenet.bishkek.su (8.8.4/8.8.4) with ESMTP id OAA03438; Wed, 3 Dec 1997 14:43:36 +0500 Received: (from fygrave@localhost) by freenet.bishkek.su (8.8.4/8.6.12) id OAA10852; Wed, 3 Dec 1997 14:43:08 +0600 Date: Wed, 3 Dec 1997 14:43:07 +0600 (GMT+0500) From: Fyodor Reply-To: fygrave@usa.net To: Gabriel Dura cc: "'firewalls mailing list'" Subject: Re: SOCKS compliant programming In-Reply-To: <199711261508.HAA20260@geocities.com> Message-ID: X-lummer: Bill Gates MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Hi everybody!! > > Can anyone point me to a very good guide for writing secure socket > and/or socks compliant Windows applications? > > Than you very much, > Gabriel Hmmm.. speacking about sockets, are there any developmnet tools for programming sockets for Windows (nt/95) on C? it would be cool if there are any which support POSIX/BSD standard. But.. surelly M$ would develop their own. They love such things..:( --- Fyodor Yarochkin email:fygrave@usa.net http://www.tigerteam.net/linuxgroup/ tel:(3312) 474465 "Optima philosophia et sapientia est meditatio mortis." From owner-firewalls-list Wed Dec 3 04:31:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA08450; Wed, 3 Dec 1997 01:46:46 -0800 (PST) Received: from voland.freenet.bishkek.su (voland.freenet.bishkek.su [193.125.230.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA03860 for ; Wed, 3 Dec 1997 01:23:08 -0800 (PST) Received: from freenet.bishkek.su (fygrave@freenet.bishkek.su [193.125.230.1]) by voland.freenet.bishkek.su (8.8.4/8.8.4) with ESMTP id OAA03166; Wed, 3 Dec 1997 14:28:34 +0500 Received: (from fygrave@localhost) by freenet.bishkek.su (8.8.4/8.6.12) id OAA10392; Wed, 3 Dec 1997 14:28:07 +0600 Date: Wed, 3 Dec 1997 14:28:07 +0600 (GMT+0500) From: Fyodor Reply-To: fygrave@usa.net To: Jason Terwilliger cc: firewalls@GreatCircle.COM Subject: Re: Building my library In-Reply-To: Message-ID: X-lummer: Bill Gates MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Essential System Administration (Frisch) > Internet Security Professional Reference (Hare, et. al) > Internet Firewalls and Network Security (Siyan and Hare) > Practicle UNIX and Internet Security (Garfinkel and Spafford) > Building Internet Firewalls (Chapman and Zwicky) check www.rootshell.com, they have some nice .ps documents regarding firewalls and security in general. By the way, I have "Firewalls And internet Security" by W. Cheswick and S. Bellowen. Not bad book.. another one is "Practical Unix Security" by O'relly. Old, but good.. --- Fyodor Yarochkin email:fygrave@usa.net http://www.tigerteam.net/linuxgroup/ tel:(3312) 474465 "Optima philosophia et sapientia est meditatio mortis." From owner-firewalls-list Wed Dec 3 04:33:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA06610; Wed, 3 Dec 1997 01:35:34 -0800 (PST) Received: from voland.freenet.bishkek.su (voland.freenet.bishkek.su [193.125.230.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA06311 for ; Wed, 3 Dec 1997 01:33:48 -0800 (PST) Received: from freenet.bishkek.su (fygrave@freenet.bishkek.su [193.125.230.1]) by voland.freenet.bishkek.su (8.8.4/8.8.4) with ESMTP id OAA03318; Wed, 3 Dec 1997 14:38:46 +0500 Received: (from fygrave@localhost) by freenet.bishkek.su (8.8.4/8.6.12) id OAA10687; Wed, 3 Dec 1997 14:38:17 +0600 Date: Wed, 3 Dec 1997 14:38:17 +0600 (GMT+0500) From: Fyodor Reply-To: fygrave@usa.net To: Brad cc: Peter da Silva , firewalls@GreatCircle.COM Subject: [off-topic]Re: Growing trend.. In-Reply-To: <199712021949.OAA20051@freedom.gmsociety.org> Message-ID: X-lummer: Bill Gates MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Microsoft acquires Church of Scientology, and the Mormon Church, and promptly disolves both as being non-compatible with WindowsNT. > > Microsoft aquires rights to Branch Davidion label for its new line of firewalls. > > Microsoft goes straightto the source, acquires God......God 2.0, with service packs will ba available in late '98. speaking about M$, if you haven't heard B.Gates was visiting Russia this authumn, where he had meeting with russian president, and , AFAIK, they subscribed some kind of agreenement for watching M$ copyright over Russia area. Crazy, if presidents would keep meeting with such dudes, where this world could go? or the saying "everything could be bought for money, the matter is the sum" is true after all.. Sorry for slightly off-topic message.. From owner-firewalls-list Wed Dec 3 05:24:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA24707; Tue, 2 Dec 1997 22:14:06 -0800 (PST) Received: from dfw-ix3.ix.netcom.com (dfw-ix3.ix.netcom.com [206.214.98.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA24548 for ; Tue, 2 Dec 1997 22:11:51 -0800 (PST) Received: (from smap@localhost) by dfw-ix3.ix.netcom.com (8.8.4/8.8.4) id AAA12388; Wed, 3 Dec 1997 00:14:51 -0600 (CST) Received: from lax-ca19-01.ix.netcom.com(204.31.253.33) by dfw-ix3.ix.netcom.com via smap (V1.3) id rma012060; Wed Dec 3 00:11:12 1997 Received: by localhost with Microsoft MAPI; Tue, 2 Dec 1997 22:07:49 -0800 Message-ID: <01BCFF6E.BA7A3D70@bealls@ix.netcom.com> From: Eric Schultze To: "'list_mail@vsebav.com'" Cc: "'firewalls@greatcircle.com'" Subject: session wall 3 Date: Tue, 2 Dec 1997 22:07:48 -0800 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4025 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've done a bunch of testing with SW3. I can't remember which SW version NT magazine reviewed. The current version, 1.2, has some pretty good stuff. They have added a number of intrusion detection features, though these are not nearly as advanced as RealSecure or NFR. The SW product is a nice tool to use IN ADDITION TO a firewall mechanism. It is not a true firewall in any sense of the word, nor do they try and market it that way. Yes, they do have a "blocker" mechanism, but this is not the same as an application or packet-filtering firewall. This software works on a single-homed machine and views all the packets as they pass on the segment. In this capacity, it provides a good snapshot of the activity that you are filtering for. It is very easy from the point-and-click perspective, and can be used to easily generate reports of web-usage, etc. Because it views all packets, then analyzes them, it provides "after the fact" reporting. If it notices something that should be "blocked", it spoofs resets from both the source and destination addresses to kill the connection. This does not necessarily say that the initial packet will be stopped from making it to its destination. Another factor to consider, if the SW machine gets backed up or overloaded with traffic, it may stop capturing images of all the packets. Worse yet, if you are using SW3 as a firewall and the box goes down, the network is unprotected. It works very nice as a tool in addition to your regular collection of firewall and monitoring mechanisms. The reporting capabilities, ease of use, and the ability for it to parse the packets and present images of web pages, emails (and passwords), etc. are nice features for a non-technical admin. It becomes an easier to understand tool than net x-ray for packet sniffing, etc. and it has some neat packet filtering customization features - very easy to use... but please, do not consider this product as a single firewall solution. --e From owner-firewalls-list Wed Dec 3 05:43:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id EAA14317; Wed, 3 Dec 1997 04:29:26 -0800 (PST) Received: from mail.the-wire.com (mail.the-wire.com [198.53.192.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id EAA14270 for ; Wed, 3 Dec 1997 04:29:11 -0800 (PST) Received: from anton.the-wire.com (anton.the-wire.com [205.206.32.227]) by mail.the-wire.com (8.8.8/8.8.8) with SMTP id HAA01115; Wed, 3 Dec 1997 07:31:16 -0500 (EST) Message-Id: <3.0.32.19971203072551.009e5550@mail.the-wire.com> X-Sender: anton@mail.the-wire.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 03 Dec 1997 07:34:20 -0500 To: security@unitedcouncil.org, firewalls@GreatCircle.COM From: Anton J Aylward Subject: Re: Good Books To Read Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk More in the style of "Takedown" than "Cuckoo's Egg": @Large Freedman & Mann /anton From owner-firewalls-list Wed Dec 3 05:53:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA25706; Wed, 3 Dec 1997 05:20:01 -0800 (PST) Received: from c2smtp.herrmann.de ([194.95.204.134]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id FAA25553 for ; Wed, 3 Dec 1997 05:19:31 -0800 (PST) Received: from rfhcip124.fh-regensburg.de (194.95.106.124) by c2smtp.herrmann.de (Connect2-SMTP 4.30.b8C.0000622) for ; Wed, 3 Dec 1997 14:22:31 +0100 Message-ID: <34855D37.2094@teleconsult.de> Date: Wed, 03 Dec 1997 14:23:03 +0100 From: Mario Muehlbauer X-Mailer: Mozilla 3.04Gold (Win16; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Re: Firewall choice References: <199712030259.SAA24601@honor.greatcircle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Think of Firewall-1 on NT as choice! Firewall-1 can manage Cisco Router. So I think this is the best and most secure anser for this firm. Mario Muehlbauer From owner-firewalls-list Wed Dec 3 06:13:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA23067; Wed, 3 Dec 1997 05:08:12 -0800 (PST) Received: from bsd.synx.com (rt.synx.com [194.167.81.239]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id FAA22974 for ; Wed, 3 Dec 1997 05:07:50 -0800 (PST) Received: from s3.synx.com (s3 [192.1.1.247]) by bsd.synx.com (8.6.12/8.6.12) with SMTP id OAA04982; Wed, 3 Dec 1997 14:13:36 +0100 Received: from rs1 by s3.synx.com id aa10409; 3 Dec 97 14:00 GMT Date: Wed, 3 Dec 1997 14:54:42 -0100 (GMT) From: Remy NONNENMACHER To: fygrave@usa.net cc: Brad , Peter da Silva , firewalls@greatcircle.com Subject: Re: [off-topic]Re: Growing trend.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 3 Dec 1997, Fyodor wrote: > > > > Microsoft acquires Church of Scientology, and the Mormon Church, and promptly disolves both as being non-compatible with WindowsNT. > > > > Microsoft aquires rights to Branch Davidion label for its new line of firewalls. > > > > Microsoft goes straightto the source, acquires God......God 2.0, with service packs will ba available in late '98. >.... > area. Crazy, if presidents would keep meeting with such dudes, where this > world could go? or the saying "everything could be bought for money, the > matter is the sum" is true after all.. > May be world is *allready* running under God2.0 Alpha release (with M$ special enhancements) !! From owner-firewalls-list Wed Dec 3 06:39:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id CAA17948; Wed, 3 Dec 1997 02:24:40 -0800 (PST) Received: from relay1.cie-bancaire.fr (relay1.cie-bancaire.fr [194.250.154.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id CAA17924 for ; Wed, 3 Dec 1997 02:24:31 -0800 (PST) Received: from mail (localhost [127.0.0.1]) by relay1.cie-bancaire.fr (0.9/8.8.5) with SMTP id LAA24238; Wed, 3 Dec 1997 11:30:29 GMT Message-ID: <34854177.52A@cie-bancaire.fr> Date: Wed, 03 Dec 1997 11:24:39 +0000 From: sebastien Villain Organization: Compagnie Bancaire X-Mailer: Mozilla 3.01 (X11; I; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: Jon Stitzel CC: firewalls@GreatCircle.COM Subject: Re: Gauntlet console References: <3.0.2.32.19971202160914.007a6b20@mr.malmstrom.af.mil> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Jon Stitzel wrote: > > I'm in the process of testing a Gauntlet Firewall (v4.0) for my network > and was wondering if there is any way to connect an admin console directly > to the firewall via serial? I've got the Gauntlet on a Sparc20 running > Solaris v2.5.1 and the admin machine is a pc running Win95. > I've looked through all the FAQs I could find, but no luck. Has anyone > heard of this arrangement being possible? -- I'd don't know if it's possible to use the Serial port to connect directly a Gauntlet console, but I think it should be possible to use SLIP (or PPP) to create a network on your serial ports, and then just use IP beetween the Firewall and the console. (Do you try to manage your Firewall from your home, with a modem, then I hope the connection beetween the Gauntlet FW and the admin console is very secure....) Sebastien Villain (SEMA GROUP FRANCE) svillain@cie-bancaire.fr From owner-firewalls-list Wed Dec 3 07:19:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA24839; Wed, 3 Dec 1997 03:00:54 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA24648 for ; Wed, 3 Dec 1997 03:00:06 -0800 (PST) Received: from relay1.cie-bancaire.fr by mycroft.GreatCircle.COM (8.8.5/SMI-4.1/Brent-970426) id CAA24314; Wed, 3 Dec 1997 02:45:34 -0800 (PST) Received: from mail (localhost [127.0.0.1]) by relay1.cie-bancaire.fr (0.9/8.8.5) with SMTP id LAA24437; Wed, 3 Dec 1997 11:48:35 GMT Message-ID: <348545B5.4F7D@cie-bancaire.fr> Date: Wed, 03 Dec 1997 11:42:45 +0000 From: sebastien Villain Organization: Compagnie Bancaire X-Mailer: Mozilla 3.01 (X11; I; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: "Stout, William" CC: Firewalls@GreatCircle.COM Subject: Re: Is OS Vulnerable w/ FW-1? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Stout, William wrote: > > > ----- Original Message ----- > > From: William Cooper [SMTP:cooper@io.com] > > Sent: Saturday, November 29, 1997, 1:52:38 > > To: Stout, William > > Subject: Is OS Vulnerable w/ FW-1? > > > > Hello- > > I've heard it said that Check Point's Firewall-1 runs in such a way that > > the OS is not vulnerable, or the Firewall is not subject to > > vulnerabilities that exist in the operating system itself. I'm hoping > But what happens when the Firewall Crash, or when you stop it (just to do your logswitch for example). In fact, Unix system should be easier to protect (remooving all servers) than NT (Does anyone knows all opened tcp/udp ports ? Mr Bill ???). Sebastien Villain (SEMA GROUP FRANCE) svillain@cie-bancaire.fr -- From owner-firewalls-list Wed Dec 3 08:47:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA21267; Wed, 3 Dec 1997 07:10:24 -0800 (PST) Received: from keymaster.rnb.com (keymaster.rnb.com [204.178.81.14]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA21101 for ; Wed, 3 Dec 1997 07:09:49 -0800 (PST) Comments: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comments: Internet Message: Sender identity is not verified. Comments: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Received: By keymaster.rnb.com via smap (3.2) id xma001552; Wed, 3 Dec 97 10:12:28 -0500 Message-ID: X-Mailer: XFMail 1.2-beta-111797 [p0] on Solaris X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <3.0.2.32.19971202160914.007a6b20@mr.malmstrom.af.mil> Date: Wed, 03 Dec 1997 10:12:26 -0500 (EST) Organization: Republic National Bank From: Ken Kempster To: Jon Stitzel Subject: RE: Gauntlet console Cc: firewalls@GreatCircle.COM Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On 02-Dec-97 Jon Stitzel wrote: > I'm in the process of testing a Gauntlet Firewall (v4.0) for my network > and was wondering if there is any way to connect an admin console directly > to the firewall via serial? I've got the Gauntlet on a Sparc20 running > Solaris v2.5.1 and the admin machine is a pc running Win95. > I've looked through all the FAQs I could find, but no luck. Has anyone > heard of this arrangement being possible? In the docs, it states that you can't run the Gauntlet GUI on the same box as the Gauntlet Firewall. But you can still use the gauntlet-admin menu based utility. > |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Ken Kempster kempster@monarch.rnb.com | | Systems Consultant _\|/_ | | Republic National Bank (o o) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOO-(_)-OOo~~~~~~~~~~~~~~ From owner-firewalls-list Wed Dec 3 08:50:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA09065; Wed, 3 Dec 1997 08:32:22 -0800 (PST) Received: from xfrsparc.tic.com (xfrsparc.tic.com [206.225.55.37]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA09047 for ; Wed, 3 Dec 1997 08:32:13 -0800 (PST) Received: from casa-pc.tic.com by xfrsparc.tic.com (8.8.8/xfrsparc.1.3) id KAA03085; Wed, 3 Dec 1997 10:35:25 -0600 (CST) Received: from casa-pc.tic.com by casa-pc.tic.com (8.8.7/sub.1.6) id KAA02132; Wed, 3 Dec 1997 10:35:24 -0600 Message-Id: <199712031635.KAA02132@casa-pc.tic.com> To: firewalls@greatcircle.com Subject: Re: Gauntlet console In-reply-to: Your message of "Wed, 03 Dec 1997 11:24:39 GMT." <34854177.52A@cie-bancaire.fr> Date: Wed, 03 Dec 1997 10:35:24 -0600 From: Smoot Carl-Mitchell Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> I'm in the process of testing a Gauntlet Firewall (v4.0) for my network >> and was wondering if there is any way to connect an admin console directly >> to the firewall via serial? I've got the Gauntlet on a Sparc20 running >> Solaris v2.5.1 and the admin machine is a pc running Win95. >> I've looked through all the FAQs I could find, but no luck. Has anyone >> heard of this arrangement being possible? > >-- > >I'd don't know if it's possible to use the Serial port to connect >directly a Gauntlet console, but I think it should be possible to use >SLIP (or PPP) to create a network on your serial ports, and then just >use IP beetween the Firewall and the console. > >(Do you try to manage your Firewall from your home, with a modem, then I >hope the connection beetween the Gauntlet FW and the admin console is >very secure....) The speed on the serial port might not be acceptable (only 38400). Another option would be to put another Ethernet card in the firewall and have a dedicated Ethernet from the firewall to the admin console. You can also administer Gauntlet the old fashioned way by editing the configuration files directly. You do have to be careful when you do this, since the GUI interface rewrites parts of the configuration files. Smoot Carl-Mitchell Texas Internet Consulting 1106 Clayton Lane, Suite 500W Austin, TX 78723 +1 512 451-6176 From owner-firewalls-list Wed Dec 3 08:51:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA09589; Wed, 3 Dec 1997 06:15:35 -0800 (PST) Received: from loki.iss.net (loki.iss.net [208.21.0.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id GAA09452 for ; Wed, 3 Dec 1997 06:14:44 -0800 (PST) Received: from tdoty (tdoty.iss.net [208.21.4.61]) by loki.iss.net (8.8.7/8.7.3) with SMTP id JAA04283 for ; Wed, 3 Dec 1997 09:18:00 -0500 Message-Id: <3.0.3.32.19971203091621.00940c40@mail.iss.net> X-Sender: tdoty@mail.iss.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32) Date: Wed, 03 Dec 1997 09:16:21 -0500 To: firewalls@greatcircle.com From: Ted Doty Subject: Re: Seesion Wall-3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 2 Dec 1997 12:38:54 -0500, List_Mail@vsebav.com (List_Mail) posted: In Windows NT Magazine, October 1997 issue page 85, there is an article on Session Wall-3, a firewall that you can place inside the internal network. It's both a network monitor and a firewall. Does anyone has any experience with this product ? There is a lot of activity on Intrusion Detection right now, especially the combination of IDS with traditional firewalls. The idea is that when the IDS system detects inappropriate activity, it communicates with the firewall (for example, via Checkpoint's Opsec), to add a blocking rule. Intrusion Detection systems are passive, so they are a pretty good fit for an internal network, where communications needs to be open. An organization could deploy internal firewalls that block nothing at all, except for the sessions of malicious users (as reported by an IDS). Separating the functionality into "detect" vs. "respond" is likely to allow the performance of the security system to match the data rates of the internal LANs. There are a number of IDS systems out (including our RealSecure), but I don't know how many of them work with how many firewall systems. Any comments should be sent to me, as I don't normally follow the list. - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE From owner-firewalls-list Wed Dec 3 08:52:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA18195; Wed, 3 Dec 1997 06:56:34 -0800 (PST) Received: from mrin52.mail.aol.com (mrin52.mx.aol.com [198.81.19.162]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id GAA18183 for ; Wed, 3 Dec 1997 06:56:23 -0800 (PST) From: GCrum2@aol.com Received: (from root@localhost) by mrin52.mail.aol.com (8.8.5/8.7.3/AOL-2.0.0) id JAA10936 for firewalls@greatcircle.com; Wed, 3 Dec 1997 09:59:30 -0500 (EST) Date: Wed, 3 Dec 1997 09:59:30 -0500 (EST) Message-ID: <971203095929_-1440464807@mrin52.mail.aol.com> To: firewalls@greatcircle.com Subject: reply to thread Sender: firewalls-owner@GreatCircle.COM Precedence: bulk After reading all the comments on this thread, it just occured to me..... There is another trend for outsourcing of security issues. Be that firewalls, policy, certifications etc... This is good, at least from a consultant's viewpoint....I get to keep food on my table... What is alarming though, and I think someone aluded to this, is that the big accounting firms, and you know who you are, have jumped into the fray with both feet. Only they seem to have landed in the middle of a barnyard, and we all know what is in the middle of barnyards. It scares me to watch major corporations pay big bucks to have someone come in and run a suite of tools against their network, produce all these danger signals in their nice little prepackaged reports, collect their fee and walk out the door. They call it a certification, or penetration test. (Well sometimes I wonder what really got penetrated). Well that is just poor application in my opinion. Never mind, what or if there is a policy...never mind that a certain real business need required the system to be configured in such a way...never mind that the person, who was tasked to set up the firewall, also is responsible for the mail room....and the xmas party... Never mind that where they are jumping in is really at the end or measurement phase of the equation. Why not stick around and help develop a good policy, based on true business needs. Why not help them introduce good practical solutions for Threat Management, not just the firewall flavor of the month, or "my wall is bigger than yours" type hype we get from vendors. No the biggest trend I see, is business being led down the path of mediocrety by people who really have no business offering security services in the first place. Just because they are an auditing firm, does not make them a security expert. Hiring every Tom, Dick and Mary off the street that can spell hacker and thinks that crack is not some fancy drug, but a tool to break passwords, is not the answer. It is time that we all start to police this type of conduct, and expose these practices. Hackers are having a field day....they are no longer the threat we should worry most about, rather we have become our own worst enemy. From owner-firewalls-list Wed Dec 3 08:54:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA08651; Wed, 3 Dec 1997 01:50:10 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA29126 for ; Wed, 3 Dec 1997 01:03:34 -0800 (PST) Received: from upshield.uniq.com.au by mycroft.GreatCircle.COM (8.8.5/SMI-4.1/Brent-970426) id BAA21888; Wed, 3 Dec 1997 01:05:42 -0800 (PST) Received: (from smtp@localhost) by upshield.uniq.com.au id UAA07872 (8.8.7/IDA-1.6); Wed, 3 Dec 1997 20:06:02 +1100 (EST) Received: from upshoo.uniq.com.au(192.195.152.130), claiming to be "upserv.uniq.com.au" via SMTP by upshield.uniq.com.au, id smtpdAAAa001uy; Wed Dec 3 20:05:52 1997 Received: from basil.uniq.com.au (basil.uniq.com.au [192.168.3.1]) by upserv.uniq.com.au with ESMTP id UAA10309 (8.8.5/IDA-1.6); Wed, 3 Dec 1997 20:05:49 +1100 (EST) Received: (from pauline@localhost) by basil.uniq.com.au id UAA29566 (8.8.5/IDA-1.6); Wed, 3 Dec 1997 20:05:28 +1100 (EST) Date: Wed, 3 Dec 1997 20:05:28 +1100 (EST) From: Pauline van Winsen - Uniq Professional Services Message-ID: <199712030905.UAA29566@basil.uniq.com.au> To: firewalls@GreatCircle.COM, ddw@NSMA.Arizona.EDU Subject: Re: Building my library Cc: jlt8903@osfmail.isc.rit.edu Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: GCrxB+Fd+8Ji6g5ljMHWVw== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk apologies in advance for the nitpicking in my reply... but it may make it easier for people to find stuff you're cited. > Hmmm, those last couple go way past the basics... If you want to add > anything, get Rich Stevens' three TCP/IP, Illustrated books and maybe > the Design and Implementation of 4.4BSD OS and The Magic Garden books. > Oh, and don't forget John Lyons' commentary on the Unix source code... make that John Lions. > Cruise the COAST web site and read all the public papers, hit the > CERT web site and do the same. Wander down to the Auscert site, > then hit your favorite web index and search for unix and security. > Oh yeah, don't forget to go to the ATT site and read their other papers > about security. Look for "Berford". Don't forget the site security > handbook, which is RFC 2196, available free at any RFC site near you. > Get all the RFCs that you can stand and read them. Sign up for the > LACC, BOS, Bugtraq, NTbugtraq, etc email lists... s/berford/berferd/ i'm assuming you mean the paper "An evening with berferd, in which a cracker is lured, endured & studied."? & one i forgot in my previous post. the most useful, easy to read/understand security paper/info i have ever read. it's called "Reflections on Trusting Trust" by Ken Thompson. i have a hard copy from an old communications of the acm. you can find the paper on the net at: http://www.cs.umsl.edu/~sanjiv/sys_sec/security/thompson/hack.html hope this helps, pauline Pauline van Winsen pauline@uniq.com.au Uniq Professional Services Pty Ltd www.uniq.com.au PO Box 70, Paddington, NSW 2021, (Sydney) Australia Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000 "Perhaps there's a party coming up and you can't quite squeeze into that glamorous gown; a crash diet may help you on this ocassion." Keeping in Trim - Introduction, Woman's World, circa 1964. From owner-firewalls-list Wed Dec 3 08:55:30 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA23548; Wed, 3 Dec 1997 05:10:30 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id FAA23419 for ; Wed, 3 Dec 1997 05:09:56 -0800 (PST) From: mht@clark.net Received: from highlander (53.new-york-10.ny.dial-access.ATT.net [12.68.9.53]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id IAA15383; Wed, 3 Dec 1997 08:11:45 -0500 Message-Id: <3.0.3.32.19971203081135.0395d720@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 03 Dec 1997 08:11:35 -0500 To: Eric Schultze , "'firewalls@greatcircle.com'" Subject: Re: Growing Trends In-Reply-To: <01BCFF70.A8E548F0@bealls@ix.netcom.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk After reading all the comments on this thread, it just occured to me..... There is another trend for outsourcing of security issues. Be that firewalls, policy, certifications etc... This is good, at least from a consultant's viewpoint....I get to keep food on my table... What is alarming though, and I think someone aluded to this, is that the big accounting firms, and you know who you are, have jumped into the fray with both feet. Only they seem to have landed in the middle of a barnyard, and we all know what is in the middle of barnyards. It scares me to watch major corporations pay big bucks to have someone come in and run a suite of tools against their network, produce all these danger signals in their nice little prepackaged reports, collect their fee and walk out the door. They call it a certification, or penetration test. (Well sometimes I wonder what really got penetrated). Well that is just poor application in my opinion. Never mind, what or if there is a policy...never mind that a certain real business need required the system to be configured in such a way...never mind that the person, who was tasked to set up the firewall, also is responsible for the mail room....and the xmas party... Never mind that where they are jumping in is really at the end or measurement phase of the equation. Why not stick around and help develop a good policy, based on true business needs. Why not help them introduce good practical solutions for Threat Management, not just the firewall flavor of the month, or "my wall is bigger than yours" type hype we get from vendors. No the biggest trend I see, is business being led down the path of mediocrety by people who really have no business offering security services in the first place. Just because they are an auditing firm, does not make them a security expert. Hiring every Tom, Dick and Mary off the street that can spell hacker and thinks that crack is not some fancy drug, but a tool to break passwords, is not the answer. It is time that we all start to police this type of conduct, and expose these practices. Hackers are having a field day....they are no longer the threat we should worry most about, rather we have become our own worst enemy. -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Wed Dec 3 08:57:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA25768; Wed, 3 Dec 1997 07:27:58 -0800 (PST) Received: from info.netsol.com (www.netsol.com [198.41.3.10]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA25539 for ; Wed, 3 Dec 1997 07:26:55 -0800 (PST) Received: from net_sol_ex01.netsol.com (net_sol_ex01.netsol.com [192.153.247.46]) by info.netsol.com (8.8.5/8.8.4) with ESMTP id KAA21735 for ; Wed, 3 Dec 1997 10:30:06 -0500 (EST) Received: by NET_SOL_EX01 with Internet Mail Service (5.0.1457.3) id ; Wed, 3 Dec 1997 10:30:35 -0500 Message-ID: <11DEBAD8FCE0D01186FF0000F8052A0166A3F5@NET_SOL_EX01> From: "Crowe, Peter" To: firewalls@GreatCircle.COM Subject: RE: Building my library Date: Wed, 3 Dec 1997 10:30:33 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A tremendous new book on the subject is called "Maximum Security: A Hackers guide to protecting your Internet Site and Network" (the author is anonymous, the publisher is Sams Net). Excellent, fascinating and hard to put down reading. > -----Original Message----- > From: Jason Terwilliger [SMTP:jlt8903@osfmail.isc.rit.edu] > Sent: Tuesday, December 02, 1997 3:44 PM > To: firewalls@GreatCircle.COM > Subject: Building my library > > Hi everyone.. > I was wondering if any of you could give some reccomendations on > building my computer security library. Right now, I have the most well > known books as the cornerstone of my collection: > > Essential System Administration (Frisch) > Internet Security Professional Reference (Hare, et. al) > Internet Firewalls and Network Security (Siyan and Hare) > Practicle UNIX and Internet Security (Garfinkel and Spafford) > Building Internet Firewalls (Chapman and Zwicky) > > I'd appreciate any other reccomendations (books, magazines, etc) that > would expand on the basics. Also, I would like reccomendations on UNIX > Scripting books..I have found only two around, any reccomendations in > that > are also gratefully accepted. > > thanks for your help! > > ~Jason > From owner-firewalls-list Wed Dec 3 08:59:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA25775; Wed, 3 Dec 1997 07:27:58 -0800 (PST) Received: from freedom.gmsociety.org ([209.116.153.41]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA25581 for ; Wed, 3 Dec 1997 07:27:02 -0800 (PST) Received: (from brad@localhost) by freedom.gmsociety.org (8.8.8/8.8.5) id KAA30101; Wed, 3 Dec 1997 10:30:06 -0500 From: Brad Message-Id: <199712031530.KAA30101@freedom.gmsociety.org> Subject: Re: Growing trend.. To: mht@clark.net Date: Wed, 3 Dec 1997 10:30:06 -0500 (EST) Cc: firewalls@greatcircle.com In-Reply-To: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> from "mht@clark.net" at Dec 2, 97 01:09:13 pm X-Mailer: ELM [version 2.4 PL25 PGP7] MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk All kidding aside, I agree with this assesment. We are looking at the logical progression of what the market wants, I don't want to have deal with 8 different venders when I can have one POC for all my problems. It looks to me like the one stop shop is the waveof the future. I think thenext round may be the infrastructure companies swallowing up the product companies to providea truely on stop networking shop. > > OK, the growing trend for companies is produce a product which > interoperates with other products that other companies are manufacturing at > some point in time either they strategically align together or combine > themselves together to make one entity instead of two.. The growing trend > in the last few months is for policy type products and intrusion type test > companies to merge with firewall software and/hardware companies. This > takes care of the product side of things. > > > Over the summer months and early fall, we saw the big auditing type > companies combine their work force together to enhance their consulting > type offerings and combine their customer base. > > The next logical step is to combine product companies with the auditing > type companies.. > > The final step after that is to combine the auditing companies and the long > distance carrier companies together.. combining all product, all people and > telecommunication together. > > One stop shopping.. > > my .02 > > /mht > > -------------------------------- > Mark Teicher > CASSIE Enterprises & Trust > email:mht@clark.net > Fingerprint: > > 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE > From owner-firewalls-list Wed Dec 3 09:00:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA02268; Wed, 3 Dec 1997 05:40:12 -0800 (PST) Received: from server-one ([207.0.213.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id FAA02144 for ; Wed, 3 Dec 1997 05:39:49 -0800 (PST) Received: from [207.0.213.5] by server-one (NTMail 3.02.13) with ESMTP id ba143183 for ; Wed, 3 Dec 1997 09:43:27 -0400 Reply-To: "Esteban Vasquez" From: "Esteban Vasquez" To: Subject: Bandwith limitation Date: Wed, 3 Dec 1997 09:43:29 -0400 Message-ID: <01bcfff1$701bc2c0$05d500cf@administrativo.iamnet.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_000C_01BCFFCF.E90A22C0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This is a multi-part message in MIME format. ------=_NextPart_000_000C_01BCFFCF.E90A22C0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Hi, i have a problem to connect a client with a wirelees ethernet = bridge. The equipment is connected to 2 Mb, but the real conexion most be at 128 = K. How can i limit the bandwith to connect the client to 128K. ------=_NextPart_000_000C_01BCFFCF.E90A22C0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable
Hi, i = have a problem=20 to connect a client with a wirelees ethernet = bridge.
 
The = equipment is=20 connected to 2 Mb, but the real conexion most be at 128=20 K.
 
How can = i limit the=20 bandwith to connect the client to = 128K.
------=_NextPart_000_000C_01BCFFCF.E90A22C0-- From owner-firewalls-list Wed Dec 3 09:47:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA14727; Wed, 3 Dec 1997 09:34:08 -0800 (PST) Received: from hq1s0002.appliedis.com ([206.241.23.7]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA14708 for ; Wed, 3 Dec 1997 09:33:56 -0800 (PST) Received: by hq1s0002.aisdevnet.com with Internet Mail Service (5.0.1458.49) id ; Wed, 3 Dec 1997 12:38:01 -0500 Message-ID: From: "Amis, Jennifer" To: Firewalls@GreatCircle.COM Subject: Trapped inside Firewall-1 Date: Wed, 3 Dec 1997 12:37:58 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Help! I am currently testing Checkpoint Firewall-1 3.0b on NT 4.0 SP 1 and am having problems getting outside the Firewall. - From an internal machine can ping/telnet/ftp our router and external web server - From Firewall machine can ftp/ping all - Tracert from an internal machine to an external host stops at the internal NIC on the Firewall machine - Routing tables match our current Firewall-1 v2.0 - Rules match our current Firewall-1 v.2.0 I also tested this with only one rule - to accept all. Same results as above. The only other difference, aside from the upgrade, is that new Firewall machine is a member of our internal network domain. This is in order to use domain account information for SecuRemote users. Any suggestions? ============================== Jennifer Amis Applied Information Sciences mailto:Jennifer_Amis@appliedIS.com http://www.appliedIS.com Tel: (301) 489-1062 ========================= From owner-firewalls-list Wed Dec 3 09:50:31 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA12202; Wed, 3 Dec 1997 09:08:13 -0800 (PST) Received: from www.allensysgroup.com ([205.245.8.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA12170 for ; Wed, 3 Dec 1997 09:08:01 -0800 (PST) Received: from snapper ([205.245.8.61]) by www.allensysgroup.com (Post.Office MTA v3.1 release PO205e ID# 0-40603U300L100S0) with ESMTP id AAA340 for ; Wed, 3 Dec 1997 12:09:42 -0500 From: bbrown@allensysgroup.com (Bobby Brown) To: Subject: Logfile Reporting tools Date: Wed, 3 Dec 1997 12:13:30 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1161 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-ID: <19971203170942734.AAA340@snapper> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have been developing reporting tools for the logfiles created by Raptor Eagle and have had good response from users. I am interested in applying this functionality to other firewall installations of various manufacturers. I would be interested in working with someone using a Firewall other than Raptor to test and provide information on their logfiles so I may modify the tools for that product. To view work provided for the users of Raptor, you may view sample reports from http://snapper.naplesoft.com/logfiles.htm Anyone that would could share some logfile information and sample logfiles with me, please contact me directly. TIA Bobby Brown ######################################## # Bobby Brown CC Net-Works # bbrown@naplesoft.com # # Comments may not be that of my employer ########################################### From owner-firewalls-list Wed Dec 3 09:52:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA12351; Wed, 3 Dec 1997 09:09:37 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA12325 for ; Wed, 3 Dec 1997 09:09:15 -0800 (PST) From: mht@clark.net Received: from highlander (55.middletown-07.va.dial-access.ATT.net [12.68.19.55]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id MAA16935; Wed, 3 Dec 1997 12:11:45 -0500 Message-Id: <3.0.3.32.19971203121120.039aebc0@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 03 Dec 1997 12:11:20 -0500 To: c101jhs@sssd.navy.mil Subject: Re: Growing trend.. Cc: peter.gregory-unix@mccaw-stg.com (Peter Gregory), firewalls@GreatCircle.COM In-Reply-To: <199712031659.IAA08598@bounty.sssd.navy.mil> References: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk John, Exactly, History is starting to repeat itself in this industry.. The Henry Ford Model of Manufacturing is a much better model to illustrate. /mht > After a brief review of history, this trend was in process when former President T. Rosevelt gain fame as the "Trust Buster". Hence, railroads, steel and oil were diverted from various "consolidation" efforts. > > More recently, Judge Green divested another "one-stop-shop" in the form of AT&T. In the same timeframe, IBM sucumbed to the cry on monopoly. > > Less than five years ago, downsizing and divesting interests made Wall Street investor happy. Today, consolitation of efforts makes Wall Street investors happy. > > The only thing changing is the merry-go-round is moving faster. > > > > John Stewart > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Wed Dec 3 10:42:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA19173; Wed, 3 Dec 1997 10:04:56 -0800 (PST) Received: from p0015c01.kpmg.com (p0016c01.kpmg.com [199.207.255.14]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA19149 for ; Wed, 3 Dec 1997 10:04:47 -0800 (PST) From: tlitney@kpmg.com Received: by p0015c01.kpmg.com; id NAA26810; Wed, 3 Dec 1997 13:08:00 -0500 (EST) Received: from pa0016c4.kpmg.com(130.100.150.27) by p0015c01.kpmg.com via smap (3.2) id xma026111; Wed, 3 Dec 97 13:07:10 -0500 Received: from mailgate3.kpmg.com by pa0016c4.kpmg.com(8.8.6/8.8.6) with SMTP id NAA19742 for ; Wed, 3 Dec 1997 13:02:39 -0500 (EST) Received: from ccMail by mailgate3.kpmg.com (IMA Internet Exchange 2.1 Enterprise) id 000F4AF4; Wed, 3 Dec 97 13:06:53 -0500 Mime-Version: 1.0 Date: Wed, 3 Dec 1997 09:35:29 -0500 Message-ID: <000F4AF4.3365@kpmg.com> Subject: Re: Growing Trend .. To: firewalls@greatcircle.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Sorry guys, only Gates has enough money to buy MJR. It's the high overhead on those rubber chickens. ;-[ From owner-firewalls-list Wed Dec 3 10:45:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA14538; Wed, 3 Dec 1997 09:32:57 -0800 (PST) Received: from info.netsol.com (www.netsol.com [198.41.3.10]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA14514 for ; Wed, 3 Dec 1997 09:32:46 -0800 (PST) Received: from net_sol_ex01.netsol.com (net_sol_ex01.netsol.com [192.153.247.46]) by info.netsol.com (8.8.5/8.8.4) with ESMTP id MAA23496 for ; Wed, 3 Dec 1997 12:35:59 -0500 (EST) Received: by NET_SOL_EX01 with Internet Mail Service (5.0.1457.3) id ; Wed, 3 Dec 1997 12:36:24 -0500 Message-ID: <11DEBAD8FCE0D01186FF0000F8052A0166A402@NET_SOL_EX01> From: "Crowe, Peter" To: "'sandman@unitedcouncil.org'" , firewalls@GreatCircle.COM Subject: RE: Good Books To Read Date: Wed, 3 Dec 1997 12:36:23 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The Shimomura book reads more like a Harlequin romance novel than a factual recounting of the events. He even has one section which details his attempts at seducing somebody else's wife. Why is this included in the story and why is this book even recommended???? > -----Original Message----- > From: Sandman [SMTP:sandman@unitedcouncil.org] > Sent: Wednesday, November 12, 1997 12:03 PM > To: firewalls@GreatCircle.COM > Subject: Good Books To Read > > >> Practicle UNIX and Internet Security (Garfinkel and Spafford) > >> Building Internet Firewalls (Chapman and Zwicky) > > >Good books. Add: > >Cheswick and Bellovin - my old brain can't remember the actual title. > >(Something about tracking the wiley hacker or some such - should be > >the first book on your list though, IMHO...) > > " The Kucoo's Egg " written by Clifford Stall is a book about a Unix > admin tracking down a hacker that was brakeing in to his computer > along > with other goverment computers. Its a very good book. " Take Down " is > another grate book. It was written by Tsutomu Shimomura about how he > tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," > They even have a web page that you can visit http://www.takedown.com. > As > for a little history www.takedown.com web page was hacked the 1st day > it > was online. The hackers rename it to " Taken Down " > " The Watchman ", written by Jonathan Littman is a book about the > life > story of Hacker Kevin Poulsen. These are all grate books to read and > are > all true storys. > > > - Sandman - > The United Council > www.unitedcouncil.org > sandman@unitedcouncil.org From owner-firewalls-list Wed Dec 3 11:29:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA19174; Wed, 3 Dec 1997 10:05:00 -0800 (PST) Received: from p0015c01.kpmg.com (p0016c01.kpmg.com [199.207.255.14]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA19166 for ; Wed, 3 Dec 1997 10:04:51 -0800 (PST) From: tlitney@kpmg.com Received: by p0015c01.kpmg.com; id NAA26783; Wed, 3 Dec 1997 13:07:59 -0500 (EST) Received: from pa0016c4.kpmg.com(130.100.150.27) by p0015c01.kpmg.com via smap (3.2) id xma026085; Wed, 3 Dec 97 13:07:08 -0500 Received: from mailgate3.kpmg.com by pa0016c4.kpmg.com(8.8.6/8.8.6) with SMTP id NAA19734 for ; Wed, 3 Dec 1997 13:02:37 -0500 (EST) Received: from ccMail by mailgate3.kpmg.com (IMA Internet Exchange 2.1 Enterprise) id 000F4AF2; Wed, 3 Dec 97 13:06:53 -0500 Mime-Version: 1.0 Date: Wed, 3 Dec 1997 09:32:01 -0500 Message-ID: <000F4AF2.3365@kpmg.com> Subject: Want off this list??? To: firewalls@greatcircle.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk BEEEEEEEEEEP! We interrupt this firewall feed for a public service announcement!!! CLUES FOR THE CLUELESS 1.) Don't confuse the list with the list server/majordomo. To leave the list or change list access, deal with the list server/majordomo. Sending those messages to the list will tend to generate negative e-mail. FIREWALL = mail to majordomo@greatcircle.com ("help" in message body) 2.) If you want to ask a question but you're afraid because you think it might be basic or simple, don't ask! First, consult the list's FAQ (Frequently Asked Questions). If you don't see your question covered in the FAQ, then try using any of a multitude of search engines. Hey, and who knows what you might learn by researching! If you still can't find an answer, then go ahead and post. FIREWALL FAQ = http://www.clark.net/pub/mjr/pubs/fwfaq 3.) Don't use your real IP addresses when describing your situation to the list. If you are sending to the list from a company address, don't describe serious exposures in too much detail. You never know who might be reading! 4.) If you are replying to a message, don't include excessive amounts of the original message in your reply. This is a courtesy to recipients on slower links and eliminates a lot of redundancy. It is acceptable to include enough of the original post to provide a context for your reply. ### We now send you back to your previous noise stream. Previous line commented because of the improved signal/noise ratio lately From owner-firewalls-list Wed Dec 3 12:57:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA16377; Wed, 3 Dec 1997 09:46:24 -0800 (PST) Received: from mail.co.santa-barbara.ca.us ([161.213.144.8]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id JAA16356 for ; Wed, 3 Dec 1997 09:46:14 -0800 (PST) Received: from pc3202a by mail.co.santa-barbara.ca.us (Unoverica 2.90b) id 00002D4E; Wed, 3 Dec 1997 09:45:38 -0800 Message-ID: <34859B08.5FB4@co.santa-barbara.ca.us> Date: Wed, 03 Dec 1997 09:46:48 -0800 From: John snyder Reply-To: Snyder@co.santa-barbara.ca.us Organization: Santa Barbara County X-Mailer: Mozilla 3.0C-E-KIT (Win16; I) MIME-Version: 1.0 To: Mario Muehlbauer CC: Firewalls@GreatCircle.COM, searidge@clear.net.nz Subject: Re: Firewall choice References: <199712030259.SAA24601@honor.greatcircle.com> <34855D37.2094@teleconsult.de> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Mario Muehlbauer wrote: > > Think of Firewall-1 on NT as choice! > > Firewall-1 can manage Cisco Router. > > So I think this is the best and most secure anser for this firm. > > Mario Muehlbauer Mario: I'm interested in hearing your experiences with managing Cisco routers with Firewall-1. I put out a question regarding this topic and only received one reply by someone who actually has done this. He was not impressed. I include that message below for your reference. Please let me know if you have observed the same problems or what your implementation work arounds are. Thanks in advance, jhs Below is a message from Eric Greenwood in reply to my request for information from the Firewall list . . . . >>Hi - I asume you mean the SRE (single router extension )product - if not >>ignore the rest.... >I have had a running battle with Checkpoint over this one as the product >SRE is flawed and I wanted my money back - but no go so far... > >1) The interface command ( the FW1 telnets to the router to write the >access list) is bugged - the Cisco interface syntax "interface/#" is not >parsed by the FW1 parser and it fails to compile the rule set. Supposed to >be fixed in 3.0b - but I have not seeen it yet. > >2) The same rules are applied to all router interfaces, both in and out, so >it is very easy to write a rule set that blocks all packets, and you cannot >write a rule set that lets traffic in the serial port and out the ethernet >port ( for example), and block all the other way. Checkpoint suggested >writing inspect code to fix this ! which is a damn sight harder than >writing Cisco access lists. > >This comment is based on the ( little known) fact that rules are written to >all interfaces of the target FW device whther FW module or router target - >which may not be useful in some applications with multiple interfaces. The >only way around this is to write inspect script - not for the faint of heart > >3) 'manage' is not the correct word - the SRE only writes an access list >based on the GUI rule , nothing more. > >4) We have gone back to writing router specific access lists that are fine >tuned per interface to meet our needs. > >Note that Cisco publish access list suggestions for Internet connected >routers outside a firewall - I would ask your FW1 to demostrate writing >this list using the FW SRE product - it cannot be done. > >reply if you need more specifics - but I think you should not buy the SRE !! > >regards > >Eric. >Eric Greenwood Tel: 64 3 3265426 >7 Searidge Lane Fax: 64 3 3265439 >Sumner Bus: 64 3 3437921 >Christchurch 8008 Cell: 64 21 321260 >New Zealand From owner-firewalls-list Wed Dec 3 12:59:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA19467; Wed, 3 Dec 1997 10:12:41 -0800 (PST) Received: from alpha.netvision.net.il (alpha.NetVision.net.il [194.90.1.13]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA19457 for ; Wed, 3 Dec 1997 10:12:14 -0800 (PST) Received: from Shetef.shetef.com (ts020p7.pop4a.netvision.net.il [199.203.102.117]) by alpha.netvision.net.il (8.8.6/8.8.6) with SMTP id UAA10515; Wed, 3 Dec 1997 20:23:22 +0200 (IST) Date: Wed, 3 Dec 97 20:04:37 From: Yonat Labobitz Subject: session wall 3 To: list_mail@vsebav.com, firewalls@greatcircle.com, bealls@ix.netcom.com X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, You're RIGHT, SessionWall-3 from AbirNet is a GREAT! I have downloaded their 30 days evaluation version from http://www.abirnet.com (warning it is quite big, about 20 MB !!!) It took me about 10 minutes to install it (I am no networking expert, it was not complex, it is just clicking on the downloaded executable file, BUT my desktop machine is a NT 4.0 with 32 MB of memory) after installing it on my local desktop NT machine I started SEEING all the things that were going on our network. It was scary!!! I mean I saw almost EVERYTHING (some data was masked out in the evaluation version :-( ). I could see where the email content would be visible, I could see the actual web screens accessed, chat, email news posting and receiving, real audio etc. it was amazing, after watching for a while on where people are going. I clicked the right mouse button on the page that was presented on the screen that my peer was using and choose the block option and from that point on my peer was not able to access this web page anymore (and this without installing any software on HIS machine or the gateway). Boy was he ticked! after a full day running for a day SessionWall-3 alerted me about quite a few interesting things that happened on the network. there were 6 accesses with malicious java applets. (I used SessionWall-3 to block access to them .) there was a user that generated a lot of traffic on the network and SessionWall-3 showed me that he was using real audio to hear a radio station in another country over the net. SessionWall-3 indicated that there is a person in the department that have communicated and send attached email files to one of our competitors email address. it also detected two email that were coming from outside the network that were addressed to two people in the dev. team which contained attachments with viruses inside. I found out that about 12 % of all the companies web access is really to some non -productive sites (they have a database of categorized URL's) I found out that DNS access consumes about 8% of my total network traffic and it was because of a mis-configured server. I found someone how is doing MAC spoofing in my network and a ping abuse also. there were some other intrusion detection alerts that I got concerning FTP access and the SITE command usage there was quite a lot of network traffic due to DOOM game so I blocked it using SessionWall-3 there were some access to our human resources server that generated failed logins and successful attempts that SessionWall-3 logged and alerted on them since they came from another dept. station. there were some other things there, but WOW, talking about return on investment in time, and this was on their EVALUATION VERSION. I really liked the way it works and gets all the traffic and does the blocking without being a gateway but using the sniffer mode which had no impact on my network performance. NOW, I understand why they got the communication news editors choice security product in networld+interop and the editors choice from network week . I'm not sure that I would use instead of a firewall but it sure does a lot that a firewall doesn't do, especially inside the intranet. Yonat _______________________________________________________________________________________ / ~~~~~~~~ YOU MUST TRY OUR PRODUCTS at ~~~~~~~~~ / Win-Secure-it (WSI95-20.ZIP) - THE Security Solution for Windows 95 _______________________________________________________________________________________ --- On Tue, 2 Dec 1997 22:21:33 -0800 Eric Schultze wrote: > I've done a bunch of testing with SW3. I can't remember which SW version > NT magazine reviewed. The current version, 1.2, has some pretty good > stuff. They have added a number of intrusion detection features, though > these are not nearly as advanced as RealSecure or NFR. > > The SW product is a nice tool to use IN ADDITION TO a firewall mechanism. > It is not a true firewall in any sense of the word, nor do they try and > market it that way. Yes, they do have a "blocker" mechanism, but this is > not the same as an application or packet-filtering firewall. This software > works on a single-homed machine and views all the packets as they pass on > the segment. In this capacity, it provides a good snapshot of the activity > that you are filtering for. It is very easy from the point-and-click > perspective, and can be used to easily generate reports of web-usage, etc. > Because it views all packets, then analyzes them, it provides "after the > fact" reporting. If it notices something that should be "blocked", it > spoofs resets from both the source and destination addresses to kill the > connection. This does not necessarily say that the initial packet will be > stopped from making it to its destination. > > Another factor to consider, if the SW machine gets backed up or overloaded > with traffic, it may stop capturing images of all the packets. Worse yet, > if you are using SW3 as a firewall and the box goes down, the network is > unprotected. > > It works very nice as a tool in addition to your regular collection of > firewall and monitoring mechanisms. The reporting capabilities, ease of > use, and the ability for it to parse the packets and present images of web > pages, emails (and passwords), etc. are nice features for a non-technical > admin. It becomes an easier to understand tool than net x-ray for packet > sniffing, etc. and it has some neat packet filtering customization features > - very easy to use... but please, do not consider this product as a single > firewall solution. > > --e ---------------End of Original Message----------------- From owner-firewalls-list Wed Dec 3 13:03:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA10688; Wed, 3 Dec 1997 08:48:16 -0800 (PST) Received: from cortex.NSMA.Arizona.EDU (cortex.NSMA.Arizona.EDU [128.196.180.125]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA10507 for ; Wed, 3 Dec 1997 08:47:36 -0800 (PST) Received: from cortex (localhost [127.0.0.1]) by cortex.NSMA.Arizona.EDU (8.7.5/8.7.5) with ESMTP id JAA05362; Wed, 3 Dec 1997 09:53:28 -0700 (MST) Message-Id: <199712031653.JAA05362@cortex.NSMA.Arizona.EDU> To: firewalls@greatcircle.com Cc: Pauline van Winsen - Uniq Professional Services , ddw@cortex.NSMA.Arizona.EDU Subject: Re: Building my library In-reply-to: Your message of "Wed, 03 Dec 1997 20:05:28 +1100." <199712030905.UAA29566@basil.uniq.com.au> Date: Wed, 03 Dec 1997 09:53:27 -0700 From: Doug Wellington Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Previously: >apologies in advance for the nitpicking in my reply... >but it may make it easier for people to find stuff you're cited. :-) Well, like I said: >>...just a few things off the top of my head. I'm pretty sure I >>didn't get all the names and/or titles right, but they should be >>close enough... I also messed up on another one: >If you really want to get into Unix, get The Unix Programming >Environment, Twenty Five Years of Unix, The Unix Philosophy, ^^^^^^^^^^^ Should be "A Quarter Century of Unix"... Told you I had an old brain! ;-) >& one i forgot in my previous post. the most useful, easy to read/understand >security paper/info i have ever read. it's called "Reflections on >Trusting Trust" by Ken Thompson. Hmmm, wasn't that also published in the BSD documentation? There are MANY really good papers out there. There's one titled something like "How to Improve the Security of your Computer by Breaking into it" or something similar. Don't forget Marcus Ranum's "Thinking about Firewalls" and Brent Chapman's "Network (In)security Through IP Packet Filtering"... >"Perhaps there's a party coming up and you can't quite squeeze into that >glamorous gown; a crash diet may help you on this ocassion." > Keeping in Trim - Introduction, Woman's World, circa 1964. I love those quotes! Weird thing is, I know some women that are still trying to live up to that stuff... Ugh... [SHIVER] -Doug Doug Wellington ddw@nsma.arizona.edu Network and System Administrator ARL, Division of Neural Systems, Memory and Aging The University of Arizona, Tucson, AZ (520) 626-6023 (520) 291-0481 pager (520) 626-2618 fax I DON'T buy anything from spammers, and I KEEP TRACK OF WHO SPAMS ME. I put up with ads on the TV because they pay for programming. When spammers pay for the Internet, then I'll start putting up with spam. From owner-firewalls-list Wed Dec 3 13:07:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA12323; Wed, 3 Dec 1997 09:09:14 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA12244 for ; Wed, 3 Dec 1997 09:08:54 -0800 (PST) From: mht@clark.net Received: from highlander (55.middletown-07.va.dial-access.ATT.net [12.68.19.55]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id MAA16930; Wed, 3 Dec 1997 12:11:37 -0500 Message-Id: <3.0.3.32.19971203120900.039b4430@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 03 Dec 1997 12:09:00 -0500 To: Brad Subject: Re: Growing trend.. Cc: firewalls@greatcircle.com In-Reply-To: <199712031530.KAA30101@freedom.gmsociety.org> References: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Brad, Yes, that is exactly where the industry is heading, the organization that can develop a thorough business model to lean towards the one stop networking, telecommunication and security shop will have the lead. It will take a tremendous amount of work to convince all those parties involved to work together, very similiar to the WALMART EDI initiative of the 1970s.. /mht At 10:30 AM 12/3/97 -0500, Brad wrote: >All kidding aside, I agree with this assesment. We are looking at the logical progression of what the market wants, I don't want to have deal with 8 different venders when I can have one POC for all my problems. > >It looks to me like the one stop shop is the waveof the future. I think thenext round may be the infrastructure companies swallowing up the product companies to providea truely on stop networking shop. > > >> >> OK, the growing trend for companies is produce a product which >> interoperates with other products that other companies are manufacturing at >> some point in time either they strategically align together or combine >> themselves together to make one entity instead of two.. The growing trend >> in the last few months is for policy type products and intrusion type test >> companies to merge with firewall software and/hardware companies. This >> takes care of the product side of things. >> >> >> Over the summer months and early fall, we saw the big auditing type >> companies combine their work force together to enhance their consulting >> type offerings and combine their customer base. >> >> The next logical step is to combine product companies with the auditing >> type companies.. >> >> The final step after that is to combine the auditing companies and the long >> distance carrier companies together.. combining all product, all people and >> telecommunication together. >> >> One stop shopping.. >> >> my .02 >> >> /mht >> >> -------------------------------- >> Mark Teicher >> CASSIE Enterprises & Trust >> email:mht@clark.net >> Fingerprint: >> >> 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE >> > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Wed Dec 3 16:58:01 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA01890; Wed, 3 Dec 1997 11:35:25 -0800 (PST) Received: from dfw-ix8.ix.netcom.com (dfw-ix8.ix.netcom.com [206.214.98.8]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA01804 for ; Wed, 3 Dec 1997 11:35:05 -0800 (PST) Received: (from smap@localhost) by dfw-ix8.ix.netcom.com (8.8.4/8.8.4) id NAA02056; Wed, 3 Dec 1997 13:37:21 -0600 (CST) Received: from lax-ca12-19.ix.netcom.com(204.30.73.211) by dfw-ix8.ix.netcom.com via smap (V1.3) id rma001986; Wed Dec 3 13:36:39 1997 Received: by localhost with Microsoft MAPI; Wed, 3 Dec 1997 11:33:24 -0800 Message-ID: <01BCFFDF.441AFAE0@bealls@ix.netcom.com> From: Eric Schultze To: "'Yonat Labobitz'" , "list_mail@vsebav.com" , "firewalls@greatcircle.com" Subject: RE: session wall 3 Date: Wed, 3 Dec 1997 11:33:23 -0800 X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4025 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I know this isn't directly related to firewalls, so I'll keep this brief As a former associate has pointed out, there are several current weaknesses. The product has some install\de-install issues (it doesn't completely clean itself up). It does not perform any security enhancements to the directories in which it is installing (i.e. it does not set DACLs over the app and log directories) so the box owner should make sure to apply appropriate security settings (and use NTFS). As this product can store a lot of sensitive info (passwords, e-mail), care should be taken to secure the log directories. Future enhancements to the product (I'm told) will include an enterprise version that will enable one central monitoring console to gather info from SW3 agents on distributed subnets. It will be interesting to see if they do the proper thing and implement user assignable tcp ports and encryption between the agent and the mgmt console. It would suck to have the SW info sniffed by another tool as it is transferring its data to console! Also, user authentication to the remote agents needs to be secured. In future releases, the product may install as a service (again, hopefully as a localsystem acct, not as a user acct), so that different users may log on and off, and the logging\blocking may continue. In its current state, the app can only be started after a user logs on, that user may not log off, etc. The product could really start to shine if it kept up to date on intrusion signatures (a losing battle, but necessary until someone (MJR?) comes up with a common engine for identification of attacks, learning model, etc) How do people see this as compared to Real Secure? Obviously, it is weak on intrusion ID, (but offers other features) and the enterprise version isn't going yet, but future releases may provide an alternative for this type software on NT. --e From owner-firewalls-list Wed Dec 3 19:03:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id NAA17013; Wed, 3 Dec 1997 13:07:06 -0800 (PST) Received: from zeke.gov.yk.ca (ZEKE.GOV.YK.CA [199.247.128.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id NAA16927 for ; Wed, 3 Dec 1997 13:06:46 -0800 (PST) Received: by zeke.gov.yk.ca; id NAA12331; Wed, 3 Dec 1997 13:09:38 -0800 (PST) Received: from unknown(199.247.130.39) by zeke.gov.yk.ca via smap (4.0) id xma012201; Wed, 3 Dec 97 13:08:48 -0800 Received: from 185580 ([199.247.134.102]) by tempest.gov.yk.ca (8.7.5/8.7.3) with SMTP id NAA17422; Wed, 3 Dec 1997 13:07:22 -0800 Message-Id: <1.5.4.32.19971203210853.0092d530@mailhost.gov.yk.ca> X-Sender: kwiat@mailhost.gov.yk.ca X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 03 Dec 1997 13:08:53 -0800 To: "Crowe, Peter" , "'sandman@unitedcouncil.org'" , firewalls@GreatCircle.COM From: Larry Kwiat Subject: RE: Good Books To Read Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Who knows when you'll have to seduce someone's wife? And how many people know how to do that effectively anymore? Marriage is going out of style... ...you may someday need to know! At 12:36 PM 12/3/97 -0500, Crowe, Peter wrote: >The Shimomura book reads more like a Harlequin romance novel than a >factual recounting of the events. He even has one section which details >his attempts at seducing somebody else's wife. Why is this included in >the story and why is this book even recommended???? > >> -----Original Message----- >> From: Sandman [SMTP:sandman@unitedcouncil.org] >> Sent: Wednesday, November 12, 1997 12:03 PM >> To: firewalls@GreatCircle.COM >> Subject: Good Books To Read >> >> >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> >> Building Internet Firewalls (Chapman and Zwicky) >> >> >Good books. Add: >> >Cheswick and Bellovin - my old brain can't remember the actual title. >> >(Something about tracking the wiley hacker or some such - should be >> >the first book on your list though, IMHO...) >> >> " The Kucoo's Egg " written by Clifford Stall is a book about a Unix >> admin tracking down a hacker that was brakeing in to his computer >> along >> with other goverment computers. Its a very good book. " Take Down " is >> another grate book. It was written by Tsutomu Shimomura about how he >> tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," >> They even have a web page that you can visit http://www.takedown.com. >> As >> for a little history www.takedown.com web page was hacked the 1st day >> it >> was online. The hackers rename it to " Taken Down " >> " The Watchman ", written by Jonathan Littman is a book about the >> life >> story of Hacker Kevin Poulsen. These are all grate books to read and >> are >> all true storys. >> >> >> - Sandman - >> The United Council >> www.unitedcouncil.org >> sandman@unitedcouncil.org > =+=+=+=+=+=+=+=+=+=+=+=+=+= Sincerely, Larry Kwiat Electronic Information Security Coordinator / System Integration Specialist Information Services Branch Government of Yukon (403)667-8081 kwiat@gov.yk.ca From owner-firewalls-list Wed Dec 3 19:17:50 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA03563; Wed, 3 Dec 1997 18:32:57 -0800 (PST) Received: from mail.the-wire.com (mail.the-wire.com [198.53.192.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA03535 for ; Wed, 3 Dec 1997 18:32:44 -0800 (PST) Received: from anton.the-wire.com (anton.the-wire.com [205.206.32.227]) by mail.the-wire.com (8.8.8/8.8.8) with SMTP id VAA29443; Wed, 3 Dec 1997 21:33:49 -0500 (EST) Message-Id: <3.0.32.19971203213634.009a8100@mail.the-wire.com> X-Sender: anton@mail.the-wire.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 03 Dec 1997 21:36:42 -0500 To: Brad , mht@clark.net From: Anton J Aylward Subject: Re: Growing trend.. Cc: firewalls@GreatCircle.COM Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 10:30 AM 03/12/97 -0500, Brad wrote: ## Reply Start ## >All kidding aside, I agree with this assesment. >We are looking at the logical progression of what the market wants, >I don't want to have deal with 8 different venders when I can have one POC >for all my problems. I'm not convinced it is "what the market wants". There are economic cycles and they have rules as inexorable as gravity. Once, in a Control Thgeory course at my alma ma, as a bit of fun we ran a simulation of the warehouse, delivery model (weights and springs) of a dock strike. A three week (simulated time) strike took over three years for the cycles to dampen out at the retail store end. Now I know this is just a simulation, but.... as one posting commented, we've seen this before with the railroads.. I understand the logic of the "one stop shop". Let me call it something else: "Common mode Failure". Thet even applied to IBM. You remember the RT and the VRM? Do you remember that AIX was positioned originally to take on SUN and HP in the graphics workstation market? What support is there now for the people who bought IBM back then as high speed graphic workstations? One of the most successful (long lived, low project loss rate) companies I ever worked for had a policy: Never buy more than 10% form any single company Never be more than 10% of a single company's business. >It looks to me like the one stop shop is the waveof the future. Rather, I'd say that we're back on that part of the cycle. >I think the next round may be the infrastructure companies >swallowing up the product companies to providea truely on >stop networking shop. I'm sure the larger companies would like you to believe that. I'm also sure a lot of customers will buy into this. I'm not much of a sports player, but I occasionally dream of owning a team franchise. I know what animal I'd name the team after. Not a Dinosaur or a bird, but a small fury animal. I want to hear the people in the stands yell: GO LEMMINGS, GO! /anton ## Reply End ## From owner-firewalls-list Wed Dec 3 19:18:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA16970; Wed, 3 Dec 1997 17:23:50 -0800 (PST) Received: from pl-srvc-msg4.PBDIR.COM (h206170023229.pbdir.com [206.170.23.229]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA16809 for ; Wed, 3 Dec 1997 17:23:19 -0800 (PST) Received: by PL-SRVC-MSG4.PBDIR.COM with Internet Mail Service (5.0.1458.49) id ; Wed, 3 Dec 1997 17:26:36 -0800 Message-ID: <8DB44E2FA9EDD0118AA4006097D3E813031B58@PL-SRVC-MSG3.PBDIR.COM> From: "Walker, Peter (PBD)" To: "'GCrum2@aol.com'" , firewalls@greatcircle.com Subject: RE: reply to thread Date: Wed, 3 Dec 1997 17:26:33 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain; charset="iso-8859-1" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In a perfect world each company would have a staff of experts in his field and would only have to depend on external assistance to validate their internal compliance to best practices. In reality there are simply not that many people whose expertise cover all the required areas and outside consultants will remain a very significant fact of life. In a field where there is no perfect solution there will always be a lot of people selling snakeoil. While I agree that just because a person's company has experience in audit does not make them computer security experts, I would also extend that to say that the same also applies for people with backgrounds in computer systems and for those with backgrounds in security. Just because I can write in Java or know which sides of the door a hinge should be on also does not make me a computer security expert. What makes a person an "expert" in this field is hard to define. Very few universities offer formal training in this area and, from having written and passed some certification tests in this area I wouldn't hold any of those up as a Holy Grail either. IMHO the only way to get good in this field is to do it and learn from your painful mistakes over the years. The answer to this question is like "What makes a good programmer?" In the end, buying a service in this area is like buying a car. Don't rely on a firm because of their audit experience, their computer experience or their security experience. Do your homework, know the field, know what you want and if you don't get it, take it back and make them do it right or don't pay for it. Rely on a firm that gives you what you want and what you need. Its up to you to know what you need. Peter D. Walker Senior Systems Security Manager System Security Control & Analysis District Finance and Administration, Pacific Bell Directory peter.walker@pbdir.com Opinions expressed are the author's alone and do not necessarily represent those of his employers. > -----Original Message----- > From: GCrum2@aol.com [SMTP:GCrum2@aol.com] > Sent: 03 December 1997 7:00 > To: firewalls@greatcircle.com > Subject: reply to thread > > > After reading all the comments on this thread, it just occured to > me..... > > There is another trend for outsourcing of security issues. Be that > firewalls, policy, certifications etc... This is good, at least from > a > consultant's viewpoint....I get to keep food on my table... What is > alarming though, and I think someone aluded to this, is that the big > accounting firms, and you know who you are, have jumped into the fray > with > both feet. Only they seem to have landed in the middle of a barnyard, > and > we all know what is in the middle of barnyards. > > It scares me to watch major corporations pay big bucks to have someone > come > in and run a suite of tools against their network, produce all these > danger > signals in their nice little prepackaged reports, collect their fee > and > walk out the door. They call it a certification, or penetration test. > > (Well sometimes I wonder what really got penetrated). > > Well that is just poor application in my opinion. Never mind, what > or if > there is a policy...never mind that a certain real business need > required > the system to be configured in such a way...never mind that the > person, who > was tasked to set up the firewall, also is responsible for the mail > room....and the xmas party... Never mind that where they are jumping > in is > really at the end or measurement phase of the equation. > > Why not stick around and help develop a good policy, based on true > business > needs. Why not help them introduce good practical solutions for > Threat > Management, not just the firewall flavor of the month, or "my wall is > bigger than yours" type hype we get from vendors. > > No the biggest trend I see, is business being led down the path of > mediocrety by people who really have no business offering security > services > in the first place. Just because they are an auditing firm, does not > make > them a security expert. Hiring every Tom, Dick and Mary off the > street > that can spell hacker and thinks that crack is not some fancy drug, > but a > tool to break passwords, is not the answer. > > It is time that we all start to police this type of conduct, and > expose > these practices. Hackers are having a field day....they are no > longer the > threat we should worry most about, rather we have become our own worst > > enemy. > From owner-firewalls-list Wed Dec 3 20:29:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA03346; Wed, 3 Dec 1997 18:31:06 -0800 (PST) Received: from ns.acadiacom.net (ns.acadiacom.net [206.104.52.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id NAA23388 for ; Wed, 3 Dec 1997 13:38:55 -0800 (PST) Received: from unitedcouncil.org (unverified [209.12.219.165]) by ns.acadiacom.net (Rockliffe SMTPRA 2.1.4) with ESMTP id for ; Wed, 03 Dec 1997 15:44:38 -0600 Message-ID: <346ABD06.2928992B@unitedcouncil.org> Date: Thu, 13 Nov 1997 03:40:38 -0500 From: Sandman Reply-To: sandman@unitedcouncil.org X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: RE: Good Books To Read Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Agreed, but " Take Down " was trying to show you what else was going on in his life. Such as " The Cuckoo's Egg " would talk about spending time with his wife and " The Watchman " talked about what happen in his childhood. I say the best book of all three would be " The Cuckoo's Egg ", it is very interesting and explain things like how most brake ins are from default passwords. It also talked about the concept of a Trojans horse and how they work. - Sandman - The United Council http://www.unitedcouncil.org sandman@unitedcouncil.org > -----Original Message----- >The Shimomura book reads more like a Harlequin romance novel than a >factual recounting of the events. He even has one section which details >his attempts at seducing somebody else's wife. Why is this included in >the story and why is this book even recommended???? >> -----Original Message----- >> From: Sandman [SMTP:sandman@unitedcouncil.org] >> Sent: Wednesday, November 12, 1997 12:03 PM >> To: firewalls@GreatCircle.COM >> Subject: Good Books To Read >> >> >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> >> Building Internet Firewalls (Chapman and Zwicky) >> >> >Good books. Add: >> >Cheswick and Bellovin - my old brain can't remember the actual title. >> >(Something about tracking the wiley hacker or some such - should be >> >the first book on your list though, IMHO...) >> >> " The Kucoo's Egg " written by Clifford Stall is a book about a Unix >> admin tracking down a hacker that was brakeing in to his computer >> along >> with other goverment computers. Its a very good book. " Take Down " is >> another grate book. It was written by Tsutomu Shimomura about how he >> tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," >> They even have a web page that you can visit http://www.takedown.com. >> As >> for a little history www.takedown.com web page was hacked the 1st day >> it >> was online. The hackers rename it to " Taken Down " >> " The Watchman ", written by Jonathan Littman is a book about the >> life >> story of Hacker Kevin Poulsen. These are all grate books to read and >> are >> all true storys. >> >> >> - Sandman - >> The United Council >> www.unitedcouncil.org >> sandman@unitedcouncil.org From owner-firewalls-list Wed Dec 3 21:53:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA03218; Wed, 3 Dec 1997 18:29:50 -0800 (PST) Received: from pse01.pios.com (PSE01.PIOS.COM [199.33.129.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA10975 for ; Wed, 3 Dec 1997 15:05:20 -0800 (PST) Received: by pse01.pios.com; (5.65v3.2/1.3/10May95) id AA03240; Wed, 3 Dec 1997 18:08:32 -0500 Received: from pio_mail2.cle2.pios.com by gemini.pios.com (PMDF V5.0-6 #18985) id <01IQQVPSHIDS8X0K9Y@gemini.pios.com> for Firewalls@GreatCircle.COM; Wed, 03 Dec 1997 18:08:46 -0500 (EST) Received: by pio_mail2.cle2.pios.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52) id <01BD0016.96653EA0@pio_mail2.cle2.pios.com>; Wed, 03 Dec 1997 18:09:24 -0500 Date: Wed, 03 Dec 1997 18:09:23 -0500 From: "Stout, William" Subject: RE: Is OS Vulnerable w/ FW-1? To: "'sebastien Villain'" Cc: "'Firewalls@GreatCircle.COM'" Message-Id: Mime-Version: 1.0 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.995.52 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > ----- Original Message ----- > From: sebastien Villain [SMTP:svillain@cie-bancaire.fr] > Sent: Wednesday, December 03, 1997, 3:42:45 > To: Stout, William > Cc: Firewalls@GreatCircle.COM > Subject: Re: Is OS Vulnerable w/ FW-1? > > Stout, William wrote: > > > > > ----- Original Message ----- > > > From: William Cooper [SMTP:cooper@io.com] > > > Sent: Saturday, November 29, 1997, 1:52:38 > > > To: Stout, William > > > Subject: Is OS Vulnerable w/ FW-1? > > > > > > Hello- > > > I've heard it said that Check Point's Firewall-1 runs in such a way > that > > > the OS is not vulnerable, or the Firewall is not subject to > > > vulnerabilities that exist in the operating system itself. I'm hoping > > > > But what happens when the Firewall Crash, or when you stop it (just to > do your logswitch for example). > > In fact, Unix system should be easier to protect (remooving all servers) > than NT (Does anyone knows all opened tcp/udp ports ? Mr Bill ???). > > Sebastien Villain (SEMA GROUP FRANCE) > svillain@cie-bancaire.fr > > -- > ----- End Of Original Message ----- Well, NT is annoying that way, where ports are still active after turning off services that use those ports. With UNIX, ports don't respond unless there's a daemon running servicing that port, or assigned to that port via portmapper. I'm sure that Checkpoint (or any other NT firewall vendor) has patrol software that turns off and makes sure unnecessary services stay off, though preventing connections to ports on the stack itself still needs to be done via filtering, 'stealthing', etc. The NSA X31 group has evaluated and created a report for FW-1 in June, though they have not yet posted the results. The other reports on V-One, Gauntlet, and Sidewinder are very good, very detailed, and describe capabilities and vulnerabilities in those firewalls, so I await the FW-1 posting breathlessly. Something though has delayed the posting nearly six months so far. Bill Stout From owner-firewalls-list Wed Dec 3 21:57:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id VAA12476; Wed, 3 Dec 1997 21:49:25 -0800 (PST) Received: from ducky.texas.net (mnet01-07.austin.texas.net [207.207.2.7]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id VAA12402; Wed, 3 Dec 1997 21:49:01 -0800 (PST) Received: from localhost (root@localhost) by ducky.texas.net (8.8.7/8.8.7) with SMTP id XAA06310; Wed, 3 Dec 1997 23:50:20 -0600 (CST) (envelope-from root@ducky.texas.net) Date: Wed, 3 Dec 1997 23:50:09 -0600 (CST) From: System Administrator To: Eric Kimminau cc: Firewalls@GreatCircle.COM, firewalls-digest@GreatCircle.COM Subject: Re: freeware SSH for WIn95/NT In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk www.datafellows.com Ryan McCord On Wed, 26 Nov 1997, Eric Kimminau wrote: > > Does anyone have a location/source for a freeware SSH client for Win95/NT? > > You don't have to pay for it for ANY version of Unix? Isn't there someone > who has a function CLIENT ONLY for Microsloth OS's? > > I mean, come on! We get raped for everything on the OS. You would hope > that you could at least communication with NIX's securely from it without > having to pay more. > > Anyone? > Thanks! > Eric. > > > > From owner-firewalls-list Wed Dec 3 22:10:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA07732; Wed, 3 Dec 1997 12:10:01 -0800 (PST) Received: from buffy.isi.net (buffy.isi.net [204.71.194.215]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id MAA07673 for ; Wed, 3 Dec 1997 12:09:46 -0800 (PST) Received: from localhost (mike@localhost) by buffy.isi.net (8.8.5/ISI-1.5) with SMTP id MAA08384 for ; Wed, 3 Dec 1997 12:12:58 -0800 (PST) Date: Wed, 3 Dec 1997 12:12:58 -0800 (PST) From: Mike Hedlund X-Sender: mike@buffy To: firewalls@GreatCircle.COM Subject: Re: SOCKS compliant programming In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 3 Dec 1997, Fyodor wrote: > > Hi everybody!! > > > > Can anyone point me to a very good guide for writing secure socket > > and/or socks compliant Windows applications? > > > > Than you very much, > > Gabriel > > Hmmm.. speacking about sockets, are there any developmnet tools for > programming sockets for Windows (nt/95) on C? it would be cool if there > are any which support POSIX/BSD standard. But.. surelly M$ would develop > their own. They love such things..:( > If you use visual c++ it comes with some libs .. which have wrappers to winsock code with bsd style functions. ie; socket() connect() bind() etc.. ive been told they are slower then native winsock calls(oxymoron? :))... but ive used them and they seem ok... hope that helps. -mike From owner-firewalls-list Wed Dec 3 22:12:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA27698; Wed, 3 Dec 1997 20:32:58 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id UAA27631 for ; Wed, 3 Dec 1997 20:32:40 -0800 (PST) From: mht@clark.net Received: from highlander (185.new-york-10.ny.dial-access.ATT.net [12.68.9.185]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id AAA01746; Thu, 4 Dec 1997 00:36:27 -0500 Message-Id: <3.0.3.32.19971203233028.00b42af0@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Wed, 03 Dec 1997 23:30:28 -0500 To: Anton J Aylward , Brad Subject: Re: Growing trend.. Cc: firewalls@GreatCircle.COM In-Reply-To: <3.0.32.19971203213634.009a8100@mail.the-wire.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 09:36 PM 12/3/97 -0500, Anton J Aylward wrote: >At 10:30 AM 03/12/97 -0500, Brad wrote: >## Reply Start ## >>All kidding aside, I agree with this assesment. >>We are looking at the logical progression of what the market wants, >>I don't want to have deal with 8 different venders when I can have one POC >>for all my problems. > >I'm not convinced it is "what the market wants". >There are economic cycles and they have rules as inexorable >as gravity. Agreed, Anton is correct, it is definitely related to the economic cycle, but as you analyze the trends, you will see that the cycle we are in now, is almost identical to the first wave of personal computers a couple of decades back.. > >Once, in a Control Thgeory course at my alma ma, as a bit of fun >we ran a simulation of the warehouse, delivery model (weights and >springs) of a dock strike. A three week (simulated time) strike >took over three years for the cycles to dampen out at the retail >store end. Now I know this is just a simulation, but.... >as one posting commented, we've seen this before with the railroads.. Data Warehousing Modeling 101... > >I understand the logic of the "one stop shop". Let me call it >something else: "Common mode Failure". Thet even applied to >IBM. You remember the RT and the VRM? Do you remember that >AIX was positioned originally to take on SUN and HP in the graphics >workstation market? What support is there now for the people who >bought IBM back then as high speed graphic workstations? AIX Speciality shops, like WorkGroup Solutions or other such custom shops.. > >One of the most successful (long lived, low project loss rate) >companies I ever worked for had a policy: > > Never buy more than 10% form any single company > Never be more than 10% of a single company's business. Agreed, single point of failure also lives within organizations.. > >I'm sure the larger companies would like you to believe that. >I'm also sure a lot of customers will buy into this. Depends on where the current trend is, and also the media hype to convince customers to buy into this model.. > >I'm not much of a sports player, but I occasionally dream of >owning a team franchise. I know what animal I'd name the >team after. Not a Dinosaur or a bird, but a small fury >animal. I want to hear the people in the stands yell: Actually, franchising would not be a bad idea, similiar to Ray Kroc and McDonald's.. Hmm, I wonder what the Value Meal items would be: > > GO LEMMINGS, GO! I think geese flying in the "V" formation makes for a much better illustration of each organization taking its turn.. /mht > >/anton > >## Reply End ## > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Wed Dec 3 22:15:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA03511; Wed, 3 Dec 1997 18:32:28 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA05179 for ; Wed, 3 Dec 1997 14:37:28 -0800 (PST) Received: from info.netsol.com by mycroft.GreatCircle.COM (8.8.5/SMI-4.1/Brent-970426) id OAA07046; Wed, 3 Dec 1997 14:39:40 -0800 (PST) Received: from net_sol_ex01.netsol.com (net_sol_ex01.netsol.com [192.153.247.46]) by info.netsol.com (8.8.5/8.8.4) with ESMTP id RAA28563 for ; Wed, 3 Dec 1997 17:39:56 -0500 (EST) Received: by NET_SOL_EX01 with Internet Mail Service (5.0.1457.3) id ; Wed, 3 Dec 1997 17:40:26 -0500 Message-ID: <11DEBAD8FCE0D01186FF0000F8052A0166A40F@NET_SOL_EX01> From: "Crowe, Peter" To: firewalls@GreatCircle.COM Subject: RE: Good Books To Read Date: Wed, 3 Dec 1997 17:40:23 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Some like to probe firewall ports, Shimomura obviously has a predilection for a different sort of port probing. ; - ) For an amusing response to Take Down go to http://rom.oit.gatech.edu/~willday/mitnick/takedown.review.html > -----Original Message----- > From: Larry Kwiat [SMTP:Larry.Kwiat@gov.yk.ca] > Sent: Wednesday, December 03, 1997 4:09 PM > To: Crowe, Peter; 'sandman@unitedcouncil.org'; > firewalls@GreatCircle.COM > Subject: RE: Good Books To Read > > Who knows when you'll have to seduce someone's wife? And how many > people know how to do that effectively anymore? Marriage is going > out of style... ...you may someday need to know! > > At 12:36 PM 12/3/97 -0500, Crowe, Peter wrote: > >The Shimomura book reads more like a Harlequin romance novel than a > >factual recounting of the events. He even has one section which > details > >his attempts at seducing somebody else's wife. Why is this included > in > >the story and why is this book even recommended???? > > > >> -----Original Message----- > >> From: Sandman [SMTP:sandman@unitedcouncil.org] > >> Sent: Wednesday, November 12, 1997 12:03 PM > >> To: firewalls@GreatCircle.COM > >> Subject: Good Books To Read > >> > >> >> Practicle UNIX and Internet Security (Garfinkel and > Spafford) > >> >> Building Internet Firewalls (Chapman and Zwicky) > >> > >> >Good books. Add: > >> >Cheswick and Bellovin - my old brain can't remember the actual > title. > >> >(Something about tracking the wiley hacker or some such - should > be > >> >the first book on your list though, IMHO...) > >> > >> " The Kucoo's Egg " written by Clifford Stall is a book about a > Unix > >> admin tracking down a hacker that was brakeing in to his computer > >> along > >> with other goverment computers. Its a very good book. " Take Down " > is > >> another grate book. It was written by Tsutomu Shimomura about how > he > >> tracked down Kevin Mitnick, "America's Most Wanted Computer > Outlaw," > >> They even have a web page that you can visit > http://www.takedown.com. > >> As > >> for a little history www.takedown.com web page was hacked the 1st > day > >> it > >> was online. The hackers rename it to " Taken Down " > >> " The Watchman ", written by Jonathan Littman is a book about the > >> life > >> story of Hacker Kevin Poulsen. These are all grate books to read > and > >> are > >> all true storys. > >> > >> > >> - Sandman - > >> The United Council > >> www.unitedcouncil.org > >> sandman@unitedcouncil.org > > > > =+=+=+=+=+=+=+=+=+=+=+=+=+= > > Sincerely, > > Larry Kwiat > Electronic Information Security Coordinator / > System Integration Specialist > Information Services Branch > Government of Yukon > (403)667-8081 > kwiat@gov.yk.ca From owner-firewalls-list Wed Dec 3 22:26:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA23928; Wed, 3 Dec 1997 10:56:32 -0800 (PST) Received: from ziggy.stardust.com (ziggy.stardust.com [205.184.205.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA23883 for ; Wed, 3 Dec 1997 10:56:20 -0800 (PST) Received: from allens (allens.stardust.com [205.184.204.73]) by ziggy.stardust.com (8.8.7/8.8.7) with SMTP id KAA08285; Wed, 3 Dec 1997 10:56:13 -0800 Message-Id: <3.0.5.32.19971203105523.009c97a0@stardust.com> X-Sender: lazlor@stardust.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Wed, 03 Dec 1997 10:55:23 -0800 To: fygrave@usa.net, Gabriel Dura From: "Allen K. Smith" Subject: Windows Sockets (was Re: SOCKS compliant programming) Cc: "'firewalls mailing list'" In-Reply-To: References: <199711261508.HAA20260@geocities.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk [Slightly off list topic, commercial product info towards end] Check out http://www.winsock.com. Look under the Winsock Labs for the Winsock Resource centre. Winsock 1.1 is built into win95 and winsock2 is built into winnt. (you can update microsofts win95 1.1 stack to 2.0 as well). There are also several 3d party implementations of the 1.1 and 2 specs. (Windows Sockets is an industry spec that microsoft has folded into their OS. The idea was to build a spec BSD developers would find comfortable that also takes advantage of async aspects of windows apps). Also check out http://www.aventail.com for their autosocks program that socksifies any winsock app. Hummingbird also have an app that does something similiar. At 02:43 PM 12/3/97 +0600, Fyodor wrote: >> Hi everybody!! >> >> Can anyone point me to a very good guide for writing secure socket >> and/or socks compliant Windows applications? >> >> Than you very much, >> Gabriel > >Hmmm.. speacking about sockets, are there any developmnet tools for >programming sockets for Windows (nt/95) on C? it would be cool if there >are any which support POSIX/BSD standard. But.. surelly M$ would develop >their own. They love such things..:( > > > >--- > Fyodor Yarochkin email:fygrave@usa.net > http://www.tigerteam.net/linuxgroup/ tel:(3312) 474465 > "Optima philosophia et sapientia est meditatio mortis." > > Allen Smith, lazlor@stardust.com IP Multicast. Turn it on and tune-in to the future. From owner-firewalls-list Wed Dec 3 22:57:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA11312; Wed, 3 Dec 1997 08:57:01 -0800 (PST) Received: from bounty.sssd.navy.mil (bounty.sssd.navy.mil [192.12.7.200]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA11290 for ; Wed, 3 Dec 1997 08:56:42 -0800 (PST) Received: from pinafore.sssd.navy.mil (pinafore [192.12.7.209]) by bounty.sssd.navy.mil (8.8.6/8.8.5) with SMTP id IAA08598; Wed, 3 Dec 1997 08:59:53 -0800 (PST) Message-Id: <199712031659.IAA08598@bounty.sssd.navy.mil> Received: by pinafore.sssd.navy.mil (NX5.67f2/NX3.0X) id AA07126; Wed, 3 Dec 97 08:59:51 -0800 Mime-Version: 1.0 (NeXT Mail 3.3 v118.2) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable In-Reply-To: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> X-Nextstep-Mailer: Mail 3.3 (Enhance 2.0b6) Received: by NeXT.Mailer (1.118.2) From: "John H. Stewart" Date: Wed, 3 Dec 97 08:59:49 -0800 To: mht@clark.net Subject: Re: Growing trend.. Cc: peter.gregory-unix@mccaw-stg.com (Peter Gregory), firewalls@GreatCircle.COM Reply-To: c101jhs@sssd.navy.mil References: <3.0.3.32.19971202130913.00b899e0@pop3.clark.net> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk You wrote: > OK, the growing trend for companies is produce a product which > interoperates with other products that other companies are > manufacturing at some point in time either they strategically = align > together or combine themselves together to make one entity = instead > of two.. The growing trend in the last few months is for policy > type products and intrusion type test companies to merge with > firewall software and/hardware companies. This takes care of the > product side of things. >=20 >=20 > Over the summer months and early fall, we saw the big auditing = type > companies combine their work force together to enhance their > consulting type offerings and combine their customer base. >=20 > The next logical step is to combine product companies with the > auditing type companies.. >=20 > The final step after that is to combine the auditing companies = and > the long distance carrier companies together.. combining all > product, all people and telecommunication together. >=20 > One stop shopping.. =20 >=20 > my .02 >=20 After a brief review of history, this trend was in process when = former President T. Rosevelt gain fame as the "Trust Buster". = Hence, railroads, steel and oil were diverted from various = "consolidation" efforts. =09 More recently, Judge Green divested another "one-stop-shop" in = the form of AT&T. In the same timeframe, IBM sucumbed to the cry = on monopoly. =09 Less than five years ago, downsizing and divesting interests made = Wall Street investor happy. Today, consolitation of efforts makes = Wall Street investors happy. =09 The only thing changing is the merry-go-round is moving faster. =09 =09 =09 John Stewart= From owner-firewalls-list Wed Dec 3 23:42:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA02522; Wed, 3 Dec 1997 23:35:17 -0800 (PST) Received: from dallas-cs-000.novare.net (dallas-cs-000.novare.net [205.229.104.10]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA02463 for ; Wed, 3 Dec 1997 23:34:54 -0800 (PST) Received: from default (hdn91-149.hil.compuserve.com [206.175.99.149]) by dallas-cs-000.novare.net (8.8.5/8.8.5) with SMTP id BAA13058 for ; Thu, 4 Dec 1997 01:41:19 -0600 Message-ID: <21E09676.6467@novare.net> Date: Tue, 05 Jan 1988 01:38:30 -0600 From: m* Reply-To: mark@novare.net X-Mailer: Mozilla 3.04Gold (Win95; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Re: freeware SSH for WIn95/NT References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk System Administrator wrote: > > www.datafellows.com > once again, if you wanna play you gotta pay. i've been using it for a few days now and i have no gripes. it beats a non-encrypted connection any day and it's terminal emulation is right on. m* m* From owner-firewalls-list Wed Dec 3 23:48:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA29007; Wed, 3 Dec 1997 23:12:37 -0800 (PST) Received: from ns.acadiacom.net (ns.acadiacom.net [206.104.52.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA28942 for ; Wed, 3 Dec 1997 23:12:13 -0800 (PST) Received: from unitedcouncil.org (unverified [209.12.219.158]) by ns.acadiacom.net (Rockliffe SMTPRA 2.1.4) with ESMTP id for ; Thu, 04 Dec 1997 01:17:46 -0600 Message-ID: <346B435B.6D0690CB@unitedcouncil.org> Date: Thu, 13 Nov 1997 13:13:48 -0500 From: Sandman Reply-To: sandman@unitedcouncil.org X-Mailer: Mozilla 4.04 [en] (Win95; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: RE: Grate Books To Read Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I enjoyed this message ;-) >Who knows when you'll have to seduce someone's wife? And how many >people know how to do that effectively anymore? Marriage is going >out of style... ...you may someday need to know! > >At 12:36 PM 12/3/97 -0500, Crowe, Peter wrote: >>The Shimomura book reads more like a Harlequin romance novel than a >>factual recounting of the events. He even has one section which details >>his attempts at seducing somebody else's wife. Why is this included in >>the story and why is this book even recommended???? >> >>> -----Original Message----- >>> From: Sandman [SMTP:sandman@unitedcouncil.org] >>> Sent: Wednesday, November 12, 1997 12:03 PM >>> To: firewalls@GreatCircle.COM >>> Subject: Good Books To Read >>> >> >> Practicle UNIX and Internet Security (Garfinkel and Spafford) >> >> Building Internet Firewalls (Chapman and Zwicky) >>> >>> >Good books. Add: >>> >Cheswick and Bellovin - my old brain can't remember the actual title. >>> >(Something about tracking the wiley hacker or some such - should be >>> >the first book on your list though, IMHO...) >>> >>> " The Kucoo's Egg " written by Clifford Stall is a book about a Unix >>> admin tracking down a hacker that was brakeing in to his computer >>> along >>> with other goverment computers. Its a very good book. " Take Down " is >>> another grate book. It was written by Tsutomu Shimomura about how he >>> tracked down Kevin Mitnick, "America's Most Wanted Computer Outlaw," >>> They even have a web page that you can visit http://www.takedown.com. >>> As >>> for a little history www.takedown.com web page was hacked the 1st day >>> it >>> was online. The hackers rename it to " Taken Down " >>> " The Watchman ", written by Jonathan Littman is a book about the >>> life >>> story of Hacker Kevin Poulsen. These are all grate books to read and >>> are >>> all true storys. >>> >>> >>> - Sandman - >>> The United Council >>> www.unitedcouncil.org >>> sandman@unitedcouncil.org >> >=+=+=+=+=+=+=+=+=+=+=+=+=+= > >Sincerely, > >Larry Kwiat >Electronic Information Security Coordinator / >System Integration Specialist >Information Services Branch >Government of Yukon >(403)667-8081 >kwiat@gov.yk.ca - Sandman - The United Council http://www.unitedcouncil.org sandman@unitedcouncil.org From owner-firewalls-list Thu Dec 4 00:20:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA23959; Wed, 3 Dec 1997 20:09:06 -0800 (PST) Received: from hangar.jetlink.net (hangar.jetlink.net [206.72.64.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id UAA23916 for ; Wed, 3 Dec 1997 20:08:51 -0800 (PST) Received: from gnss.com (ppp-208-19-49-212.isdn.jetlink.net [208.19.49.212]) by hangar.jetlink.net (8.8.8/8.8.8) with ESMTP id UAA03644; Wed, 3 Dec 1997 20:09:24 GMT Message-ID: <34862D78.8F172D0D@gnss.com> Date: Wed, 03 Dec 1997 20:11:36 -0800 From: "osiris@gnss.com" Reply-To: osiris@gnss.com Organization: Global Network Security Systems X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: Larry Kwiat CC: "Crowe, Peter" , "'sandman@unitedcouncil.org'" , firewalls@GreatCircle.COM, osiris@gnss.com Subject: Re: Good Books To Read References: <1.5.4.32.19971203210853.0092d530@mailhost.gov.yk.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Here's a few... Run their ISBNs through Amazon's engine and look at the reviews. As/400 Security in a Client/Server Environment Joseph S. Park (1995) ISBN: 0471116831 Building Internet Firewalls D. Brent Chapman, Elizabeth D. Zwicky (1995) ISBN: 1565921240 Commonsense Computer Security: Your Practical Guide to Information Protection Martin R. Smith (1994) ISBN: 0077078055 Computer Crime: A Crimefighter's Handbook David J. Icove, David, Seger, Karl Icove, Karl A. Seger, Vonstorch (1995) ISBN: 1565920864 Computer Security John M. Carroll (1996) ISBN: 0750696001 Computer Security Basics Deborah Russell, G.T. Gangemi (1991) ISBN: 0937175714 Computer Security Handbook Arthur E. Hutt, Seymour Bosworth, Douglas B. Hoyt (1995) ISBN: 0471118540 Cyber Crime: How to Protect Yourself from Computer Criminals Laura E. Quarantiello (1996) ISBN: 0936653744 E-Mail Security : How to Keep Your Electronic Messages Private Bruce Schneier (1995) ISBN: 047105318X Firewalls and Internet Security: Repelling the Wily Hacker William R. Cheswick, Steven M. Bellovin (1994) ISBN: 0201633574 Fundamentals of Computer Security Technology Edward G. Amoroso (1994) ISBN: 0131089293 Hacker Proof: The Ultimate Guide to Network Security Lars Klander, Edward J. Renehan (1997) ISBN: 188413355X Halting the Hacker: A Practical Guide to Computer Security Donald L. Pipkin (1997) ISBN: 013243718X Information Warfare : Chaos on the Electronic Superhighway Winn Schwartau (1996) ISBN: 1560251328 Internet Firewalls and Network Security Chris Hare, Karanjit S. Siyan (1996) ISBN: 1562056328 Internet Firewalls and Network Security Karanjit, Ph.D. Siyan, Chris Hare (1996) ISBN: 1562054376 Internet Security: Professional Reference Derek Atkins, Tom Sheldon, Tim Petru, Joel Snyder (1997) ISBN: 156205760X Internet Security for Business Terry Bernstein, Anish B. Bhimani, Eugene Schultz, Carol Siegel (1996) ISBN: 0471137529 Lan Times Guide to Security and Data Integrity Marc Farley, Tom Stearns, Jeffrey Hsu (1996) ISBN: 0078821665 Legislating Privacy : Technology, Social Values, and Public Policy Priscilla M. Regan (1995) ISBN: 0807822264 Maximum Security: A Hacker's Guide to Protecting Your Internet Site and Network Anonymous (1997) ISBN: 1575212684 The Ncsa Guide to PC and Lan Security Stephen Cobb (1996) ISBN: 0079121683 Personal Computer Security Edward Tiley (1996) ISBN: 1568848145 Practical Unix and Internet Security Simson Garfinkel, Gene Spafford (1996) ISBN: 1565921488 Protect Your MacIntosh Bruce Schneier (1994) ISBN: 1566091012 Protecting Your Web Site With Firewalls Marcus Goncalves, Vinicius A. Goncalves (1997) ISBN: 0136282075 Protection and Security on the Information Superhighway Frederick B. Cohen (1995) ISBN: 0471113891 Secrets of a Super Hacker Knightmare, the Knightmare (1994) ISBN: 1559501065 Security in Computing Charles P. Pfleeger (1996) ISBN: 0133374866 Web Commerce Cookbook Gordon McComb (1997) ISBN: 0471196630 Web Security Sourcebook Avi Rubin, Daniel Geer, Marcus J. Ranum, Aviel D. Rubin, dan Geer (1997) ISBN: 047118148X Web Security & Commerce (Nutshell Handbook) Simson Garfinkel, Gene Spafford (1997) ISBN: 1565922697 http://www.amazon.com/exec/obidos/ISBN=1565922697/t/0560-5831826-082656 Access Control and Personal Identification Systems Dan M. Bowers (1988) ISBN: 0409900834 Inside The Windows NT File System. Helen Custer. (1994) ISBN: 1-55615-660-X Inside Windows NT Server 4. Drew Heywood. (1996) ISBN: 1-56205-649-2. Internet Security Secrets John R. Vacca. (1996) ISBN: 1-56884-457-3. Managing Windows NT Server 4. Howard Hilliker 1996 ISBN: 1-56205-576-3 Microsoft Windows NT Workstation 4.0 Resource Kit. Microsoft Press. (1996) ISBN: 1-57231-343-9 NetWare to Internet Gateways. James E. Gaskin. (1996) ISBN: 0-13-521774-1 Network and Internetwork Security: Principles and Practice. William Stallings. (1995) ISBN: 0-02-415483-0 Network Security: How to Plan for It and Achieve It. Richard H. Baker. (1994) ISBN: 0-07-005141-0 Novell's Guide to Integrating NetWare and TCP/IP. Drew Heywood. (1996) ISBN: 1-56884-818-8 Novell's Guide to NetWare LAN Analysis. Dan E. Hakes and Laura Chappell. (1994) ISBN: 0-7821-1143-2 NT Server: Management and Control. Kenneth L. Spencer. (1995) ISBN: 0-13-107046-0 Peter Norton's Complete Guide to Windows NT 4.0 Workstation. Peter Norton and John Paul Mueller. (1996) ISBN: 0-672-30-901-7 Protect Your Privacy: The PGP User's Guide. William Stallings. (1994) ISBN: 0-13-185596-4. The Complete Guide to NetWare 4.1. James E. Gaskin. (1995) ISBN: 0-7821-1500A. The NetWare to Internet Connection. Morgan Stern. (1996) ISBN: 0.7821-17066 UNIX Security for the Organization. R. Bringle Bryant. (1994) ISBN: 0-672-30571-2. UNIX Security: A Practical Tutorial. N. Derek Arnold. ISBN: 0-07-002560-6 (1993) UNIX System Security: How to Protect Your Data and Prevent Intruders. Rick Farrow. (1991) ISBN: 0-201-57030-0 UNIX System Security Essentials. Christoph Braun and Siemens Nixdorf. (1995) ISBN: 0-201-42775-3 UNIX System Security. David A. Curry. (1992) ISBN: 0-201-56327-4 UNIX Unleashed. 1994 Susan Peppard, Pete Holsberg, James Armstrong Jr., Salim Douba, S.Lee Henry, Ron Rose, Richard Rummel, Scott Parker, Ann Marshall, Ron Dippold, Chris Negus, John Valley, Jeff Smith, Dave Taylor, Sydney Weinstein and David Till ISBN: 0-672-30402-3. Windows NT Administration: Single Systems to Heterogeneous Networks. Marshall Brain and Shay Woodard. (1994) ISBN: 0-13-176694-5 From owner-firewalls-list Thu Dec 4 00:54:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id AAA09122; Thu, 4 Dec 1997 00:11:08 -0800 (PST) Received: from www.songrhim.co.kr (www.songrhim.co.kr [210.112.43.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id AAA09038 for ; Thu, 4 Dec 1997 00:10:49 -0800 (PST) Received: by www.songrhim.co.kr from localhost (router,SLMail V2.5); Thu, 04 Dec 1997 17:11:20 +0900 Received: by www.songrhim.co.kr from SR_CLIENT1 (210.112.43.14::mail daemon,SLMail V2.5); Thu, 04 Dec 1997 17:11:19 +0900 Message-ID: <348665C7.74EE8D8E@songrhim.co.kr> Date: Thu, 04 Dec 1997 17:11:51 +0900 From: "kyoweon.Yoon" X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: "firewalls@GreatCircle.COM" Subject: where can I get the documents of each product's function comparison? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello! I want to know about the each firewalls product's function compare. Who can tell me about them? Thank you! From owner-firewalls-list Thu Dec 4 02:05:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA28944; Thu, 4 Dec 1997 01:51:04 -0800 (PST) Received: from ms1.hinet.net (ms1.hinet.net [168.95.4.10]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA28642 for ; Thu, 4 Dec 1997 01:49:06 -0800 (PST) From: mrlee325@ms1.hinet.net Received: from mrleem.cycloria.com.tw ([210.71.142.130]) by ms1.hinet.net (8.8.5/8.8.5) with SMTP id RAA29034; Thu, 4 Dec 1997 17:49:09 +0800 (CST) Date: Thu, 4 Dec 1997 17:49:09 +0800 (CST) Message-Id: <199712040949.RAA29034@ms1.hinet.net> X-Sender: mrlee325@ms1.hinet.net X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: firewalls@GreatCircle.COM Subject: Re: Through Checkpoint-1 firewalls Ftp can't access NT virtual's IP Cc: fw-1-mailinglist@us.checkpoint.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Hi people of GreatCircle > >My office has a Checkpoint-1 firewalls NT with 3.0b version, >and a NT server 4.0 with multi-hosting(virtual IPs) service. > >If I start ftp function to access the NT server through FW-1, no matter from >local pc or FW-1 itself, there are some conditions , > > 1. if ftp the NT's real ip, the connection is OK. > > 2. when you ftp anyone NT's virtual ips, the action is hung, > appear " 425 Can't open data connection" error message. > > 3. when ftp the NT server no through FW-1, from internet user, > it also work good,no matter what real ip or virtual ips. > > 4. if NT server is moved to DMZ, the ftp action from internet user > is the same as the above 2. point. > >PS. If FW-1's security policy rule is set to " any any any accecpt long GW ...", > ftp NT server is no problem, no matter what real ip or virtual ips, > when any security rule is set, the situation is the same above descriptions. > >My environment is: > ISP > / > / > |--------| | > ( DMZ ) | | |--------| > ---------------| FW-1 |----------------------| Router | > | | | |--------| > |--------| |--------| > local net | | NT 4.0 | > --------------------------- | SERVER | > | |--------| > |-----| > | pc | > |-----| > > These problems bother me a long time. > If anyone know any answer, please tell me. > > Thanks a lot. > > Mao-Jung Lee > > mrlee@cycloria.com.tw > > > Hi, The ftp function that will dispear "425 Can't open data connection" pass firewall was solved. If client site ftp command support "passive" function, enable it, the problem aboved is no problem. Thanks Mao-Jung Lee From owner-firewalls-list Thu Dec 4 02:48:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA27419; Thu, 4 Dec 1997 01:43:42 -0800 (PST) Received: from ccs.sogang.ac.kr (ccs.sogang.ac.kr [163.239.1.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA27402 for ; Thu, 4 Dec 1997 01:43:34 -0800 (PST) Received: from ailab by ccs.sogang.ac.kr (8.8.7/Sogang) id SAA09439; Thu, 4 Dec 1997 18:38:54 +0900 (KST) Received: from ailab.sogang.ac.kr (ailab5.sogang.ac.kr) by ailab .sogang.ac.kr (4.1/SMI-4.1) id AA09789; Thu, 4 Dec 97 18:53:39 KST Message-Id: <34867C09.3CFE622D@ailab.sogang.ac.kr> Date: Thu, 04 Dec 1997 18:46:49 +0900 From: "\@\1\<\R\A\$" X-Mailer: Mozilla 4.03 [ko] (WinNT; I) Mime-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Q] Packet filtering on IPV6 References: Content-Type: text/plain; charset=iso-2022-kr Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Dear all, I am a student of Sogang University in South Korea. I have to make a report about packet filtering on IPV6. Can anybody tell me where can I get information about that? Thanks in advance. So-Jeong Youn MsYoun@ailab.sogang.ac.kr From owner-firewalls-list Thu Dec 4 04:17:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id CAA02571; Thu, 4 Dec 1997 02:21:40 -0800 (PST) Received: from europa.lif.icnet.uk (europa.lif.icnet.uk [143.65.100.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id CAA02517 for ; Thu, 4 Dec 1997 02:21:17 -0800 (PST) From: harley@icrf.icnet.uk Message-Id: <199712041021.CAA02517@honor.greatcircle.com> Received: by europa.lif.icnet.uk; Thu, 4 Dec 1997 10:25:00 GMT Subject: RE: Good Books To Read To: firewalls@greatcircle.com Date: Thu, 4 Dec 1997 10:25:00 +0000 (GMT) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Agreed, but " Take Down " was trying to show you what else was going on > in his life. Such as " The Cuckoo's Egg " would talk about spending time > with his wife and " The Watchman " talked about what happen in his > childhood. I say the best book of all three would be " The Cuckoo's Egg > ", it is very interesting and explain things like how most brake ins are > from default passwords. It also talked about the concept of a Trojans > horse and how they work. > "Cuckoo's Egg" is useful reading, but I'd be nervous about recommending it on the strength of its technical accuracy in the company of some of the other books that have been suggested. -- David Harley | alt.comp.virus FAQ D.Harley@icrf.icnet.uk | & Anti-Virus Web Page Support & Security Analyst | Folk London On-Line gig-list Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/ From owner-firewalls-list Thu Dec 4 05:13:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id EAA22143; Thu, 4 Dec 1997 04:37:13 -0800 (PST) Received: from mail.osn.de ([194.45.27.71]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id EAA22053 for ; Thu, 4 Dec 1997 04:36:50 -0800 (PST) Received: from sepp.de ([195.88.235.42]) by mail.osn.de (8.8.7/8.7.3) with SMTP id NAA25550; Thu, 4 Dec 1997 13:40:55 +0100 (MET) Received: from WEIDE ([194.49.3.226]) by sepp.de (4.1/SMI-4.1) id AA05642; Thu, 4 Dec 97 13:39:36 +0100 From: dietz_proepper@sepp.de (Dietz Proepper) To: sebastien Villain Cc: Firewalls@GreatCircle.COM Subject: Re: Is OS Vulnerable w/ FW-1? Date: Thu, 04 Dec 1997 12:37:22 GMT Organization: S.E.P.P. MED mbH Message-Id: <348da2c4.167327263@sepp.de> References: <348545B5.4F7D@cie-bancaire.fr> In-Reply-To: <348545B5.4F7D@cie-bancaire.fr> X-Mailer: Forte Agent 1.5/32.451 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 03 Dec 1997 11:42:45 +0000, you wrote: [...] > >In fact, Unix system should be easier to protect (remooving all servers) >than NT (Does anyone knows all opened tcp/udp ports ? Mr Bill ???). > Whereas I agree with your opinion, the argumentation seems a little pesky ;) My port scanner knows _very_ good which ports are listening ;) And at least a new major or minor version (aka service pack) will be continuousely scanned at least during the first 92 hours before I even think about letting it to the regular tests ;) Yes I can sometimes be quite paranoid ;) But it gives a good feeling afterwards. -- dietz proepper, [software|web] designer, S.E.P.P. MED aka tik on irc, bladerunner on netrek /dev/null: no space left on device. + These are my opinions - not necessarily these + of my boss - but if he's cute he agrees. From owner-firewalls-list Thu Dec 4 05:48:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA28101; Thu, 4 Dec 1997 05:18:58 -0800 (PST) Received: from qs-alt.secapl.com (qs-alt.secapl.com [192.131.69.9]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id FAA28072; Thu, 4 Dec 1997 05:18:47 -0800 (PST) Received: from Cookie.secapl.com (Cookie.secapl.com [192.108.247.19]) by qs-alt.secapl.com (8.8.7/8.8.7) with SMTP id HAA134028; Thu, 4 Dec 1997 07:18:25 -0600 Received: from Fozzie.secapl.com by Cookie.secapl.com (AIX 3.2/UCB 5.64/4.03) id AA29991; Thu, 4 Dec 1997 07:21:42 -0600 Received: from localhost (tony@localhost) by fozzie.secapl.com (8.8.5/8.8.5) with SMTP id IAA159430; Thu, 4 Dec 1997 08:19:31 -0500 Date: Thu, 4 Dec 1997 08:19:31 -0500 (EST) From: Tony Iannotti To: System Administrator Cc: Eric Kimminau , Firewalls@GreatCircle.COM, firewalls-digest@GreatCircle.COM Subject: Re: freeware SSH for WIn95/NT In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 3 Dec 1997, System Administrator wrote: > www.datafellows.com That's not freeware. The download is a time-out version. (30 days, I think.) Even the unix versions are not really officially freeware except for non-commercial use. They are pretty liberal about what constitutes commercial use, though. Internal company use sounds OK, but communicating with outside partners is not. (we use it for secure admin only.) _________________________________________________________________________ Tony Iannotti "Sed quis custodiet ipsos custodes?" CheckFree IS tony@secapl.com -Juvenal 101 Hudson Street 201/332-2020 Jersey City, NJ 07302 > On Wed, 26 Nov 1997, Eric Kimminau wrote: > > > > > Does anyone have a location/source for a freeware SSH client for Win95/NT? > > > > You don't have to pay for it for ANY version of Unix? Isn't there someone > > who has a function CLIENT ONLY for Microsloth OS's? > > > > I mean, come on! We get raped for everything on the OS. You would hope > > that you could at least communication with NIX's securely from it without > > having to pay more. > > > > Anyone? > > Thanks! > > Eric. > > > > > > > > > > From owner-firewalls-list Thu Dec 4 05:57:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA03092; Thu, 4 Dec 1997 05:52:11 -0800 (PST) Received: from ns.telegroup.com (ns.telegroup.com [208.219.0.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id FAA03053 for ; Thu, 4 Dec 1997 05:51:58 -0800 (PST) Received: from telegroup.com ([208.219.1.30]) by ns.telegroup.com (8.8.5/8.8.5) with SMTP id HAA17042 for ; Thu, 4 Dec 1997 07:55:23 -0600 (CST) Received: from radius.telegroup.com (radius.telegroup.com [10.1.2.10]) by telegroup.com (8.8.5/8.8.5) with ESMTP id HAA26541 for ; Thu, 4 Dec 1997 07:55:23 -0600 (CST) Received: from mandrake.telegroup.com (macke@[208.219.1.177]) by radius.telegroup.com (8.8.5/8.8.3) with SMTP id HAA02462 for ; Thu, 4 Dec 1997 07:55:23 -0600 (CST) Date: Thu, 4 Dec 1997 07:55:23 -0600 (CST) From: Brian Macke Reply-To: bmacke@telegroup.com To: firewalls@GreatCircle.COM Subject: Re: Good Books To Read In-Reply-To: <34862D78.8F172D0D@gnss.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk One thing I've noticed in this thread is a general lack of books on Information Security Policy Writing. While this is sometimes the most bland subject, it's arguably the most important step in "Repelling the wily hacker." Of my book collection of about.. fifteen books, the only three mention security. Fortunately, I had my education in Political Science help me through it - but my feeling is that not many PoliSci students went on to be Computer Security Specialists. So the question becomes: Are there any good books out there that deal with writing a good Security Policy that won't get laughed at by one's managers? On Wed, 3 Dec 1997, osiris@gnss.com wrote: > Here's a few... > > Run their ISBNs through Amazon's engine and look at the reviews. > > [snip of several very good titles and pretty ISBN numbers] -Brian James Macke macke@telegroup.com Unix SysAdmin/Security Specialist Telegroup, Inc. "In order to get that which you wish for, you must first get that which builds it." -- Unknown From owner-firewalls-list Thu Dec 4 06:13:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA04520; Thu, 4 Dec 1997 06:07:56 -0800 (PST) Received: from isgms001.new-breed.com ([208.229.219.221]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id GAA04505 for ; Thu, 4 Dec 1997 06:07:48 -0800 (PST) Received: by isgms001.new-breed.com with Internet Mail Service (5.0.1458.49) id ; Thu, 4 Dec 1997 09:11:26 -0500 Message-ID: <31759979D5E0D011A5C300A0C95D89CE13D656@isgms001.new-breed.com> From: "Cline, Robert" To: Firewall Mailing List Subject: FW: Good Books To Read Date: Thu, 4 Dec 1997 09:11:24 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To me, one of the most important things about "The Cuckoo's Eggs" is that it's READABLE. It's one of the few computer books written so non-technical people can (mostly) understand it and get to the end of it. It was the first computer book since Tracy Kidder's "The Soul of a New Machine" I've tried to get my wife to read. I think she even finished "The Cuckoo's Egg." She tackled "Take Down" a few months ago when she got desperate, but it didn't last too long. You can actually use this book to get a non-technical someone to understand (well, at least be aware of) why you might need to try to prevent some of the "bad things" that can happen with computers/networks. RWC > -----Original Message----- > From: Sandman [SMTP:sandman@unitedcouncil.org] > Sent: Thursday, November 13, 1997 3:41 AM > To: firewalls@GreatCircle.COM > Subject: RE: Good Books To Read > > Agreed, but " Take Down " was trying to show you what else was going > on > in his life. Such as " The Cuckoo's Egg " would talk about spending > time > with his wife and " The Watchman " talked about what happen in his > childhood. I say the best book of all three would be " The Cuckoo's > Egg > ", it is very interesting and explain things like how most brake ins > are > from default passwords. It also talked about the concept of a Trojans > horse and how they work. > > > - Sandman - > The United Council > http://www.unitedcouncil.org > sandman@unitedcouncil.org > > > -----Original Message----- > >The Shimomura book reads more like a Harlequin romance novel than a > >factual recounting of the events. He even has one section which > details > > >his attempts at seducing somebody else's wife. Why is this included > in > >the story and why is this book even recommended???? > > >> -----Original Message----- > >> From: Sandman [SMTP:sandman@unitedcouncil.org] > >> Sent: Wednesday, November 12, 1997 12:03 PM > >> To: firewalls@GreatCircle.COM > >> Subject: Good Books To Read > >> > >> >> Practicle UNIX and Internet Security (Garfinkel and > Spafford) > >> >> Building Internet Firewalls (Chapman and Zwicky) > >> > >> >Good books. Add: > >> >Cheswick and Bellovin - my old brain can't remember the actual > title. > >> >(Something about tracking the wiley hacker or some such - should > be > >> >the first book on your list though, IMHO...) > >> > >> " The Kucoo's Egg " written by Clifford Stall is a book about a > Unix > >> admin tracking down a hacker that was brakeing in to his computer > >> along > >> with other goverment computers. Its a very good book. " Take Down " > is > >> another grate book. It was written by Tsutomu Shimomura about how > he > >> tracked down Kevin Mitnick, "America's Most Wanted Computer > Outlaw," > > >> They even have a web page that you can visit > http://www.takedown.com. > > >> As > >> for a little history www.takedown.com web page was hacked the 1st > day > > >> it > >> was online. The hackers rename it to " Taken Down " > >> " The Watchman ", written by Jonathan Littman is a book about the > >> life > >> story of Hacker Kevin Poulsen. These are all grate books to read > and > >> are > >> all true storys. > >> > >> > >> - Sandman - > >> The United Council > >> www.unitedcouncil.org > >> sandman@unitedcouncil.org > > From owner-firewalls-list Thu Dec 4 06:27:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA15909; Thu, 4 Dec 1997 03:56:05 -0800 (PST) Received: from imo02.mail.aol.com (imo02.mx.aol.com [198.81.11.104]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA15885; Thu, 4 Dec 1997 03:55:51 -0800 (PST) From: Nicole6799 Message-ID: <22e638f6.34869557@aol.com> Date: Thu, 4 Dec 1997 06:34:43 EST Subject: here you go Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7bit Organization: AOL (http://www.aol.com) X-Mailer: Inet_Mail_Out (IMOv10) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I was so skeptical at first, but when I read it and made over $13,700 in last 2 weeks. I now recommend this program to you, and all of your friends.. S.R. SO FIND FEW MINUTES NOW AND IF YOU DON'T THINK THAT THIS IS THE BEST AND EASIEST + LEGAL THINGS TO DO, YOU WILL NEVER GET ANYTHING AS EASY+LEGAL AS THIS. M E G A $ N E T S = M E G A B U C K $ THOUSANDS IN LESS THAN A FLASH!!!!!!!!!!! IF YOU DON'T BELIEVE IT THEN READ ON !!!! ANYBODY CAN DO THIS. NO APPLICATION NO INVENTORY NO MEETING NO PRODUCTION REQUIREMENT N O B R A I N E R. E V E N A M O N K E Y C O U L D D O T H I S ! ! ! JUST $$CASH$$ LOTS & LOTS & LOTS OF CASH !!$$!!$$!! This is one of the most simple and yet brilliant plans ever created. Everybody wins !! BUT you must follow it exactly!! If you do then soon you will be laughing all the way to the bank. You are holding information in your hands on a home-based business concept of the next century! This is a networking breakthrough of enormous potentials! And it is here now and ready to help you earn the kind of income you deserve! Welcome to the majors. MEGA$NETS combines 3 of the most powerful income opportunities of our time...computers, mail order and network marketing. Together, they offer you a home-based business you can work full or part-time. MEGA$NETS is an easy to use yet sophisticated software program to help the average person get in on the fabulous profits being made in the computer networking age. Most of us know the future is in computers. An estimated 150,000 new people are getting on the Internet each month! MEGA-PROFITS will be earned with computers whether you and I are involved or not. So why not get involved Now? The IBM compatible MEGA$NETS software disk cost just $20, yet it is designed to bring you a tremendous income within a remarkable short period of time. HERE IS HOW IT WORKS: Purchase the MEGA$NETS software disk for $20 from the person sharing this opportunity with you. Load it into your PC. You will be impressed with the professional appearance of the software and how easy it is to operate! The Menu includes access to a complete set of instructions. You also receive separate written and step-by-step instructions, so you do not even need to be familiar with computers! STEP 1. The computer will ask you to type in your own name & address. Be sure this information is correct. Once you click to the next screen, your information will be permanently locked into the program. No one can remove it!!! STEP 2. Next you will see the names and addresses of 5 on your screen. Now move to the next screen and click on "Purchases Orders". Your printer will automatically produce a separate Purchase Order for each of those 5 vendors. Simply mail the orders, enclose a Self Addressed Stamped Envelope and money order OR cash for $20 with each. In return for your orders and payment, the 5 vendors will each send you a different code number. Your total expenditure is $120: $20 for your original program disk and $100; Thu, 4 Dec 1997 06:46:19 -0800 (PST) Received: by isgms001.new-breed.com with Internet Mail Service (5.0.1458.49) id ; Thu, 4 Dec 1997 09:49:34 -0500 Message-ID: <31759979D5E0D011A5C300A0C95D89CE13EB7D@isgms001.new-breed.com> From: "Cline, Robert" To: Firewall Mailing List Subject: FW: Good Books To Read Date: Thu, 4 Dec 1997 09:49:32 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To me, the strength of "The Cuckoo's Eggs" is not on the technical side, but that it's READABLE. It's one of the few computer books written so non-technical people can (mostly) understand it and get to the end of it. (That may be a bit of a broad smear, since I don't have time to read too many books. It would be more accurate to say "of the computer books I've read.") It was the first computer book since Tracy Kidder's "The Soul of a New Machine" I've tried to get my wife to read. I think she even finished "The Cuckoo's Egg." She tackled "Take Down" a few months ago when she got desperate, but it didn't last too long. You can actually use this book to get a non-technical someone to understand (well, at least be aware of) why you might need to try to prevent some of the "bad things" that can happen with computers/networks. RWC > -----Original Message----- > From: harley@icrf.icnet.uk [SMTP:harley@icrf.icnet.uk] > Sent: Thursday, December 04, 1997 5:25 AM > To: firewalls@greatcircle.com > Subject: RE: Good Books To Read > > > > > Agreed, but " Take Down " was trying to show you what else was > going on > > in his life. Such as " The Cuckoo's Egg " would talk about spending > time > > with his wife and " The Watchman " talked about what happen in his > > childhood. I say the best book of all three would be " The Cuckoo's > Egg > > ", it is very interesting and explain things like how most brake ins > are > > from default passwords. It also talked about the concept of a > Trojans > > horse and how they work. > > > > "Cuckoo's Egg" is useful reading, but I'd be nervous about > recommending > it on the strength of its technical accuracy in the company of some > of the other books that have been suggested. > > -- > David Harley | alt.comp.virus FAQ > D.Harley@icrf.icnet.uk | & Anti-Virus Web Page > Support & Security Analyst | Folk London On-Line gig-list > Imperial Cancer Research Fund | http://webworlds.co.uk/dharley/ From owner-firewalls-list Thu Dec 4 07:28:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA14873; Thu, 4 Dec 1997 07:06:45 -0800 (PST) Received: from ns.rc.on.ca (ns.ntadvice.com [207.176.151.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA14847 for ; Thu, 4 Dec 1997 07:06:36 -0800 (PST) Received: by ns.rc.on.ca with Internet Mail Service (5.5.1939.0) id ; Thu, 4 Dec 1997 10:09:47 -0500 Message-ID: <418996AD2954D11180860000E8D5C6670184E8@ns.rc.on.ca> From: Russ To: "'mht@clark.net'" , Eric Schultze , "'firewalls@greatcircle.com'" Subject: RE: Growing Trends Date: Thu, 4 Dec 1997 10:09:47 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1939.0) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Someone, anonymously wrote... >After reading all the comments on this thread, it just occurred to me..... [snip] >No the biggest trend I see, is business being led down the path of >mediocrety by people who really have no business offering security services >in the first place. Just because they are an auditing firm, does not make >them a security expert. Hiring every Tom, Dick and Mary off the street >that can spell hacker and thinks that crack is not some fancy drug, but a >tool to break passwords, is not the answer. > >It is time that we all start to police this type of conduct, and expose >these practices. Hackers are having a field day....they are no longer the >threat we should worry most about, rather we have become our own worst >enemy. Moohaha.... Boy-o-boy, why is it that so many people take a myopic viewpoint and translate it to cover the world?? Microsoft account for 1% of the total IT revenues of 1.1trillion. They account for 4% of the total software industry revenues of $250billion. Never-the-less, they are the easy and acceptable target for everything that's wrong with the industry...hmm...how insightful. What stops Auditing Firms from doing the work of consultants any better than the consultants themselves? What stops them from spending as much time and ensuring as much security and understanding as a consultant, NOTHING! Do they? Well, obviously its not possible to lump them altogether and come up with a single response, just like you can't lump all the consultants together and say they all do it so well (just like you can't say that MS is all that many would like to say it is). Anyone who can afford to have an Auditing firm come in and perform a security audit also has sufficiently intelligent staff to interpret whether the audit, and its results, is reasonable or crap. "...police this type of conduct, and expose these practices", moohaha, what a lark. Why would anyone listen to you or me any more than they would listen to a major Auditing firm? If System Administrators haven't been able to get themselves recognized as a professional body in all these years, do you really think that Security Analysts are going to do so in the next 10? I don't. Next thing you're going to say is that security scanning programs like ISS or ESM should have "mandatory minimum scans" dictated by . Hey, I've got an idea. Let's get the DoJ to investigate whether Security Products vendors are really providing security in their products, or just obfuscating the risks to such an extent that "most people" believe they've been eliminated. Sounds like its as solid a case as any they've brought against MS in the past...;-] Cheers, Russ From owner-firewalls-list Thu Dec 4 07:43:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA20123; Thu, 4 Dec 1997 07:29:40 -0800 (PST) Received: from vtserf.cc.vt.edu (vtserf.CC.VT.EDU [128.173.4.6]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id HAA20088 for ; Thu, 4 Dec 1997 07:29:28 -0800 (PST) From: marchany@vtserf.cc.vt.edu Received: by vtserf.cc.vt.edu (5.65/DEC-Ultrix/4.3) id AA03147; Thu, 4 Dec 1997 10:31:16 -0500 Message-Id: <9712041531.AA03147@vtserf.cc.vt.edu> To: sandman@unitedcouncil.org Cc: firewalls@GreatCircle.COM, marchany@vtserf.cc.vt.edu Subject: Re: Good Books To Read In-Reply-To: Your message of "Thu, 13 Nov 97 03:40:38 EST." <346ABD06.2928992B@unitedcouncil.org> Date: Thu, 04 Dec 97 10:31:08 -0500 X-Mts: smtp Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A much better book than Shimomura's tale is "@ Large" by David Freedman and Charles Mann. It tells the tale of Phantom Dialer who supposedly shut down the long distance networks in DC, Baltimore, Pittsburg and LA in 1991-2. It has a good description of the types of attacks used and some of the sites hit. It also explains some of the reasoning behind the Free Software Foundation's decision to close access back in 92. From owner-firewalls-list Thu Dec 4 09:31:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA06648; Thu, 4 Dec 1997 08:50:24 -0800 (PST) Received: from ewa-canada.com (ewa-canada.com [209.146.131.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA06621 for ; Thu, 4 Dec 1997 08:50:14 -0800 (PST) Received: by ewa-canada.com from localhost (router,SLMail V2.6); Thu, 04 Dec 1997 11:58:45 -0500 Received: by ewa-canada.com from def22.ewa-canada.com (209.146.131.22::mail daemon,SLMail V2.6); Thu, 04 Dec 1997 11:58:44 -0500 Message-Id: <3.0.3.32.19971204115640.007fcd70@ewa-canada.com> X-Sender: "Rick Low" X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32) Date: Thu, 04 Dec 1997 11:56:40 -0500 To: bmacke@telegroup.com, firewalls@GreatCircle.COM From: "Rick Low" Subject: Re: Good Books To Read In-Reply-To: References: <34862D78.8F172D0D@gnss.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 07:55 04-12-97 -0600, Brian Macke wrote: >So the question becomes: Are there any good books out there that deal with >writing a good Security Policy that won't get laughed at by one's >managers? Take a look at the NIST draft "Internet Security Policy: A Technical Guide" at http://csrc.nist.gov/isptg/. I haven't looked at it in depth yet, but at 108 pages it has a reasonable thump factor. :-) ______________________ Rick Low EWA-Canada Ltd. Ottawa, Canada +1 (613) 230-6067 x239 rlow@ewa-canada.com From owner-firewalls-list Thu Dec 4 10:03:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA01784; Thu, 4 Dec 1997 08:24:33 -0800 (PST) Received: from WILD.WILD-THING.NET ([208.223.229.80]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA01566; Thu, 4 Dec 1997 08:23:51 -0800 (PST) From: mkt@208.223.229.80 Received: **Cloaked Server** Date: Thu, 04 Dec 1997 23:12:00 -0500 Message-Id: **Unauthorized Relays Are Prosecuted** To: mkt@208.223.229.80 Subject: Merry Cashmas!! Sender: firewalls-owner@GreatCircle.COM Precedence: bulk HOLIDAY CASH...NOW!! Here is a FREE Software download than can pay your bills for you!!! http://www.freeyellow.com/members2/cashdisk Just download the software and start making some Easy & Quick CASH$$$$ This is a 1 time mailing and targeted towards Opportunity Seekers - Enjoy:-)) From owner-firewalls-list Thu Dec 4 10:05:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA11997; Thu, 4 Dec 1997 09:19:20 -0800 (PST) Received: from herald.cc.purdue.edu (herald.cc.purdue.edu [128.210.11.29]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id JAA11954 for ; Thu, 4 Dec 1997 09:19:09 -0800 (PST) Received: from frd-240.freh.purdue.edu by herald.cc.purdue.edu; Thu, 4 Dec 97 12:22:31 -0500 Message-ID: <3486E6C4.45825690@purdue.edu> Date: Thu, 04 Dec 1997 12:22:12 -0500 From: Michael S Hines Organization: Purdue University X-Mailer: Mozilla 4.03 [en] (WinNT; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Re: here you go References: <22e638f6.34869557@aol.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Up on soapbox..... If your preturbed by the use of the greatcircle.com mailer for spamming, you might want to report this AOL user to ABUSE@AOL.COM as I just did for violating AOL terms of service... Down off soapbox.... The user to report is Nicole6799@aol.com - And not back to our regularly scheduled program... -- ------------------------------------------------------------------- Internet: mshines@purdue.edu * Michael S. Hines, CISA,CIA,CDP,CFE Voice: (765) 494-5845 * Sr. Information Systems Auditor FAX: (765) 496-1814 * Purdue University * 1065 Freehafer Hall * West Lafayette, IN 47907-1065 NOTE: All views are my own and do not reflect Purdue University policy. ------------------------------------------------------------------- From owner-firewalls-list Thu Dec 4 10:06:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA17104; Thu, 4 Dec 1997 09:46:06 -0800 (PST) Received: from monet.mingpaoxpress.com (babbage.mingpaoxpress.com [205.150.120.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA13159 for ; Thu, 4 Dec 1997 09:25:25 -0800 (PST) Received: by www.mingpaoxpress.com id <1929-214>; Thu, 4 Dec 1997 12:28:39 -0500 Received: from acli@localhost by www.mingpaoxpress.com id <1928-214>; Thu, 4 Dec 1997 12:28:24 -0500 Path: acli Subject: what are these ports? Organization: Ming Pao Daily News (Canada) Message-ID: Date: Thu, 4 Dec 1997 17:28:21 GMT X-Orcpt: rfc822;mail-misc From: Ambrose Li To: firewalls@greatcircle.com Reply-To: Ambrose Li Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My firewall has been logging some strange things recently. Among them are a lot of 22/udp. I know what 22/tcp is (and seen them coming), but I have absolutely no idea and 22/udp is. I also see strange ports like 4000/tcp and 8000/tcp. Does anyone know what these are supposed to be? (8000 maybe a guess for a web server?) -- Ambrose C. Li ,,Programmer-analyst'' / system administrator / PC user support Ming Pao Newspapers (Canada) Ltd. EDP department 1355 Huntingwood Dr., Scarborough (Ont.), Canada M1S 3J1 +1(416)321-0088 From owner-firewalls-list Thu Dec 4 10:58:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA21123; Thu, 4 Dec 1997 10:10:06 -0800 (PST) Received: from brussels.cisco.com (brussels.cisco.com [171.68.129.238]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA21107 for ; Thu, 4 Dec 1997 10:10:00 -0800 (PST) Received: from cons-evyncke.cisco.com (london-async5.cisco.com [144.254.38.144]) by brussels.cisco.com (8.8.5/8.8.5) with SMTP id TAA29124; Thu, 4 Dec 1997 19:12:06 +0100 (MET) Message-Id: <3.0.3.32.19971204174422.0077c8c8@brussels.cisco.com> X-Sender: evyncke@brussels.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 04 Dec 1997 17:44:22 +0000 To: , Firewalls@GreatCircle.COM From: Eric Vyncke Subject: Re: Q] Packet filtering on IPV6 In-Reply-To: <34867C09.3CFE622D@ailab.sogang.ac.kr> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 18:46 4/12/97 +0900, \@\1\<\R\A\$ wrote: >Dear all, > >I am a student of Sogang University in South Korea. >I have to make a report about packet filtering on IPV6. >Can anybody tell me where can I get information about that? As IPv6 is using addresses at layer 3 and 4, you can basically extent the ACL features to IPv6 as well. >From my experience, most IPv6 capable routers can do this. -eric > >Thanks in advance. > > >So-Jeong Youn > >MsYoun@ailab.sogang.ac.kr > > Eric Vyncke Technical Consultant Cisco Systems Belgium SA/NV Phone: +32-2-778.4677 Fax: +32-2-778.4300 E-mail: evyncke@cisco.com Mobile: +32-75-312.458 From owner-firewalls-list Thu Dec 4 10:58:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA28276; Thu, 4 Dec 1997 10:50:31 -0800 (PST) Received: from Callisto.softiron.com (callisto.wiltelnsi.com [199.233.153.101]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA28205 for ; Thu, 4 Dec 1997 10:50:12 -0800 (PST) Received: from mis420.wiltelnsi.com (dhcpsr8.softiron.com [192.168.11.157]) by Callisto.softiron.com (8.8.7/8.8.7) with SMTP id KAA25504; Thu, 4 Dec 1997 10:46:02 -0800 (PST) Message-Id: <3.0.3.32.19971204100253.00ab9c28@morbius.wiltelnsi.com> X-Sender: woody@morbius.wiltelnsi.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 04 Dec 1997 10:02:53 -0800 To: sebastien Villain From: Woody Weaver Subject: Re: Is OS Vulnerable w/ FW-1? Cc: firewalls@greatcircle.com In-Reply-To: <348545B5.4F7D@cie-bancaire.fr> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 11:42 AM 12/3/97 +0000, you wrote: >Stout, William wrote: >> >> > ----- Original Message ----- >> > From: William Cooper [SMTP:cooper@io.com] >> > Sent: Saturday, November 29, 1997, 1:52:38 >> > To: Stout, William >> > Subject: Is OS Vulnerable w/ FW-1? >> > >> > Hello- >> > I've heard it said that Check Point's Firewall-1 runs in such a way that >> > the OS is not vulnerable, or the Firewall is not subject to >> > vulnerabilities that exist in the operating system itself. I'm hoping >> > >But what happens when the Firewall Crash, or when you stop it (just to >do your logswitch for example). > During a crash, if the firewall is properly configured it stops routing. When you switch logs, the fwd is still in place, you are merely moving files around. [...] >Sebastien Villain (SEMA GROUP FRANCE) >svillain@cie-bancaire.fr --woody Robert Wooddell Weaver email: woody.weaver@wiltelnsi.com Senior Systems Engineer voice: 510.358.3972 Wiltel NSI pager: 510.702.4334 From owner-firewalls-list Thu Dec 4 11:15:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA28862; Thu, 4 Dec 1997 08:14:44 -0800 (PST) Received: from mustang.netsolve.net (mustang.netsolve.net [199.98.14.55]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA28828 for ; Thu, 4 Dec 1997 08:14:28 -0800 (PST) Received: from cobra.netsolve.net (cobra.netsolve.net [199.98.14.138]) by mustang.netsolve.net (8.8.5/8.8.5) with ESMTP id KAA10236 for ; Thu, 4 Dec 1997 10:17:45 -0600 (CST) Received: by cobra_nmc.netsolve.net with Internet Mail Service (5.0.1458.49) id ; Thu, 4 Dec 1997 10:16:57 -0600 Message-ID: <51DA9B95CF9FD01193B600A024EB760751B549@cobra_nmc.netsolve.net> From: "Gomes, Carlos" To: "'firewalls@greatcircle.com'" Cc: "Rachal, Eric" Subject: RE: Good Books To Read Date: Thu, 4 Dec 1997 10:16:54 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1458.49) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Try: Internet Secure for Business ISBN 0471137529 by Terry Bernstein, SRI Intl.; Anish Bhimani, Bellcore; Eugene Schultz, SRI Intl.; Carol Siegel, Chemical Bank. Good book if looking at network security from an overall business perspective. Has a good section on building the internet security program including risks analysis and politics of training and resource control. The Site Security Handbook RFC (http://ds.internic.net/rfc/rfc2196.txt) also has some nice ideas on policy writing. Another recommend I've not seen yet is on these lists is Web Security & Commerce (ISBN 1565922697) by O'Reilly. A better follow up to their 91' classic Practical UNIX Security (ISBN 1565921488) than the recent 2nd edition, IMO, though it's more of an extension not a revision and focuses on new Ecommerce issues. regards, C.G. #include -- Carlos Macedo Gomes NetSolve, Inc. 800-234-9034x3097 > -----Original Message----- > From: Brian Macke [SMTP:macke@mandrake.telegroup.com] > Sent: Thursday, December 04, 1997 7:55 AM > To: firewalls@GreatCircle.COM > Subject: Re: Good Books To Read > > One thing I've noticed in this thread is a general lack of books on > Information Security Policy Writing. While this is sometimes the most > bland subject, it's arguably the most important step in "Repelling the > wily hacker." Of my book collection of about.. fifteen books, the only > three mention security. Fortunately, I had my education in Political > Science help me through it - but my feeling is that not many PoliSci > students went on to be Computer Security Specialists. > > So the question becomes: Are there any good books out there that deal > with > writing a good Security Policy that won't get laughed at by one's > managers? > > On Wed, 3 Dec 1997, osiris@gnss.com wrote: > > > Here's a few... > > > > Run their ISBNs through Amazon's engine and look at the reviews. > > > > [snip of several very good titles and pretty ISBN numbers] > > -Brian James Macke > macke@telegroup.com > Unix SysAdmin/Security Specialist Telegroup, Inc. > "In order to get that which you wish for, you must first get that > which > builds it." -- Unknown From owner-firewalls-list Thu Dec 4 11:35:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA25779; Thu, 4 Dec 1997 10:38:13 -0800 (PST) Received: from di2.disclosure.com (di2.disclosure.com [206.181.208.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA25745 for ; Thu, 4 Dec 1997 10:38:01 -0800 (PST) Received: from smtpgate.disclosure.com (smtpgate.disclosure.com [192.168.101.5]) by di2.disclosure.com (8.8.7/8.8.7) with SMTP id NAA17592; Thu, 4 Dec 1997 13:41:25 -0500 (EST) Received: from ccMail by smtpgate.disclosure.com (IMA Internet Exchange 2.12 Enterprise) id 0005878A; Thu, 4 Dec 1997 13:42:54 -0500 Mime-Version: 1.0 Date: Thu, 4 Dec 1997 13:33:43 -0500 Message-ID: <0005878A.3452@disclosure.com> From: Larry.Riley@disclosure.com (Larry Riley) Subject: Re[2]: Good Books To Read To: firewalls@GreatCircle.COM, Brian Macke Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi Brian, If you are just starting out in the security stuff a great book is "Information Security Policies Made Easy" by Baseline Software. It is loaded with ready made policies. Check it out at: www.baselinesoft.com ______________________________ Reply Separator _________________________________ Subject: Re: Good Books To Read Author: Brian Macke at Internet Date: 12/4/97 7:55 AM One thing I've noticed in this thread is a general lack of books on Information Security Policy Writing. While this is sometimes the most bland subject, it's arguably the most important step in "Repelling the wily hacker." Of my book collection of about.. fifteen books, the only three mention security. Fortunately, I had my education in Political Science help me through it - but my feeling is that not many PoliSci students went on to be Computer Security Specialists. So the question becomes: Are there any good books out there that deal with writing a good Security Policy that won't get laughed at by one's managers? On Wed, 3 Dec 1997, osiris@gnss.com wrote: > Here's a few... > > Run their ISBNs through Amazon's engine and look at the reviews. > > [snip of several very good titles and pretty ISBN numbers] -Brian James Macke macke@telegroup.com Unix SysAdmin/Security Specialist Telegroup, Inc. "In order to get that which you wish for, you must first get that which builds it." -- Unknown From owner-firewalls-list Thu Dec 4 12:25:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA13038; Thu, 4 Dec 1997 11:58:51 -0800 (PST) Received: from arl-img-2.compuserve.com (arl-img-2.compuserve.com [149.174.217.132]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA13012 for ; Thu, 4 Dec 1997 11:58:39 -0800 (PST) Received: (from root@localhost) by arl-img-2.compuserve.com (8.8.6/8.8.6/2.9) id PAA23115 for Firewalls@GreatCircle.COM; Thu, 4 Dec 1997 15:02:04 -0500 (EST) Date: Thu, 4 Dec 1997 14:58:25 -0500 From: Andie Hill Subject: This thread ???? To: "INTERNET:Firewalls@GreatCircle.COM" Message-ID: <199712041458_MC2-2AB7-70AA@compuserve.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=ISO-8859-1 Content-Disposition: inline Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hey guy's, I don't want to sound dreary or anything...... but..... most of us read this stuff because we are interested in the protection of= our (or a clients) systems. = =2E....Economics and ...... and ....... is not exactly the same as ... t= he IP stack (or lack of) in Microslops latest prize winning master of sales.= What about the 'hardened IP stack' in Milkyway's Blackhole ?? have they h= ad access to microslops (for the NT version) source code????? so does it really hold up ?? AHI = From owner-firewalls-list Thu Dec 4 14:10:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA23591; Thu, 4 Dec 1997 12:52:15 -0800 (PST) Received: from bsd.synx.com (rt.synx.com [194.167.81.239]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id MAA23541 for ; Thu, 4 Dec 1997 12:52:02 -0800 (PST) Received: from s3.synx.com (s3 [192.1.1.247]) by bsd.synx.com (8.6.12/8.6.12) with SMTP id VAA20531; Thu, 4 Dec 1997 21:59:47 +0100 Received: from rs1 by s3.synx.com id aa26072; 4 Dec 97 21:46 GMT Date: Thu, 4 Dec 1997 22:40:52 -0100 (GMT) From: Remy NONNENMACHER To: Michael S Hines cc: firewalls@greatcircle.com Subject: AGIS Bombing [was: Re: here you go] In-Reply-To: <3486E6C4.45825690@purdue.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 4 Dec 1997, Michael S Hines wrote: > Up on soapbox..... > > If your preturbed by the use of the greatcircle.com mailer for spamming, > you might want to report this AOL user to ABUSE@AOL.COM as I just did > for violating AOL terms of service... > > Down off soapbox.... > > > > The user to report is Nicole6799@aol.com - > > And not back to our regularly scheduled program... In the same idea.... Who organised the ping flooding against agis.net that forced them to disconnect two or three of the main spammers (comprising the world-hated cyber-promo) ? (http://spam.abuse.net/news/agis.html) Just curious... From owner-firewalls-list Thu Dec 4 14:29:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA08026; Thu, 4 Dec 1997 14:20:16 -0800 (PST) Received: from sla-nt2.sla.com (mail1.sla.com [207.153.168.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA08018 for ; Thu, 4 Dec 1997 14:20:06 -0800 (PST) Received: by mail1.sla.com with Internet Mail Service (5.0.1457.3) id ; Thu, 4 Dec 1997 14:19:20 -0800 Message-ID: From: "Stackpole, Bill" To: "'Ambrose Li'" Cc: "'firewalls'" Subject: RE: what are these ports? Date: Thu, 4 Dec 1997 14:19:19 -0800 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk SSH (Secure Shell) uses port 22 on tcp ICQ uses 4000 and 8000 is a common alternative from web servers > -----Original Message----- > From: Ambrose Li [SMTP:news-misc@mingpaoxpress.com] > Sent: Thursday, December 04, 1997 9:28 AM > To: firewalls@greatcircle.com > Subject: what are these ports? > > My firewall has been logging some strange things recently. Among > them are a lot of 22/udp. I know what 22/tcp is (and seen them > coming), but I have absolutely no idea and 22/udp is. > > I also see strange ports like 4000/tcp and 8000/tcp. Does anyone > know what these are supposed to be? (8000 maybe a guess for a web > server?) > > > -- > Ambrose C. Li > ,,Programmer-analyst'' / system administrator / PC user support > Ming Pao Newspapers (Canada) Ltd. EDP department > 1355 Huntingwood Dr., Scarborough (Ont.), Canada M1S 3J1 > +1(416)321-0088 From owner-firewalls-list Thu Dec 4 15:13:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA14966; Thu, 4 Dec 1997 15:02:14 -0800 (PST) Received: from filer1.isc.rit.edu (filer1.isc.rit.edu [129.21.3.106]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA14956 for ; Thu, 4 Dec 1997 15:02:08 -0800 (PST) Received: from grace.isc.rit.edu by osfmail.isc.rit.edu (PMDF V5.1-10 #21576) with ESMTP id <0EKO0014ETHDOF@osfmail.isc.rit.edu> for firewalls@GreatCircle.COM; Thu, 4 Dec 1997 18:05:37 -0500 (EST) Received: from localhost (jlt8903@localhost) by grace.isc.rit.edu (8.8.5/8.8.5) with SMTP id SAA24325 for ; Thu, 04 Dec 1997 18:05:40 -0500 (EST) Date: Thu, 04 Dec 1997 18:05:40 -0500 (EST) From: Jason Terwilliger Subject: Re: Good Books To Read X-Sender: jlt8903@grace.isc.rit.edu To: firewalls@GreatCircle.COM Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII X-Authentication-warning: grace.isc.rit.edu: jlt8903 owned process doing -bs Sender: firewalls-owner@GreatCircle.COM Precedence: bulk It's ironic you wrote this. I've previously recieved a History/Political Science degree back in 93. I'm now going to RIT for a degree in the computer field and hope to specialize in security. I guess that makes me pretty rare. :-) ~Jason On Thu, 4 Dec 1997, Brian Macke wrote: > One thing I've noticed in this thread is a general lack of books on > Information Security Policy Writing. While this is sometimes the most > bland subject, it's arguably the most important step in "Repelling the > wily hacker." Of my book collection of about.. fifteen books, the only > three mention security. Fortunately, I had my education in Political > Science help me through it - but my feeling is that not many PoliSci > students went on to be Computer Security Specialists. From owner-firewalls-list Thu Dec 4 15:21:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA15338; Thu, 4 Dec 1997 15:04:27 -0800 (PST) Received: from as3-119.mp.pi.se (as3-119.mp.pi.se [195.7.72.119]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA15245 for ; Thu, 4 Dec 1997 15:04:03 -0800 (PST) Received: from freja (localhost [127.0.0.1]) by localhost (Viking/0.9.32-dev) with SMTP (for multiple); Fri, 05 Dec 1997 00:12:08 +0100 Message-Id: <3.0.1.32.19971205001207.00b99930@localhost> X-Sender: Robban@localhost X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Fri, 05 Dec 1997 00:12:07 +0100 To: Ambrose Li , firewalls@greatcircle.com From: Robert Olsson Subject: Re: what are these ports? In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Viking: Unregistered Viking-Server at localhost Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 17:28 1997-12-04 GMT, you wrote: >My firewall has been logging some strange things recently. Among >them are a lot of 22/udp. I know what 22/tcp is (and seen them >coming), but I have absolutely no idea and 22/udp is. > 22/udp SSH Remote Login Protocol (udp as well as tcp...) >I also see strange ports like 4000/tcp and 8000/tcp. Does anyone >know what these are supposed to be? (8000 maybe a guess for a web >server?) 4000 is probably ICQ, 8000 probably some webserver... or according to my list irdmi 8000/tcp iRDMI whatever that is... > > >-- >Ambrose C. Li >,,Programmer-analyst'' / system administrator / PC user support > Ming Pao Newspapers (Canada) Ltd. EDP department > 1355 Huntingwood Dr., Scarborough (Ont.), Canada M1S 3J1 +1(416)321-0088 > Regards, Robban RobTex http://www.robtex.com/ home of JavaMachine, SuperSearch, VikingServer and Robban's Homepage. Apologies for delayed answers From owner-firewalls-list Thu Dec 4 15:43:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA20131; Thu, 4 Dec 1997 15:27:48 -0800 (PST) Received: from nisonline.com (nisonline.com [207.95.15.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA20112 for ; Thu, 4 Dec 1997 15:27:42 -0800 (PST) Received: by nisonline.com (Wildcat!) id Thu, 04 Dec 1997 23:27:31 GMT From: luuroju@hatterasinlet.com () Date: Thu, 04 Dec 1997 23:27:31 GMT Message-Id: <191367830@nisonline.com> To: firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To: luuroju@hatterasinlet.com From: luuroju@hatterasinlet.com (Barrier Island Realty) Comments: Authenticated sender is Reply-to: hatterasinlet.com Errors-To: info@hatterasinlet.com Subject: Complimentary 3 day 2 night stay on the Outer Banks... Message-Id: <199712044042CAA43368@sample.com> We at Barrier Island Invite you and your spouse for a Complimentary 3 day 2 night stay on the Outer Banks... FREE Vacation Offer! http://www.bistation.com/bi-inquiry.htm For the Ultimate vacation Experience.....Discover the Outer Banks Please visit our website at http://www.bistation.com for more information. Call 1-800-237-5177 or email darjon@interpath.com Thank you for your time. If you would like to be removed from our list please type remove in the subject or in the bi-inquiry.htm From owner-firewalls-list Thu Dec 4 15:58:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA23688; Thu, 4 Dec 1997 15:47:14 -0800 (PST) Received: from nisonline.com (nisonline.com [207.95.15.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA23615 for ; Thu, 4 Dec 1997 15:46:58 -0800 (PST) Received: by nisonline.com (Wildcat!) id Thu, 04 Dec 1997 23:36:58 GMT From: way@hatterasinlet.com () Date: Thu, 04 Dec 1997 23:36:58 GMT Message-Id: <191935167@nisonline.com> To: firewalls@honor.greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To: way@hatterasinlet.com From: way@hatterasinlet.com (Barrier Island Realty) Comments: Authenticated sender is Reply-to: hatterasinlet.com Errors-To: info@hatterasinlet.com Subject: Complimentary 3 day 2 night stay on the Outer Banks... Message-Id: <199712041729UAA46651@sample.com> We at Barrier Island Invite you and your spouse for a Complimentary 3 day 2 night stay on the Outer Banks... FREE Vacation Offer! http://www.bistation.com/bi-inquiry.htm For the Ultimate vacation Experience.....Discover the Outer Banks Please visit our website at http://www.bistation.com for more information. Call 1-800-237-5177 or email darjon@interpath.com Thank you for your time. If you would like to be removed from our list please type remove in the subject or in the bi-inquiry.htm form. slet From owner-firewalls-list Thu Dec 4 16:13:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA24460; Thu, 4 Dec 1997 15:49:42 -0800 (PST) Received: from nisonline.com (nisonline.com [207.95.15.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA24290 for ; Thu, 4 Dec 1997 15:49:09 -0800 (PST) Received: by nisonline.com (Wildcat!) id Thu, 04 Dec 1997 23:37:25 GMT From: koemuuwei@hatterasinlet.com () Date: Thu, 04 Dec 1997 23:37:25 GMT Message-Id: <191962758@nisonline.com> To: firewalls@www.greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To: koemuuwei@hatterasinlet.com From: koemuuwei@hatterasinlet.com (Barrier Island Realty) Comments: Authenticated sender is Reply-to: hatterasinlet.com Errors-To: info@hatterasinlet.com Subject: Complimentary 3 day 2 night stay on the Outer Banks... Message-Id: <199712044409HAA36359@sample.com> We at Barrier Island Invite you and your spouse for a Complimentary 3 day 2 night stay on the Outer Banks... FREE Vacation Offer! http://www.bistation.com/bi-inquiry.htm For the Ultimate vacation Experience.....Discover the Outer Banks Please visit our website at http://www.bistation.com for more information. Call 1-800-237-5177 or email darjon@interpath.com Thank you for your time. If you would like to be removed from our list please type remove in the subject or in the bi-inquir From owner-firewalls-list Thu Dec 4 16:28:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA25511; Thu, 4 Dec 1997 15:56:42 -0800 (PST) Received: from ns.telegroup.com (ns.telegroup.com [208.219.0.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA25486 for ; Thu, 4 Dec 1997 15:56:29 -0800 (PST) Received: from telegroup.com ([208.219.1.30]) by ns.telegroup.com (8.8.5/8.8.5) with SMTP id RAA00648; Thu, 4 Dec 1997 17:59:48 -0600 (CST) Received: from radius.telegroup.com (radius.telegroup.com [10.1.2.10]) by telegroup.com (8.8.5/8.8.5) with ESMTP id RAA03244; Thu, 4 Dec 1997 17:59:48 -0600 (CST) Received: from mandrake.telegroup.com (macke@[208.219.1.177]) by radius.telegroup.com (8.8.5/8.8.3) with SMTP id RAA06198; Thu, 4 Dec 1997 17:59:47 -0600 (CST) Date: Thu, 4 Dec 1997 17:59:47 -0600 (CST) From: Brian Macke Reply-To: bmacke@telegroup.com To: Ambrose Li cc: firewalls@GreatCircle.COM Subject: Re: what are these ports? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk 22/udp is used by PCAnywhere, but (last I checked) is unassigned. 4000/tcp is a very common MUD port. One thing that you can do to see what's on these services (granted, if they're TCP) is to use telnet to attempt to connect. For example: telnet blood.bigmud.com 4000 Would emulate what the user's attempting to do. After connecting, poke around to see what kind of daemon is listening. Something like a MUD will be excruciatingly obvious. On Thu, 4 Dec 1997, Ambrose Li wrote: > My firewall has been logging some strange things recently. Among > them are a lot of 22/udp. I know what 22/tcp is (and seen them > coming), but I have absolutely no idea and 22/udp is. > > I also see strange ports like 4000/tcp and 8000/tcp. Does anyone > know what these are supposed to be? (8000 maybe a guess for a web > server?) > > > -- > Ambrose C. Li > ,,Programmer-analyst'' / system administrator / PC user support > Ming Pao Newspapers (Canada) Ltd. EDP department > 1355 Huntingwood Dr., Scarborough (Ont.), Canada M1S 3J1 +1(416)321-0088 > -Brian James Macke macke@telegroup.com Unix SysAdmin/Security Specialist Telegroup, Inc. "In order to get that which you wish for, you must first get that which builds it." -- Unknown From owner-firewalls-list Thu Dec 4 16:43:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA04286; Thu, 4 Dec 1997 16:39:25 -0800 (PST) Received: from upshield.uniq.com.au (upstop.uniq.com.au [192.195.152.113]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id QAA04061 for ; Thu, 4 Dec 1997 16:38:31 -0800 (PST) Received: (from smtp@localhost) by upshield.uniq.com.au id LAA19408 (8.8.7/IDA-1.6); Fri, 5 Dec 1997 11:37:35 +1100 (EST) Received: from upshoo.uniq.com.au(192.195.152.130), claiming to be "upserv.uniq.com.au" via SMTP by upshield.uniq.com.au, id smtpdAAAa004j6; Fri Dec 5 11:37:26 1997 Received: from basil.uniq.com.au (basil.uniq.com.au [192.168.3.1]) by upserv.uniq.com.au with ESMTP id LAA13884 (8.8.5/IDA-1.6); Fri, 5 Dec 1997 11:37:23 +1100 (EST) Received: (from pauline@localhost) by basil.uniq.com.au id LAA04807 (8.8.5/IDA-1.6); Fri, 5 Dec 1997 11:37:01 +1100 (EST) Date: Fri, 5 Dec 1997 11:37:01 +1100 (EST) From: Pauline van Winsen - Uniq Professional Services Message-ID: <199712050037.LAA04807@basil.uniq.com.au> To: bmacke@telegroup.com, firewalls@GreatCircle.COM, rlow@ewa-canada.com Subject: Re: Good Books To Read Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: /hTwziQYCB7/EBYkEhGDag== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > At 07:55 04-12-97 -0600, Brian Macke wrote: > >So the question becomes: Are there any good books out there that deal with > >writing a good Security Policy that won't get laughed at by one's > >managers? > > Take a look at the NIST draft "Internet Security Policy: A Technical > Guide" at http://csrc.nist.gov/isptg/. I haven't looked at it in depth > yet, but at 108 pages it has a reasonable thump factor. :-) my preference is for two booklets published by SAGE. they are: System Security: A Management Perspective A Guide to Developing Computing Policy Documents you can find out about more at: http://www.usenix.org/sage/publications/short_topics.html i find these extremely useful, particularly for non-technical people. hope this helps, pauline Pauline van Winsen pauline@uniq.com.au Uniq Professional Services Pty Ltd www.uniq.com.au PO Box 70, Paddington, NSW 2021, (Sydney) Australia Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000 "Never try to flirt with your boss... he's your bread & butter and not your honey." The boss is not your honey - Book 3, Woman's World, circa 1964. From owner-firewalls-list Thu Dec 4 17:13:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA06831; Thu, 4 Dec 1997 16:51:50 -0800 (PST) Received: from newman.aventail.com (newman.aventail.com [199.238.236.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id QAA06735 for ; Thu, 4 Dec 1997 16:51:30 -0800 (PST) Received: from smtp.in.aventail.com (bucknaked.in.aventail.com [192.168.1.68]) by newman.aventail.com (8.8.5/8.8.5) with ESMTP id QAA21577; Thu, 4 Dec 1997 16:53:33 -0800 (PST) From: marcvh@aventail.com (Marc VanHeyningen) To: Fyodor , firewalls@greatcircle.com Subject: Re: SOCKS compliant programming In-reply-to: Your message of "Wed, 03 Dec 1997 14:43:07 +0600." Date: Thu, 04 Dec 1997 16:53:33 -0800 Message-ID: <13707.881283213@smtp.in.aventail.com> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> Can anyone point me to a very good guide for writing secure socket >> and/or socks compliant Windows applications? - Marc -- Marc VanHeyningen marcvh@aventail.com Internet Security Architect Aventail http://www.aventail.com/ From owner-firewalls-list Thu Dec 4 17:23:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA21044; Thu, 4 Dec 1997 12:38:21 -0800 (PST) Received: from filer1.isc.rit.edu (filer1.isc.rit.edu [129.21.3.106]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id MAA20936 for ; Thu, 4 Dec 1997 12:37:54 -0800 (PST) Received: from grace.isc.rit.edu by osfmail.isc.rit.edu (PMDF V5.1-10 #21576) with ESMTP id <0EKO00L5AMS5VO@osfmail.isc.rit.edu> for firewalls@GreatCircle.COM; Thu, 4 Dec 1997 15:40:53 -0500 (EST) Received: from localhost (jlt8903@localhost) by grace.isc.rit.edu (8.8.5/8.8.5) with SMTP id PAA13996; Thu, 04 Dec 1997 15:40:56 -0500 (EST) Date: Thu, 04 Dec 1997 15:40:56 -0500 (EST) From: Jason Terwilliger Subject: Re: Good Books To Read In-reply-to: X-Sender: jlt8903@grace.isc.rit.edu To: bmacke@telegroup.com Cc: firewalls@GreatCircle.COM Reply-to: Jason Terwilliger Message-id: MIME-version: 1.0 Content-type: TEXT/PLAIN; charset=US-ASCII X-Authentication-warning: grace.isc.rit.edu: jlt8903 owned process doing -bs Sender: firewalls-owner@GreatCircle.COM Precedence: bulk It's ironic you wrote this. I've previously recieved a History/Political Science degree back in 93. I'm now going to RIT for a degree in the computer field and hope to specialize in security. I guess that makes me pretty rare. :-) ~Jason On Thu, 4 Dec 1997, Brian Macke wrote: > One thing I've noticed in this thread is a general lack of books on > Information Security Policy Writing. While this is sometimes the most > bland subject, it's arguably the most important step in "Repelling the > wily hacker." Of my book collection of about.. fifteen books, the only > three mention security. Fortunately, I had my education in Political > Science help me through it - but my feeling is that not many PoliSci > students went on to be Computer Security Specialists. From owner-firewalls-list Thu Dec 4 17:28:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA11603; Thu, 4 Dec 1997 17:22:04 -0800 (PST) Received: from scifi.squawk.com (scifi.squawk.com [199.74.151.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA11555 for ; Thu, 4 Dec 1997 17:21:50 -0800 (PST) Received: from localhost (njs@localhost) by scifi.squawk.com (8.8.5/8.8.5) with SMTP id UAA20312 for ; Thu, 4 Dec 1997 20:25:19 -0500 Date: Thu, 4 Dec 1997 20:25:19 -0500 (EST) From: Nick Simicich X-Sender: njs@scifi To: firewalls@greatcircle.com Subject: Spam from Okracoke... Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk And the 800 number is a real one, I called it and they admitted the spam. Be sure to give them a call. :-) I really hate incompetent spammers. What is that, now? Three or four? That which does not kill us, makes us stronger. That which does kill us makes us smell stronger, after a few days, anyway. Nick Simicich mailto:njs@scifi.squawk.com or (last choice) mailto:njs@us.ibm.com http://scifi.squawk.com/njs.html -- Stop by and Light Up The World! From owner-firewalls-list Thu Dec 4 18:58:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA01782; Thu, 4 Dec 1997 18:46:02 -0800 (PST) Received: from m6.sprynet.com (m6.sprynet.com [165.121.1.89]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id SAA23944 for ; Thu, 4 Dec 1997 18:17:36 -0800 (PST) Received: from zeos (hdn90-042.hil.compuserve.com [206.175.99.42]) by m6.sprynet.com (8.6.12/8.6.12) with SMTP id SAA05268; Thu, 4 Dec 1997 18:20:59 -0800 Message-Id: <3.0.3.32.19971204212805.007c25d0@m6.sprynet.com> X-Sender: jsk347@m6.sprynet.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Thu, 04 Dec 1997 21:28:05 -0500 To: Andie Hill , "INTERNET:Firewalls@GreatCircle.COM" From: Steve Kruse Subject: Re: This thread ???? In-Reply-To: <199712041458_MC2-2AB7-70AA@compuserve.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Andie: The short answer is no...Milkyway does not have the Microsoft NT source code. The decision to replace the stack was based on a number of factors including our engineers ability to test for weaknesses, known (well published) weaknesses, the ease of using the NT stack for dubious ventures (adventures???) in forwarding and routing, among other things. The "hardened stack" is a COMPLETE replacement of the NT code in that area. The install process of the SecurIT firewall removes the installed NT stack. I hope that answers your question. Please e-mail me privately if I can be of more assistance in defining this for you! (I don't want to sound like a commerical on here ((again))...earlier chastisement from a couple of people accepted!) Steve Kruse At 02:58 PM 12/4/97 -0500, Andie Hill wrote: >Hey guy's, >I don't want to sound dreary or anything...... but..... >most of us read this stuff because we are interested in the protection of >our (or a clients) systems. > >.....Economics and ...... and ....... is not exactly the same as ... the >IP stack (or lack of) in Microslops latest prize winning master of sales. > >What about the 'hardened IP stack' in Milkyway's Blackhole ?? have they had >access to microslops (for the NT version) source code????? so does it >really hold up ?? > >AHI > > *********************************************** * jsk347@sprynet.com (Personal E-Mail) * * skruse@milkyway.com (Company E-Mail) * * http://www.milkyway.com * *********************************************** From owner-firewalls-list Fri Dec 5 00:28:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id AAA23348; Fri, 5 Dec 1997 00:19:51 -0800 (PST) Received: from spock.bitmailer.com (spock.bitmailer.com [194.179.94.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id AAA23331 for ; Fri, 5 Dec 1997 00:19:44 -0800 (PST) Received: from ns.bitmailer.com (ns.bitmailer.com [194.179.94.1]) by spock.bitmailer.com (8.8.5/8.8.6) with SMTP id JAA12423; Fri, 5 Dec 1997 09:39:56 +0100 Received: from mdintesis.es(src addr [195.16.159.109]) (1606 bytes) by ns.bitmailer.com via smail with P\:esmtp /R:smart_host /T:smtp (sender: ) id for ; Fri, 5 Dec 1997 10:24:13 +0100 (MET) Message-ID: <3487BA25.10384082@mdintesis.es> Date: Fri, 05 Dec 1997 09:24:05 +0100 From: Angel Lopez Escobar Organization: MD Integracion de Sistemas X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: Humberto Chavez Gomez CC: Firewalls@GreatCircle.COM Subject: Re: dinamics filtering rules. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, Yesterday I was at a product presentation whit the people of ISS ( www.iss.com), they say that with realsecure you can modify the rules of the Checkpoint's FW-1 on the fly, if realsecure detect an intrussion. Anyway I don't see the product working, but you can download a demo from their site. Regards, Humberto Chavez Gomez wrote: > Does anyone could explaid me if exist a form that I can filter > packets in a firewall in a dinamic form. I need the rules change if > a situation is presented. Or anyone can tell me if it is possible or not. > > Regards and thanks in advance. > > Hubert. -- +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Angel Lopez Escobar - Director Tecnico (Technical Manager) E-mail : alopez@mdintesis.es MD Integracion de Sistemas, S.A.L. MADRID - SPAIN - Voice 34 1 729.43.60 -Fax 34 1 729.26.10 -Cell Phone 34 29 64 92 16 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ From owner-firewalls-list Fri Dec 5 00:43:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id AAA23899; Fri, 5 Dec 1997 00:30:43 -0800 (PST) Received: from mtigwc04.worldnet.att.net (mtigwc04.worldnet.att.net [204.127.131.33]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id AAA23883 for ; Fri, 5 Dec 1997 00:30:34 -0800 (PST) From: mht@clark.net Received: from highlander ([12.68.9.173]) by mtigwc04.worldnet.att.net (post.office MTA v2.0 0613 ) with SMTP id AAA16508; Fri, 5 Dec 1997 08:33:34 +0000 Message-Id: <3.0.3.32.19971205033036.008ea540@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 05 Dec 1997 03:30:36 -0500 To: Andie Hill , "INTERNET:Firewalls@GreatCircle.COM" Subject: Re: This thread ???? In-Reply-To: <199712041458_MC2-2AB7-70AA@compuserve.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Andie, I think you fail to see the point, Economics and .... and ... is exactly what drives the industry, whether a product has a hardened IP Stack is due to whether a vendor that was formed due to economic reasons. Economics, policital and the overall industry itself is what drove the particular vendor who mention into business to sell a security solution. /mht At 02:58 PM 12/4/97 -0500, Andie Hill wrote: >Hey guy's, >I don't want to sound dreary or anything...... but..... >most of us read this stuff because we are interested in the protection of >our (or a clients) systems. > >.....Economics and ...... and ....... is not exactly the same as ... the >IP stack (or lack of) in Microslops latest prize winning master of sales. > >What about the 'hardened IP stack' in Milkyway's Blackhole ?? have they had >access to microslops (for the NT version) source code????? so does it >really hold up ?? > >AHI > > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Fri Dec 5 02:58:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id CAA08943; Fri, 5 Dec 1997 02:53:03 -0800 (PST) Received: from helga.informatik.ba-stuttgart.de (helga.informatik.ba-stuttgart.de [141.31.11.98]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id CAA08916 for ; Fri, 5 Dec 1997 02:52:20 -0800 (PST) Received: from localhost (mbuck@localhost) by helga.informatik.ba-stuttgart.de with SMTP (8.7.3/8.7.1) id LAA19282; Fri, 5 Dec 1997 11:55:09 +0100 (MET) Date: Fri, 5 Dec 1997 11:55:09 +0100 (MET) From: Manuela Buck To: "" cc: firewalls@honor.greatcircle.com Subject: Re: your mail In-Reply-To: <191962758@nisonline.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk merde, no spam Mail please On Thu, 4 Dec 1997, wrote: > To: koemuuwei@hatterasinlet.com > From: koemuuwei@hatterasinlet.com (Barrier Island Realty) > Comments: Authenticated sender is > Reply-to: hatterasinlet.com > Errors-To: info@hatterasinlet.com > Subject: Complimentary 3 day 2 night stay on the Outer Banks... > Message-Id: <199712044409HAA36359@sample.com> > > We at Barrier Island Invite you and your spouse for a Complimentary > 3 day 2 night stay on the Outer Banks... > FREE Vacation Offer! http://www.bistation.com/bi-inquiry.htm > For the Ultimate vacation Experience.....Discover the Outer Banks > > Please visit our website at http://www.bistation.com for more information. Call 1-800-237-5177 or email darjon@interpath.com > > Thank you for your time. > > If you would like to be removed from our list please type remove in the subject or in the bi-inquir > > From owner-firewalls-list Fri Dec 5 03:13:16 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA09388; Fri, 5 Dec 1997 03:02:35 -0800 (PST) Received: from chat.ru (light.express.ru [193.125.142.41]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA09371 for ; Fri, 5 Dec 1997 03:02:11 -0800 (PST) Received: from 193.125.142.234 (Vladivostok3-P8.rosprint.net [194.84.33.8]) by chat.ru (8.8.5/8.8.8) with SMTP id OAA11298 for ; Fri, 5 Dec 1997 14:02:55 +0300 (MSK) (envelope-from DJH@CHAT.RU) Date: Thu, 4 Dec 1997 21:03:47 1000 From: djHD X-Mailer: The Bat! (v1.00 Preview 1) Registered to djHD 8èDK«ÛýáZEóT1QvÔH µ Reply-To: djHD Organization: bYTE eNF0R(ERZ Message-ID: <12877.971204@CHAT.RU> To: firewalls@GreatCircle.COM Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk usubscribe firewalls From owner-firewalls-list Fri Dec 5 09:09:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA27204; Fri, 5 Dec 1997 08:32:38 -0800 (PST) Received: from mailhub2.aimnet.com (mailhub2.aimnet.com [204.247.0.214]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA27197 for ; Fri, 5 Dec 1997 08:32:32 -0800 (PST) Received: from pmail.emulation.com (pmail.emulation.com [204.247.24.33]) by mailhub2.aimnet.com (8.8.8/8.8.6+2) with ESMTP id IAA13808 for ; Fri, 5 Dec 1997 08:36:07 -0800 (PST) Message-Id: <199712051636.IAA13808@mailhub2.aimnet.com> Received: from FS1/SpoolDir by pmail.emulation.com (Mercury 1.31); 5 Dec 97 08:36:39 -0700 Received: from SpoolDir by FS1 (Mercury 1.31); 5 Dec 97 08:36:34 -0700 From: "Steve Corwin" Organization: Emulation Technology Inc. To: Firewalls@GreatCircle.COM Date: Fri, 5 Dec 1997 08:36:30 -0700 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: ONGuard? X-mailer: Pegasus Mail for Win32 (v2.54) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone have any experience/opinions with the ONguard firewall product, now from Elron corp? They claim to have a proprietary OS that replaces NT, as well as SMLI packet inspection. The closest comparison product I can find is Firewall-1. Steve Corwin MIS Manager Emulation Technology From owner-firewalls-list Fri Dec 5 09:43:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA00427; Fri, 5 Dec 1997 09:30:12 -0800 (PST) Received: from info.netsol.com (www.netsol.com [198.41.3.10]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA00412 for ; Fri, 5 Dec 1997 09:30:05 -0800 (PST) Received: from net_sol_ex01.netsol.com (net_sol_ex01.netsol.com [192.153.247.46]) by info.netsol.com (8.8.5/8.8.4) with ESMTP id MAA22448 for ; Fri, 5 Dec 1997 12:33:41 -0500 (EST) Received: by NET_SOL_EX01 with Internet Mail Service (5.0.1457.3) id ; Fri, 5 Dec 1997 12:34:42 -0500 Message-ID: <11DEBAD8FCE0D01186FF0000F8052A0166A428@NET_SOL_EX01> From: "Crowe, Peter" To: firewalls@GreatCircle.COM Subject: Security Implementation Templates Date: Fri, 5 Dec 1997 12:34:40 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Anyone know of a series of checklists\templates I could get to fully detail and report an upcoming security implementation? We are in the process of overhauling our NT heavy (UNIX light) network security setup. Something that would be in Word (or Wordperfect) format and would have a series of checkboxes or tables for me to fill in for suggested tasks to perform, technical details to document, etc. Ultimately this template would also help me produce a report to my boss. Any help would be much appreciated. Peter Crowe Digital Artist, Network Systems Engineer From owner-firewalls-list Fri Dec 5 11:10:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA09409; Fri, 5 Dec 1997 10:50:12 -0800 (PST) Received: from herald.cc.purdue.edu (herald.cc.purdue.edu [128.210.11.29]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id KAA09400 for ; Fri, 5 Dec 1997 10:50:06 -0800 (PST) Received: from frd-240.freh.purdue.edu by herald.cc.purdue.edu; Fri, 5 Dec 97 13:53:40 -0500 Message-ID: <34884D9E.719D4698@purdue.edu> Date: Fri, 05 Dec 1997 13:53:18 -0500 From: Michael S Hines Organization: Purdue University X-Mailer: Mozilla 4.03 [en] (WinNT; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Re: Security Implementation Templates References: <11DEBAD8FCE0D01186FF0000F8052A0166A428@NET_SOL_EX01> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Windows NT 3.51 Audit, Security, and Control from Microsoft Press should fill the bill. I believe it is available from the ISACA Bookstore (discounted if your an ISACA member) .. (www.isaca.org). Do not misunderstand...even though MS Press is the published, the content was developed by a group from one of the big six firms, and is ISACA/ISACF sponsoer work. While for 3.51 version, most all of the checkpoints also apply to 4.0. The appendix contains an audit program. Also, since WinNT is POSIX compliance, there are parts of a *NIX system audit which would be relevant also.. user and group rights for example, as well as system services (deamons in *NIX terminology). If you organizaiton has an IT auditor - they may have some of these references on the shelf... Crowe, Peter wrote: > > Anyone know of a series of checklists\templates I could get to fully > detail and report an upcoming security implementation? We are in the > process of overhauling our NT heavy (UNIX light) network security setup. > Something that would be in Word (or Wordperfect) format and would have a > series of checkboxes or tables for me to fill in for suggested tasks to > perform, technical details to document, etc. Ultimately this template > would also help me produce a report to my boss. > > Any help would be much appreciated. > > Peter Crowe > Digital Artist, Network Systems Engineer -- ------------------------------------------------------------------- Internet: mshines@purdue.edu * Michael S. Hines, CISA,CIA,CDP,CFE Voice: (765) 494-5845 * Sr. Information Systems Auditor FAX: (765) 496-1814 * Purdue University * 1065 Freehafer Hall * West Lafayette, IN 47907-1065 NOTE: All views are my own and do not reflect Purdue University policy. ------------------------------------------------------------------- From owner-firewalls-list Fri Dec 5 11:28:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA11316; Fri, 5 Dec 1997 11:22:59 -0800 (PST) Received: from njau.nj.mt.np.els-gms.att.net (njau.nj.mt.np.els-gms.att.net [199.191.146.70]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id LAA11309 for ; Fri, 5 Dec 1997 11:22:54 -0800 (PST) Date: Fri, 05 Dec 1997 14:10:51 +0000 From: rlsharp@attmail.com (Ronald L Sharp) Received: from rlsharp by attmail; Fri Dec 5 19:26:16 GMT 1997 Subject: Re: FW: Good Books To Read In-Reply-To: your message <31759979D5E0D011A5C300A0C95D89CE13D656@isgms001.new-breed.com> of Thu Dec 4 09:11:24 -0500 1997 To: RCline@new-breed.com (Cline, Robert) Cc: firewalls@GreatCircle.com (Firewall Mailing List) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Robert, I have to shamefully reply to your message with a plug for my own book. "PCWEEK Intranet and Internet Firewall Strategies" (yes, I do not like the title either). It was written by myself and Ed Amoroso, and it is specifically directed toward the non-techie to explain the purpose and function of a firewall and what to look for when buying a firewall. Ron Sharp Lucent Bell Labs r.l.sharp@lucent.com From owner-firewalls-list Fri Dec 5 11:47:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA10560; Fri, 5 Dec 1997 11:13:26 -0800 (PST) Received: from cliff.bms.com (cliff.bms.com [140.176.1.102]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA10525 for ; Fri, 5 Dec 1997 11:13:16 -0800 (PST) Received: from zim.bms.com (pendragon.zim.bms.com) by cliff.bms.com (PMDF V5.1-10 #22413) with SMTP id <01IQTG44L92800011X@cliff.bms.com> for Firewalls@GreatCircle.com; Fri, 5 Dec 1997 14:13:55 EST Received: from ccmail.zim.bms.com by zim.bms.com (4.1/SMI-4.1) id AA29412; Fri, 05 Dec 1997 14:14:44 -0500 (EST) Received: from cc:Mail by ccmail.zim.bms.com id AA881359848; Fri, 05 Dec 1997 11:13:12 -0500 (EST) Date: Fri, 05 Dec 1997 11:13:12 -0500 (EST) From: "Guse, Darren J." Subject: Firewall for AS/400 To: Firewalls@GreatCircle.com Message-id: <9711058813.AA881359848@ccmail.zim.bms.com> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone out there have any experience with IBM's Firewall for AS/400? Would appreciate any feedback.... Darren Guse Manager, Computer Operations and Network Services Linvatec Corp From owner-firewalls-list Fri Dec 5 13:45:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id NAA21639; Fri, 5 Dec 1997 13:24:11 -0800 (PST) Received: from tango.lightech.com.ar (tango.lightech.com.ar [200.0.253.134]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id NAA21573 for ; Fri, 5 Dec 1997 13:23:43 -0800 (PST) Received: from lightech.com.ar (plata.gaucho.com.ar [200.5.254.173]) by tango.lightech.com.ar (8.8.7/8.8.7) with ESMTP id VAA09818; Fri, 5 Dec 1997 21:05:23 GMT Message-ID: <34881D0D.BF7AEFA4@lightech.com.ar> Date: Fri, 05 Dec 1997 18:26:05 +0300 From: Sergio Bollini Organization: LighTech X-Mailer: Mozilla 4.03 [en] (X11; I; SunOS 5.5.1 sun4m) MIME-Version: 1.0 To: firewalls@greatcircle.com, fw-1-mailinglist@us.checkpoint.com Subject: Problems with SecuRemote Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi all! I'm having some problems with SecuRemote 2.1a. I have two FW-1 for Solaris 2.5.1 on a SparcStation5. Call them X and Y. They are using FWZ as encryption schema and the local Certificate Authority. When they were in version 2.1, all my SecuRemote clients worked fine with both firewalls. When I did the upgrade to 3.0b, those clients still worked correctly with BOTH of them, but any newly installed SecuRemote client trying to create the site corresponding to X get the following message: Error: Site X says that it is not a Certificate Authority. Nevertheless, with Y everything goes OK!!! The point is that X IS a CA (as also is Y). Any suggestions please? TIA -- Sergio E. Bollini LighTech Voice: (54-1) 373-1141 Ayacucho 563. Piso 13 Dto "A" FAX: (54-1) 373-1215 (1026) Buenos Aires e-mail: sbollini@lightech.com.ar Argentina URL: http://www.lightech.com.ar From owner-firewalls-list Fri Dec 5 13:58:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id NAA23815; Fri, 5 Dec 1997 13:52:21 -0800 (PST) Received: from oakland-ws-34.clark.net (oakland-ws-34.clark.net [204.245.172.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id NAA23783 for ; Fri, 5 Dec 1997 13:52:03 -0800 (PST) From: mht@clark.net Received: from highlander.cih.com (eggs.ne.mediaone.net [24.128.11.3]) by oakland-ws-34.clark.net (8.8.5/8.8.5) with SMTP id RAA08088; Fri, 5 Dec 1997 17:56:25 -0500 Message-Id: <3.0.3.32.19971205165302.039a3ae0@pop3.clark.net> X-Sender: mht@pop3.clark.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Fri, 05 Dec 1997 16:53:02 -0500 To: "Crowe, Peter" , firewalls@GreatCircle.COM Subject: Re: Security Implementation Templates In-Reply-To: <11DEBAD8FCE0D01186FF0000F8052A0166A428@NET_SOL_EX01> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Intranet Security by John Vacca, has some good pointers to what you are looking for.. /mht At 12:34 PM 12/5/97 -0500, Crowe, Peter wrote: >Anyone know of a series of checklists\templates I could get to fully >detail and report an upcoming security implementation? We are in the >process of overhauling our NT heavy (UNIX light) network security setup. >Something that would be in Word (or Wordperfect) format and would have a >series of checkboxes or tables for me to fill in for suggested tasks to >perform, technical details to document, etc. Ultimately this template >would also help me produce a report to my boss. > >Any help would be much appreciated. > >Peter Crowe >Digital Artist, Network Systems Engineer > > -------------------------------- Mark Teicher CASSIE Enterprises & Trust email:mht@clark.net Fingerprint: 1228 4108 80F4 6D3A 1392 9BE1 41C7 910A E210 C7FE From owner-firewalls-list Fri Dec 5 16:59:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA07814; Fri, 5 Dec 1997 16:51:37 -0800 (PST) Received: from ns.rc.on.ca (ns.ntadvice.com [207.176.151.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id QAA07790 for ; Fri, 5 Dec 1997 16:51:21 -0800 (PST) Received: by ns.rc.on.ca with Internet Mail Service (5.5.1939.0) id ; Fri, 5 Dec 1997 19:54:24 -0500 Message-ID: <418996AD2954D11180860000E8D5C667018538@ns.rc.on.ca> From: Russ To: "'Firewalls Mailing List'" Subject: Lucent Managed Firewall? Date: Fri, 5 Dec 1997 19:54:22 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.1939.0) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This is an open call to Bill Cheswick to come out and play with the rest of us now that the press release is out for the Lucent Managed Firewall. Given that the press release states "Lucent has re-invented the firewall", and merely glosses over the 5 patent-pending technologies used to create Inferno and the LMF, I know I would like to hear some more meat about the product. So Bill, are you still listening to the Firewalls list? Of course if there's someone else from the Lucent dev team who'd like to comment on just how the LMF manages to "re-invent the Firewall" I'm sure we'd love to hear from you. The press release makes it sound like a clone of CheckPoint Firewall-1. As always, please, no market-speak. If you haven't seen the press release I suspect you'll find it at http://www.lucent.com somewhere. Cheers, Russ From owner-firewalls-list Fri Dec 5 17:43:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA09851; Fri, 5 Dec 1997 17:33:31 -0800 (PST) Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA09844 for ; Fri, 5 Dec 1997 17:33:27 -0800 (PST) Received: from big-dawgs.cisco.com (herndon-dhcp-53.cisco.com [171.68.53.53]) by diablo.cisco.com (8.8.5/CISCO.SERVER.1.2) with SMTP id RAA15334; Fri, 5 Dec 1997 17:37:01 -0800 (PST) Message-Id: <3.0.5.32.19971205203659.007ff5a0@lint.cisco.com> X-Sender: pferguso@lint.cisco.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Fri, 05 Dec 1997 20:36:59 -0500 To: Russ From: Paul Ferguson Subject: Re: Lucent Managed Firewall? Cc: firewalls@GreatCircle.COM In-Reply-To: <418996AD2954D11180860000E8D5C667018538@ns.rc.on.ca> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 07:54 PM 12/5/97 -0500, Russ wrote: >This is an open call to Bill Cheswick to come out and play with the rest >of us now that the press release is out for the Lucent Managed Firewall. >Given that the press release states "Lucent has re-invented the >firewall", and merely glosses over the 5 patent-pending technologies >used to create Inferno and the LMF, I know I would like to hear some >more meat about the product. > Is this anything like "re-inventing the wheel"? ;-) - paul From owner-firewalls-list Fri Dec 5 18:58:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA17472; Fri, 5 Dec 1997 18:51:31 -0800 (PST) Received: from smtp.enteract.com (david.enteract.com [206.54.252.252]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id SAA17465 for ; Fri, 5 Dec 1997 18:51:25 -0800 (PST) Received: (qmail 29492 invoked from network); 6 Dec 1997 02:55:05 -0000 Received: from jimst.sa.enteract.com (HELO jimst.enteract.com) (207.229.133.64) by david.enteract.com with SMTP; 6 Dec 1997 02:55:05 -0000 Received: by localhost with Microsoft MAPI; Fri, 5 Dec 1997 20:54:51 -0600 Message-ID: <01BD01C0.08090780.jimst@enteract.com> From: James Strompolis Reply-To: "jimst@enteract.com" To: "'Crowe, Peter'" , "firewalls@GreatCircle.COM" Subject: RE: Security Implementation Templates Date: Fri, 5 Dec 1997 20:54:46 -0600 Organization: Aleph Consultants, Inc. X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Here's a good place to start. It is a bit out of date by now. No checkboxes but it is a Word document zipped. It is missing some new exploits and DOS attacks to be worried about but covers things you need to cover. http://www.microsoft.com/security/guidesecnt.zip Another place to look for updates: http://www.microsoft.com/ntserver/info/securityupdate.htm Subscribe to the NT Security mail list. Message body: subscribe ntsecurity majordomo@iss.net - James Strompolis Aleph Consultants, Inc. jimst@enteract.com From owner-firewalls-list Fri Dec 5 19:28:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id TAA20035; Fri, 5 Dec 1997 19:25:23 -0800 (PST) Received: from www.songrhim.co.kr (www.songrhim.co.kr [210.112.43.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id TAA19987 for ; Fri, 5 Dec 1997 19:25:12 -0800 (PST) Received: by www.songrhim.co.kr from localhost (router,SLMail V2.5); Sat, 06 Dec 1997 12:26:18 +0900 Received: by www.songrhim.co.kr from SR_CLIENT1 (210.112.43.14::mail daemon,SLMail V2.5); Sat, 06 Dec 1997 12:26:18 +0900 Message-ID: <3488C5FA.CCD626BF@songrhim.co.kr> Date: Sat, 06 Dec 1997 12:26:50 +0900 From: "kyoweon.Yoon" X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: "firewalls@GreatCircle.COM" Subject: e-commerce book! Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello! I'm look for about "electronic commerce" for building my own cybershopping mall. Who can tell me the good book concern "electronic commerce"? Thank you! From owner-firewalls-list Fri Dec 5 20:43:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA26543; Fri, 5 Dec 1997 20:40:04 -0800 (PST) Received: from gatekeeper.rolta.com (gatekeeper.rolta.com [206.154.250.46]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id UAA26518 for ; Fri, 5 Dec 1997 20:39:42 -0800 (PST) Received: by gatekeeper.rolta.com; id WAA08123; Fri, 5 Dec 1997 22:08:24 -0600 Received: from unknown(204.177.195.232) by gatekeeper.rolta.com via smap (g3.0.1) id xma008116; Fri, 5 Dec 97 22:08:18 -0600 Received: by rolta.com; id VAA12126; Fri, 5 Dec 1997 21:17:51 GMT Received: from vinay.rolta.com ([172.17.3.26]) by mailserver.rolta.com (8.6.9/8.6.9) with SMTP id KAA17715; Sat, 6 Dec 1997 10:41:59 GMT Received: by vinay.rolta.com with Microsoft Mail id <01BD022E.C7A0D780@vinay.rolta.com>; Sat, 6 Dec 1997 10:07:37 +0530 Message-ID: <01BD022E.C7A0D780@vinay.rolta.com> From: Vinay Sawarkar To: "'kyoweon.Yoon'" Cc: "'firewalls@GreatCircle.COM'" Subject: RE: e-commerce book! Date: Sat, 6 Dec 1997 10:07:35 +0530 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi Kyoweon ! Try "Understanding Electronic Commerce " by David Kosiur. Publisher is Microsoft Press and the price is US $ 19.99. Thanks -----Original Message----- From: kyoweon.Yoon [SMTP:kwyoon@songrhim.co.kr] Sent: Saturday, December 06, 1997 8:57 AM To: firewalls@GreatCircle.COM Subject: e-commerce book! Hello! I'm look for about "electronic commerce" for building my own cybershopping mall. Who can tell me the good book concern "electronic commerce"? Thank you! From owner-firewalls-list Fri Dec 5 22:13:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA03379; Fri, 5 Dec 1997 22:02:28 -0800 (PST) Received: from hangar.jetlink.net (hangar.jetlink.net [206.72.64.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA03326 for ; Fri, 5 Dec 1997 22:02:08 -0800 (PST) Received: from gnss.com (ppp-208-19-49-241.isdn.jetlink.net [208.19.49.241]) by hangar.jetlink.net (8.8.8/8.8.8) with ESMTP id WAA03000; Fri, 5 Dec 1997 22:03:17 GMT Message-ID: <3488EB31.B5D806F6@gnss.com> Date: Fri, 05 Dec 1997 22:05:37 -0800 From: "osiris@gnss.com" Reply-To: osiris@gnss.com Organization: Global Network Security Systems X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: Russ CC: "'Firewalls Mailing List'" , osiris@gnss.com Subject: Re: Lucent Managed Firewall? References: <418996AD2954D11180860000E8D5C667018538@ns.rc.on.ca> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Between now and the time that Mr. Cheswick appears, a quick overview for anyone without a lot of time. Doc URLs are below... ++ Runs on Intel ++ Fits on a single floppy ++ Embedded within Inferno ++ No user accounts or file system ++ Must be assigned a logical IP (Hmmm.) ++ Reportedly remains invisible to the void ++ Encrypted communication with Management Server (DES, Diffie/Hellman) ++ Uses a caching mechanism to determine if packers are/were allowed ++ Good for UNIX and NT (hosting Inferno) ++ Server-side apps on Management Server are in Java ++ Admin's login protected via SSL ++ Server has a digital certificate that can be verified ++ Native VPN support (U.S. only) ++ Granularity of and multiple security zones Documents on LMF: Technical Overview: http://public1.lucent.com/security/pdf/technical_doc.pdf Product Specification: http://public1.lucent.com/security/pdf/prod_spec.pdf The FAQ (for lack of a better description): http://public1.lucent.com/security/ask.html Documents on Inferno generally: Inferno Security H. Bernard http://207.121.184.224/security.html Security in Inferno D. Presotto http://inferno.lucent.com/inferno/security.html Descent into Limbo (Programming language for Inferno) Kernighan http://inferno.lucent.com/inferno/limbotut.html Limbo Manual: http://inferno.lucent.com/inferno/limbo.html Real-Time Inferno A. Sharma http://207.121.184.224/realtime.html What Inferno Runs On: http://207.121.184.224/specs.html Go here to get Inferno and the IDK (SDK): http://inferno.lucent.com/inferno/registration.html And, thanks to the folks at caltech.edu, a virtual treasure of documents: ftp://ftp.ugcs.caltech.edu/pub/ryip/infdoc/ From owner-firewalls-list Fri Dec 5 22:43:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA07332; Fri, 5 Dec 1997 22:30:32 -0800 (PST) Received: from hangar.jetlink.net (hangar.jetlink.net [206.72.64.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA07304 for ; Fri, 5 Dec 1997 22:30:23 -0800 (PST) Received: from gnss.com (ppp-208-19-49-241.isdn.jetlink.net [208.19.49.241]) by hangar.jetlink.net (8.8.8/8.8.8) with ESMTP id WAA03739; Fri, 5 Dec 1997 22:31:40 GMT Message-ID: <3488F1D8.4066FAD8@gnss.com> Date: Fri, 05 Dec 1997 22:34:00 -0800 From: "osiris@gnss.com" Reply-To: osiris@gnss.com Organization: Global Network Security Systems X-Mailer: Mozilla 4.02 [en] (Win95; I) MIME-Version: 1.0 To: Vinay Sawarkar CC: "'kyoweon.Yoon'" , "'firewalls@GreatCircle.COM'" , osiris@gnss.com Subject: Re: e-commerce book! References: <01BD022E.C7A0D780@vinay.rolta.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Try some of these...Books first, links last. Books... Build a World Wide Web Commerce Center : Plan, Program, and Manage Internet Commerce for Your Company (Net. Genesis Corporation) ISBN: 0471149284 Creating Commercial Web Sites (Kim Hampton) ISBN: 1575211696 Web Catalog Cookbook (Cliff Allen, Deborah Kania) ISBN: 0471183318 Building Cyberstores : Installation, Transaction Processing, and Management (Martin Nemzow) ISBN: 0079130909 Building Web Commerce Services (Ed Tittel, Charlie Scott, Paul Wolfe, Mike Erwin) ISBN: 0764530321 Internet Commerce (Andrew Dahl, Leslie Lesnick, Lisa Morgan) ISBN: 1562054961 Java Electronic Commerce Sourcebook : All the Software and Expert Advice You Need to Open Your Own Virtual Store (Cary A. Jardin) ISBN: 0471176117 Web Commerce Handbook (McGraw-Hill Series on Computer Communication) (Daniel Minoli, Emma Minoli) ISBN: 0070429782 Electronic Commerce Dictionary : The Definitive Terms for Doing Business on the Information Superhighway (Ted Haynes) ISBN: 0964650606 Digital Cash : Commerce on the Net (Peter Wayner) ISBN: 0127887725 Digital Money : The New Era of Internet Commerce (Daniel C. Lynch, Leslie Lundquist) ISBN: 047114178X The Economics of Electronic Commerce (Andrew B. Whinston, Dale O. Stahl, Soon-Yong Choi) ISBN: 1578700140 Electronic Commerce : A Manager's Guide (Ravi Kalakota, Andrew Whinston) ISBN: 0201880679 Electronic Commerce : On-Line Ordering and Digital Money (Pete Loshin, Paul Murphy) ISBN: 1886801673 >From Edi to Electronic Commerce : A Business Initiative (Phyllis, K. Sokol) ISBN: 0070595127 Frontiers of Electronic Commerce (Ravi Kalakota, Andrew B. Whinston) ISBN: 0201845202 Readings in Electronic Commerce (Ravi Kalakota, Andrew B. Whinston) ISBN: 0201880601 Understanding Electronic Commerce (David R. Kosiur) ISBN: 1572315601 Links to interesting articles or studies on EC: Electronic Commerce in Action: http://techweb.cmp.com/ia/iad_web_/networth/ccstudy/case.htm The Challenges of Electronic Commerce http://www2000.ogsm.vanderbilt.edu/intelligent.agent/index.html Commercializing the Information Superhighway: Are We in for a Smooth Ride? http://www2000.ogsm.vanderbilt.edu/smooth.ride.html Commercialization of the Internet (RFC 1192) http://www.es.net/pub/rfcs/rfc1192.txt Attenion Econmoy, the Natural Economy of the Net: http://www.firstmonday.dk/issues/issue2_4/goldhaber/index.html Possible Economic Consequences of Digital Cash http://www.firstmonday.dk/issues/issue2/digital_cash/index.html Trust in Electronic Markets: http://www.firstmonday.dk/issues/issue2/markets/index.html E-Commerce: Building a Model: http://techweb.cmp.com/cw/webcommerce/web0317-1.html The Economics of the Internet, Information Goods, Intellectual Property and Related Issues: http://www.sims.berkeley.edu/resources/infoecon/index.html Analysis of some 1,000+ sites.. http://web.idirect.com/~tiger/ American Internet User Survey http://etrg.findsvp.com/internet/newinet.html 1997 American Internet User Survey http://etrg.findsvp.com/internet/findf.html From owner-firewalls-list Fri Dec 5 23:43:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA16400; Fri, 5 Dec 1997 23:36:04 -0800 (PST) Received: from voland.freenet.bishkek.su (voland.freenet.bishkek.su [193.125.230.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA16233 for ; Fri, 5 Dec 1997 23:35:02 -0800 (PST) Received: from freenet.bishkek.su (fygrave@freenet.bishkek.su [193.125.230.1]) by voland.freenet.bishkek.su (8.8.4/8.8.4) with ESMTP id MAA07533 for ; Sat, 6 Dec 1997 12:42:00 +0500 Received: (from fygrave@localhost) by freenet.bishkek.su (8.8.4/8.6.12) id MAA07043; Sat, 6 Dec 1997 12:41:52 +0600 Date: Sat, 6 Dec 1997 12:41:51 +0600 (GMT+0500) From: Fyodor Reply-To: fygrave@usa.net To: "'firewalls mailing list'" Subject: Proxy Config.. The ways to.. Message-ID: X-lummer: Bill Gates MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello People, I was thinking here of some kind of limit on setting proxy, Say, i would want to deny getting some type of files (say .gif, or .jpg) over my proxy server. WHat would be the common way of doing this? Now i use Apache http server which has some experimental proxy abilities, but i haven't figured out, how can i do such thing. Maybe i should switch to another soft? --- Fyodor Yarochkin email:fygrave@usa.net http://www.tigerteam.net/linuxgroup/ tel:(3312) 474465 "Optima philosophia et sapientia est meditatio mortis." From owner-firewalls-list Sat Dec 6 02:28:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id CAA02396; Sat, 6 Dec 1997 02:23:07 -0800 (PST) Received: from ykbgate ([195.33.225.162]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id CAA02319 for ; Sat, 6 Dec 1997 02:20:49 -0800 (PST) Received: by ykbgate; (5.65v3.2/1.3/10May95) id AA24857; Sat, 6 Dec 1997 12:24:10 +0200 Received: by plaza.ykb.com; (5.65v3.2/1.3/10May95) id AA31980; Sat, 6 Dec 1997 12:21:57 +0200 X-Lotus-Fromdomain: YKBNOTES From: "icakmakli" To: firewalls-digest@GreatCircle.COM Message-Id: Date: Sat, 6 Dec 1997 12:25:14 +0200 Subject: Altavista Firewall Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, Is there any documentation that compares Altavista Firewall 97 and some other firewall products? Regards. From owner-firewalls-list Sat Dec 6 03:28:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA08882; Sat, 6 Dec 1997 03:26:56 -0800 (PST) Received: from cmx.netvision.net.il (cmx.NetVision.net.il [194.90.1.109]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA08875 for ; Sat, 6 Dec 1997 03:26:50 -0800 (PST) Received: from yeret.netvision.net.il (ts021p5.pop9a.netvision.net.il [194.90.5.133]) by cmx.netvision.net.il (8.8.6/8.8.6) with ESMTP id NAA01973; Sat, 6 Dec 1997 13:26:19 +0200 (IST) Message-ID: <34893824.491F83F@netvision.net.il> Date: Sat, 06 Dec 1997 13:33:56 +0200 From: Yuval Yeret Reply-To: yuvalyrt@netvision.net.il X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: FW-1-Mailinglist , Firewalls Mailinglist Subject: NT as a central intranet firewall X-Priority: 3 (Normal) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk hey there, i have a question concerning scalability of firewalls, specifically as an intranet firewall between LAN's, WAN's at high speeds. I know most of u out there will respond that solaris is the preferred OS for this configuration. But I would like to hear from people who use NT or other OS for heavy-duty firewall's, and what they use as a platform. The main issue is, can NT scale up to Unix, given the right hardware ? All your subjective/objective opinions are welcome... Thanks, Yuval. From owner-firewalls-list Sat Dec 6 03:43:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id DAA10080; Sat, 6 Dec 1997 03:39:09 -0800 (PST) Received: from hermes.centaur.de (hermes.centaur.de [194.45.197.100]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id DAA10055 for ; Sat, 6 Dec 1997 03:39:01 -0800 (PST) Received: from zeus.centaur.de (zeus.centaur.de [194.120.119.100]) by hermes.centaur.de (8.8.7/8.8.7) with ESMTP id LAA05994; Sat, 6 Dec 1997 11:33:33 +0100 Received: from jaeger.centaur.de ([192.168.1.70]) by zeus.centaur.de (8.6.12/8.6.6) with SMTP id MAA14389; Sat, 6 Dec 1997 12:31:00 +0100 Received: by jaeger.centaur.de with Microsoft Mail id <01BD0242.E7808AA0@jaeger.centaur.de>; Sat, 6 Dec 1997 12:31:41 +-100 Message-ID: <01BD0242.E7808AA0@jaeger.centaur.de> From: Sascha Jaeger To: "firewalls-digest@GreatCircle.COM" , "'icakmakli'" Cc: "Strobel, Stefan" , =?iso-8859-1?Q?Sch=FCssler=2C_Isabell?= Subject: AW: Altavista Firewall Date: Sat, 6 Dec 1997 12:36:06 +-100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yes there are some producer-dependent comparisons (scc,cp,av...) and some (more interesting) comparisons from independent consultants. One publication which compares AltaVista f. NT with FW-1,Eagle,Borderware,Netguard, Watchguard and Onguard from Isabell Schuessler / CENTAUR and Stefan Strobel / CENTAUR was published in the INTERNET PROFESSIONELL-mag 12/97 from Ziff-Davis company (http://www.zdnet.de). I can send you the printed publication when you give me your address. I can't send you a electronic-version cause of the copyrights. reg. Sascha Jaeger Urbanstrasse 68 jaeger@centaur.de Centaur Unternehmensgruppe 74074 Heilbronn http://www.centaur.de Xlink PoP Heilbronn Tel 07131/799-107 Fax -150 Tel 0172 6315323 ---------- Von: icakmakli[SMTP:icakmakli@ykb.com] Gesendet: Samstag, 6. Dezember 1997 11:25 An: firewalls-digest@GreatCircle.COM Betreff: Altavista Firewall Hi, Is there any documentation that compares Altavista Firewall 97 and some other firewall products? Regards. From owner-firewalls-list Sat Dec 6 08:13:34 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id IAA25413; Sat, 6 Dec 1997 08:09:00 -0800 (PST) Received: from out4.ibm.net (out4.ibm.net [165.87.194.239]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id IAA25406 for ; Sat, 6 Dec 1997 08:08:55 -0800 (PST) From: daemond@ibm.net Received: from master.ibmcyrix.org (slip-32-100-120-45.oh.us.ibm.net [32.100.120.45]) by out4.ibm.net (8.8.5/8.6.9) with SMTP id QAA34308; Sat, 6 Dec 1997 16:11:50 GMT Date: Sat, 6 Dec 1997 11:15:49 -0500 (EST) X-Sender: daemond@master.ibmcyrix.org To: fygrave@usa.net cc: "'firewalls mailing list'" Subject: Re: Proxy Config.. The ways to.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk You do realize that if you lock out .gif and .jpg files you've practically disabled about %99 of the images that show up on your web browser (icons, etc.). Geoff daemond@ibm.net ----------------------------------------------------------------------------- Spammers beware: I do not buy from companies that spam! On Sat, 6 Dec 1997, Fyodor wrote: > Hello People, > I was thinking here of some kind of limit on setting proxy, > Say, i would want to deny getting some type of files (say .gif, or .jpg) > over my proxy server. WHat would be the common way of doing this? > Now i use Apache http server which has some experimental proxy > abilities, but i haven't figured out, how can i do such thing. Maybe i > should switch to another soft? > > > --- > Fyodor Yarochkin email:fygrave@usa.net > http://www.tigerteam.net/linuxgroup/ tel:(3312) 474465 > "Optima philosophia et sapientia est meditatio mortis." > > From owner-firewalls-list Sat Dec 6 14:43:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA10129; Sat, 6 Dec 1997 14:27:27 -0800 (PST) Received: from lsf008.gateway.com (gate4.gateway.com [208.215.59.158]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA10122 for ; Sat, 6 Dec 1997 14:27:22 -0800 (PST) From: BQyRrcqb4@worktow1est.com Received: by lsf008.gateway.com; id QAA06514; Sat, 6 Dec 1997 16:15:05 -0600 (CST) Received: from sdn-ts-003gaatlap12.dialsprint.net(206.133.65.63) by lsf008.gateway.com via smap (V3.1) id xmap02554; Sat, 6 Dec 97 16:14:27 -0600 DATE: 05 Dec 97 5:21:11 PM Message-ID: TO: lasers@44optic.com SUBJECT: Lasers/Optics/Optical Tables - Save! Sender: firewalls-owner@GreatCircle.COM Precedence: bulk MWK INDUSTRIES SALE! JUST A QUICK LETTER TO SHOW YOU SOME LASERS- OPTICS AND OPTICAL TABLES SURPLUS THAT WE JUST RECEIVED. ITEM TRIMMU12 14 WATT ARGON LASER MADE FOR HEART SURGERY, TRIMEDYNE MODEL 900 TEMOO, POLORIZED,220VAC INPUT , WATER COOLED , FIBER LAUNCH, ALL ON ROLLAROUND CART EXCELENT FOR LAB USE, THE POWER WAS MEASURED AT 13 TO 14 WATTS. PRICE $9500 12 MONTH WARRANTEE. ITEM: COHERENT ARTICULATING ARM FROM A MODEL 451 CO2 MEDICAL LASER. ECCELLENT COND. $200 ITEM CO220A: CO2 LASER MADE BY PFIZER ,1990, FOR SURGERY, TATTOO REMOVAL ECT. 20 WATT OUTPUT , TESTED AND IN EXC. COND. 110 VAC INPUT, COST $40,000 NEW OUR PRICE 4,900. MODEL 20-C ITEM:PDA-1U1 SPECTRA PHYSICS QUANTRA RAY PULSED DYE LASER , GOOD FOR SPARE PARTS MODEL PDA-1 $500 ITEM NEWU1 NEWPORT OPTICAL TABLE 16" BY 36" 4" THICK, 1 " HOLE SPACING, COMES WITH A RUBBER ISOLATED TABLE STAND, NOT AIR SUPPORTED, $750 ITEM: HEPSN1 HELIUM NEON POWER SUPPLY KIT OPERATES UP TO A 15 mW LASER, INCLUDES ALL COMPONENTS AND PRINTED CIRCUIT BOARD, ALL YOU HAVE TO DO IS STUFF AND SOLDER THE CIRCUIT BOARD . 4" BY 3" BY 3", PRICE $75 ITEM HENEU12 1 TO 1.5 MW HE-NE LASER 632.8 nM INCLUDES 12VDC INPUT POWER SUPPLY ALL IN A PLASTIC HOUSING 6.25 IN. BY 1.375IN BY 2.25 IN. TEMOO,RANDOM POL. ,1.7 MR DIVERGENCE. 12 MONTH WARRANTEE , PRICE $45 ITEM MELU12 1 TO 2 mW HE-NE LASER 632.8 NM , PULLS FROM MEDICAL EQUIPMENT .EACH UNIT INCLUDES HE-NE HEAD AND POWER SUPPLY[110VAC INPUT]. ALL YOU NEED TO PROVIDE IS A POWER CORD AND A FUSE TO MAKE THE UNIT OPERATIONAL. THE BEAM IS TEM00, POLORIZED WE WILL COVER EACH UNIT WITH A 12 MONTH UNLIMITED HOUR WARRANTEE, EXCELLENT FOR FOR LAB OR HOME USE. NEW THESE COST APPROX. $350 OUR PRICE $85. DIMENSIONS 9.75 BY 1.25 INCHES, P.S. 4.25 BY 3.25BY 1.25 INCHES. ITEM RAMCNS1: RAMAN CELL OPTICS 308 nm AR/AR 4600 A 0=0 DEGREES 1000 MM FL. 2" DIA. NEW. ORIGINAL PRICE $520 OUR PRICE $175 ITEM TFPOLNS1: POLARIZERS , THIN FILM FOR 532 nm , NEW, ORIGINAL COST $590 EACH OUR PRICE $200 EACH 10 MM DIA. ITEM CO2OCNS1: CO2 HIGH REFECTOR AND OUTPUT COUPLER 10.5 MM DIA, OC =79%R NEW. $200 A SET. ITEM 25MNS1: DIELECTRIC BROADBAND MIRRORS 450 TO 700NM , NEW WITH PLASTIC PROTECTIVE COATINGS , 2 SIZES 25 MM SQ. AND 50 MM SQ. RECOMENDED FOR HIGHER POWER LASERS. 25MM SIZE ITEM 25MNS1 $20 50MM SIZE ITEM 50MNS1 $25 ITEM # BSDNS1: 50/50 DIELECTRIC COATED PLATE BEAM SPLITTER 630 TO 660 NM COMES IN A TRIANGLE SHAPE EACH SIDE APPROX. 1" PRICE $20 ITEM # 45NS1 45 DEGREE RED REFLECTOR , PASSES 488 TO 532NM , CAN BE USED TO COMBINE RED AND GREEN/BLUE LASERS TO CREATE A WHITE LIGHT LASER. 1" SQ. PRICE $15 ITEM# PCINS1 PLANO/CONVEX LENS COATED FOR YAG 1064NM , AR COATED, 10MM DIA. NEW, ORIG. COST $250 OUR PRICE $100 ITEM# INFILTER : INTERFERENCE FILTERS USED FOR PASSING A PARTICULAR SPECTRAL LINE , 11.8 MM DIA. CAREFULLY REMOVED FROM MEDICAL EQUIPMENT AND WRAPPED IN LENSE PAPER. THE FOLLOWING WAVE LENGTHS ARE AVAILABLE. 523.5, 547.4 , 572.1, 512.9, 550.6, 488, 505.7 nm price $20 each. FOR A COMPLETE LINE OF NEW AND USED LASERS - OPTICS -ELECTRO OPTICS- LASER SHOWS ORDER A COMPLETE CATALOG AT MWKINDUSTRIES.COM TO: ORDER GO TO OUR WEB SITE MWKINDUSTRIES.COM {SECURE ORDERING SITE} QUESTIONS OR REMOVAL FROM MAILING LIST EMAIL: MWK@WORLDNET.ATT.NET MWK INDUSTRIES 1269 POMONA RD CORONA CA 91720 PHONE 909-278-0563 FAX 909-278-4887 From owner-firewalls-list Sat Dec 6 16:28:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA18684; Sat, 6 Dec 1997 16:18:45 -0800 (PST) Received: from mcfeely.bsfs.org (mcfeely.bsfs.org [204.91.13.34]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id QAA18664 for ; Sat, 6 Dec 1997 16:18:38 -0800 (PST) Received: (from wombat@localhost) by mcfeely.bsfs.org (8.6.12/8.6.12) id RAA00716; Sat, 6 Dec 1997 17:59:47 -0500 Date: Sat, 6 Dec 1997 17:59:43 -0500 (EST) From: Rabid Wombat To: Michael S Hines cc: firewalls@GreatCircle.COM Subject: Re: here you go In-Reply-To: <3486E6C4.45825690@purdue.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Why bother? He/she/it put their snail address at the bottom. We can send SikPuppy over in our black helicopter to piss on their hubcaps. On Thu, 4 Dec 1997, Michael S Hines wrote: > Up on soapbox..... > > If your preturbed by the use of the greatcircle.com mailer for spamming, > you might want to report this AOL user to ABUSE@AOL.COM as I just did > for violating AOL terms of service... > > Down off soapbox.... > > > > The user to report is Nicole6799@aol.com - > > And not back to our regularly scheduled program... > > -- > ------------------------------------------------------------------- > Internet: mshines@purdue.edu * Michael S. Hines, CISA,CIA,CDP,CFE > Voice: (765) 494-5845 * Sr. Information Systems Auditor > FAX: (765) 496-1814 * Purdue University > * 1065 Freehafer Hall > * West Lafayette, IN 47907-1065 > NOTE: All views are my own and do not reflect Purdue University policy. > ------------------------------------------------------------------- > From owner-firewalls-list Sun Dec 7 02:13:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA10586; Sun, 7 Dec 1997 01:59:03 -0800 (PST) Received: from voland.freenet.bishkek.su (voland.freenet.bishkek.su [193.125.230.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA10579 for ; Sun, 7 Dec 1997 01:58:23 -0800 (PST) Received: from freenet.bishkek.su (fygrave@freenet.bishkek.su [193.125.230.1]) by voland.freenet.bishkek.su (8.8.4/8.8.4) with ESMTP id PAA12633 for ; Sun, 7 Dec 1997 15:07:05 +0500 Received: (from fygrave@localhost) by freenet.bishkek.su (8.8.4/8.6.12) id PAA25196; Sun, 7 Dec 1997 15:05:57 +0600 Date: Sun, 7 Dec 1997 15:05:56 +0600 (GMT+0500) From: Fyodor Reply-To: fygrave@usa.net To: "'firewalls mailing list'" Subject: Re: Proxy Config.. The ways to.. In-Reply-To: Message-ID: X-lummer: Bill Gates MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > You do realize that if you lock out .gif and .jpg files you've practically > disabled about %99 of the images that show up on your web browser (icons, > etc.). sure... But i showed it up just as an example.. however, i could set limit on the size, couldn't i? From owner-firewalls-list Sun Dec 7 06:28:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA24288; Sun, 7 Dec 1997 06:23:11 -0800 (PST) Received: from attach1.rocketmail.com (attach1.rocketmail.com [205.180.57.81]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id GAA24281 for ; Sun, 7 Dec 1997 06:23:07 -0800 (PST) Message-ID: <19971207142455.8802.rocketmail@attach1.rocketmail.com> Received: from [194.90.211.84] by attach1; Sun, 07 Dec 1997 06:24:55 PST Date: Sun, 7 Dec 1997 06:24:55 -0800 (PST) From: HO Reply-To: nospam@nospam.com Subject: Re: dinamics filtering rules To: Firewalls@GreatCircle.COM MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I hear AbirNet's SessionWall-3 also provides OPSEC support to modify Check Point's Firewall-1 commands on the fly. --HO _________________________________________________________ DO YOU YAHOO!? Get your free @yahoo.com address at http://mail.yahoo.com From owner-firewalls-list Sun Dec 7 09:43:16 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA05121; Sun, 7 Dec 1997 09:39:51 -0800 (PST) Received: from pinux ([194.244.74.35]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA05114 for ; Sun, 7 Dec 1997 09:39:43 -0800 (PST) Received: from client ([194.244.74.131]) by pinux (8.7.5/8.7.3) with SMTP id BAA23339; Mon, 8 Dec 1997 01:36:03 +0100 From: "Franco RUGGIERI" To: "Ming Lu" , "Chris Lonvick" Cc: "Martin W Freiss" , , , Subject: R: R: strong encryption for Europeans Date: Sun, 7 Dec 1997 17:33:25 +0100 Message-ID: <01bd032d$d75c3d40$LocalHost@client> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.71.1712.3 X-MimeOLE: Produced By Microsoft MimeOLE V4.71.1712.3 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk First off: apologies for such a late reply: I was (and stiil am) up to my ears in what General Cambronne brought to glory. Thank Chris for answering yourself. Detailed news on these attacks (for sake of synthese I keep calling them such) can be found in RSA site, RSA Laboratories in Cryprobytes issues. ------------------------------- Franco RUGGIERI Via Francesco ACRI 24 00142 ROMA (Italy) ++39-6-5430326 Cell: 0368-3147231 fruggieri@selfin.net -----Messaggio originale----- Da: Chris Lonvick A: Ming Lu ; Franco RUGGIERI Cc: Martin W Freiss ; kate@forsys.msk.ru ; firewalls@GreatCircle.COM ; firewall-wizards@nfr.net Data: martedì 25 novembre 1997 12.20 Oggetto: Re: R: strong encryption for Europeans >Hello Ming, > >They were not exactly attacks. These were a set of challenges offered >by RSA Labs (with prizes). > >http://www.rsa.com/rsalabs/97challenge/ >http://www.rsa.com/rsalabs/97challenge/html/status.html >http://www.frii.com/~rcv/deschall.htm (winner of DES) >http://rc5.distributed.net/ (winner of RC5-32/12/7) > >For those that don't wish to follow the URLs, > > Challenge time to crack Prize > RC5-32/12/5 (40bit key) 3.5 hrs US$ 1,000. > RC5-32/12/6 (48bit key) 313 hrs US$ 5,000. > DES (56bit key) 140 days US$10,000. > RC5-32/12/7 (56bit key) 265 days US$10,000. > >(And there's US$90,000. in prize money left in the other challenges.) > >Later, > >Chris Lonvick >Cisco Systems >Corporate Consulting >Houston, TX, USA >+1.713.778.5663 > >At 06:03 PM 11/24/97 -0500, Ming Lu wrote: >>Franco: >> >>I would like to see reports reagding these successful attacks. I could >>not find them at CERT. >> >>TIA. >> >>On Mon, 24 Nov 1997, Franco RUGGIERI wrote: >> >>> Recently (June and October this year), attacks have been successfully >>> accomplished against DES and RC5 65 bit, by a huge number of computers >>> coordinated via Internet. Since participation in such effort was voluntary, >>> I wouldn't define such coordination as *strict*. Thus, we can assume that a >>> well determined organization would break codes based on keys up to 56 bit >>> in a reasonable amount of time. Therefore I wouldn't recommend VPNs based >>> on such systems (RCx, DES and the likes with *short*keys), unless for what >>> I would dub *minor areas* and for not long lasting applications. >>> This, of course, IMHO. I would appreciate comments (not flames!) on this >>> viewpoint of mine. >>> ------------------------------- >>> Franco RUGGIERI >>> fruggieri@selfin.net >>[snip] >> >>_ming >> >> From owner-firewalls-list Sun Dec 7 12:43:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA15186; Sun, 7 Dec 1997 12:33:40 -0800 (PST) Received: from nucleus.com (nucleus.com [199.45.65.129]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id MAA15179; Sun, 7 Dec 1997 12:33:35 -0800 (PST) Received: from loki (max1-cgy-177.nucleus.com [207.34.67.177]) by nucleus.com (8.8.8/8.8.8-NIS-11-28.97) with SMTP id NAA11517; Sun, 7 Dec 1997 13:46:50 -0700 (MST) Message-Id: <3.0.5.32.19971207133911.009c7c20@nucleus.com> X-Sender: dreamwvr@nucleus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Sun, 07 Dec 1997 13:39:11 -0700 To: Firewalls@GreatCircle.COM, firewalls-digest@GreatCircle.COM From: dreamwvr Subject: RFC from great circle In-Reply-To: <199712060900.BAA25613@honor.greatcircle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a rather unique situation that has been tabled for my solution and would like some comments if at all possible. The site is to run Winframe to supply http for a small cluster of users. The choice of Winframe is because the small cluster has very limited bandwidth and can't afford to get a leased line or frame relay arrangment. Winframe will be running Netscape Communicator :') as it sole service browser product and Winframe is being also used to create a buffer between the company data as all items such as cookies and java will be playing only on Winframe. I am not a big fan of Active X for security reasons but apparently that is part and parcel with Winframe. Are there any issues regarding Winframe security that I should be aware of plus the issues of Java and cookies. My read is Java applets and cookies are the least of your problems here. Active X being more out of control but a neccessary evil as per Winframe. B.T.W. it is quite impressive from what i have seen of it. What firewall solution would you recommend to use to protect the Winframe server. FW1 on intel as a less expensive proposal has been tabled running over 2.5.1 or 2.6. Also how might a hacker compromise the Winframe server as I am far from fully knowledgable of Winframe besides the Active X issue. My thoughts here is since Active X runs without the luxury of real protection it could with a hacked program burrow into the Winframe and act as a go between sort of like a man in the middle attack of sorts. But Winframe is their apparently for now so my job is to make it as secure as resonably possible. Winframe is the only link between the Internet TCP/IP Side and The Novell side running IPX/SPX. Winframe will not have a novell client living on it only NETSCAPES COMMUNICATOR 4.x i believe as it acts really as a more secure terminal server that proxies for lack of a better description. They are looking to isolate a second network on a completely different network attached to the web provided by one of the backbone providers. This is to provide more reliable access as well as to ensure that even if the Winframe site is compromised it will be less significant as the company info is housed elsewhere. Is this logic sound and please email comments and solutions for Winframe protection such as Raptor, FW1, whatever also recommend if possible backbone providers that should be looked at for their exemplury security standards to house such vital information. This is a Request for Great Circles Comments in such a scenario and will be needing to implement very soon. Best Regards, dreamwvr@nucleus.com From owner-firewalls-list Sun Dec 7 15:28:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA25034; Sun, 7 Dec 1997 15:18:37 -0800 (PST) Received: from pike.sover.net (pike.sover.net [204.71.16.17]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA25015 for ; Sun, 7 Dec 1997 15:18:30 -0800 (PST) Received: from sover.net (usr2a25.rut.sover.net [206.25.64.221]) by pike.sover.net (8.8.5/8.8.5) with ESMTP id SAA28624; Sun, 7 Dec 1997 18:22:12 -0500 (EST) Message-ID: <348B3075.554BB933@sover.net> Date: Sun, 07 Dec 1997 18:25:42 -0500 From: Chris Brenton Reply-To: cbrenton@sover.net X-Mailer: Mozilla 4.03 [en] (Win95; I) MIME-Version: 1.0 To: dreamwvr CC: Firewalls@GreatCircle.COM Subject: Re: RFC from great circle References: <3.0.5.32.19971207133911.009c7c20@nucleus.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk dreamwvr wrote: > The site is to run Winframe to supply http for a small cluster of users. I've done a similar implementation. The only real drawback is Internet access administration. Since all access originates from a single node, you lose all traceability as to who goes where. Unless of course you start digging through cache files. It also makes file transfers a bit of a pain. The file is sucked down to the Citrix box and then moved via a separate session to the local system if that is where it is needed. > Are there any > issues regarding Winframe security that I should be aware of plus the > issues of Java and cookies. Security patches really. Since it is based on Winnt 3.5 code, it is vulnerable to many of the same hacks. Since it is modified code, you can not always install patches as they roll out of MS. You have to wait for Citrix to develop them for you. > Active X being more out of control > but a neccessary evil as per Winframe. So disable ActiveX on the browser or filter it at the firewall. > What firewall solution would you > recommend to use to protect the Winframe server. Is this comment flame bait?? ;) Typical standards apply. If you think of the Winframe as an NT box acting like a UNIX machine, then it really does not change the criterion for selecting an appropriate firewall. Just make sure that what every you decide to go with is secure enough to lock down new security problems as they are found. As mentioned, some of the security patches are slow getting into production. > Winframe > is the only link between the Internet TCP/IP Side and The Novell > side running IPX/SPX. Winframe will not have a novell client living > on it only NETSCAPES COMMUNICATOR 4.x i believe as it acts really > as a more secure terminal server that proxies for lack of a better > description. Yes and no. The Winframe will be running IPX so that clients can attach. If browsing is enabled on the Winframe, then any MS shares advertised on IPX (i.e. any Win 3.11 or Win95 workstations with sharing turned on) can be accessible from this machine. The NetWare server should be okay, unless you are running samba.nlm. ;) > They are looking to isolate a second network on a > completely different network attached to the web provided by > one of the backbone providers. This is to provide more > reliable access as well as to ensure that even if the Winframe > site is compromised it will be less significant as the company > info is housed elsewhere. This is too little detail to really comment on. It would depend on how it is all connected together and what type of security precautions have been taken. Cheers, Chris -- ************************************** cbrenton@sover.net Multiprotocol Network Design & Troubleshooting http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529 Join the fight against SPAM! http://www.cauce.org/ From owner-firewalls-list Sun Dec 7 17:58:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA05269; Sun, 7 Dec 1997 17:56:00 -0800 (PST) Received: from proxy3.ba.best.com (proxy3.ba.best.com [206.184.139.14]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id RAA05262 for ; Sun, 7 Dec 1997 17:55:55 -0800 (PST) Received: from bfish.vip.best.com (bfish.vip.best.com [206.86.5.149]) by proxy3.ba.best.com (8.8.8/8.8.BEST) with SMTP id RAA29916 for ; Sun, 7 Dec 1997 17:56:22 -0800 (PST) Received: by bfish.vip.best.com with Microsoft Mail id <01BD0339.1CAF1F60@bfish.vip.best.com>; Sun, 7 Dec 1997 17:54:06 -0800 Message-ID: <01BD0339.1CAF1F60@bfish.vip.best.com> From: Bob Fish To: "firewalls@GreatCircle.COM" Subject: RE: Intrusion Detection Date: Sun, 7 Dec 1997 17:53:01 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yes, automated network intrusion detection is a growing field. There are = several excellent intrusion detection systems available today, not just = traffic monitoring devices. Network General (the inventor of the = Sniffer, now known as Networks Associates after its recent merger with = MacAfee) sells a product called CyberCop. StorageTek sells a combination = packet filter & intrusion detection system under the name of NetSentry = (this combines their BorderGuard security device with the NetRanger = IDS). The WheelGroup NetRanger itself is capable of automatically = setting filters on the BorderGuard devices as well as Cisco routers, = based on where (in the enterprise network) they are located and a = company's real-time policy enforcement needs. NetSolve (ProWatch = Secure) and IBM (Emergency Response Service) both offer intrusion = detection monitoring and response services as well... These systems (and services) are capable of centralized configuration = management, alarm reporting, and attack info logging from many remote = IDS sensors. ID systems are intended to be used in conjunction with = firewalls and other filtering devices, not as the standalone 'silver = bullet' for internet and intranet security. Bob Fish WheelGroup Corp www.wheelgroup.com ---------- From: Ted Doty Sent: Wednesday, December 03, 1997 6:16 AM To: firewalls@GreatCircle.COM Subject: Re: Seesion Wall-3 On Tue, 2 Dec 1997 12:38:54 -0500, List_Mail@vsebav.com (List_Mail) = posted: In Windows NT Magazine, October 1997 issue page 85, there is an=20 article on Session Wall-3, a firewall that you can place inside the = internal network. It's both a network monitor and a firewall. = Does=20 anyone has any experience with this product ? There is a lot of activity on Intrusion Detection right now, especially = the combination of IDS with traditional firewalls. The idea is that when = the IDS system detects inappropriate activity, it communicates with the firewall (for example, via Checkpoint's Opsec), to add a blocking rule. Intrusion Detection systems are passive, so they are a pretty good fit = for an internal network, where communications needs to be open. An organization could deploy internal firewalls that block nothing at all, except for the sessions of malicious users (as reported by an IDS). Separating the functionality into "detect" vs. "respond" is likely to = allow the performance of the security system to match the data rates of the internal LANs. There are a number of IDS systems out (including our RealSecure), but I don't know how many of them work with how many firewall systems. Any comments should be sent to me, as I don't normally follow the list. - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 From owner-firewalls-list Sun Dec 7 18:58:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA11074; Sun, 7 Dec 1997 18:51:57 -0800 (PST) Received: from home.au.ac.th (home.au.ac.th [202.6.101.20]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA11038 for ; Sun, 7 Dec 1997 18:51:42 -0800 (PST) Received: from au2.au.ac.th (u3914995@au2.au.ac.th [202.6.101.2]) by home.au.ac.th (8.8.8/8.8.8) with SMTP id JAA15464; Mon, 8 Dec 1997 09:56:35 +0700 (TST) Received: from localhost by au2.au.ac.th (SMI-8.6/SMI-SVR4) id JAA11802; Mon, 8 Dec 1997 09:57:08 +0700 Date: Mon, 8 Dec 1997 09:57:08 +0700 (TST) From: Nguyen Hoang Tien To: Bob Fish cc: "firewalls@GreatCircle.COM" Subject: RE: Intrusion Detection In-Reply-To: <01BD0339.1CAF1F60@bfish.vip.best.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This is last time i warned all of you don't drop mail to my mail box. I have never subscribed into you list why you guy throw you shit up to here all the time? Tien On Sun, 7 Dec 1997, Bob Fish wrote: > > Yes, automated network intrusion detection is a growing field. There are several excellent intrusion detection systems available today, not just traffic monitoring devices. Network General (the inventor of the Sniffer, now known as Networks Associates after its recent merger with MacAfee) sells a product called CyberCop. StorageTek sells a combination packet filter & intrusion detection system under the name of NetSentry (this combines their BorderGuard security device with the NetRanger IDS). The WheelGroup NetRanger itself is capable of automatically setting filters on the BorderGuard devices as well as Cisco routers, based on where (in the enterprise network) they are located and a company's real-time policy enforcement needs. NetSolve (ProWatch Secure) and IBM (Emergency Response Service) both offer intrusion detection monitoring and response services as well... > > These systems (and services) are capable of centralized configuration management, alarm reporting, and attack info logging from many remote IDS sensors. ID systems are intended to be used in conjunction with firewalls and other filtering devices, not as the standalone 'silver bullet' for internet and intranet security. > > Bob Fish > WheelGroup Corp > www.wheelgroup.com > > > ---------- > From: Ted Doty > Sent: Wednesday, December 03, 1997 6:16 AM > To: firewalls@GreatCircle.COM > Subject: Re: Seesion Wall-3 > > On Tue, 2 Dec 1997 12:38:54 -0500, List_Mail@vsebav.com (List_Mail) posted: > > In Windows NT Magazine, October 1997 issue page 85, there is an > article on Session Wall-3, a firewall that you can place inside the > internal network. It's both a network monitor and a firewall. Does > anyone has any experience with this product ? > > There is a lot of activity on Intrusion Detection right now, especially the > combination of IDS with traditional firewalls. The idea is that when the > IDS system detects inappropriate activity, it communicates with the > firewall (for example, via Checkpoint's Opsec), to add a blocking rule. > > Intrusion Detection systems are passive, so they are a pretty good fit for > an internal network, where communications needs to be open. An > organization could deploy internal firewalls that block nothing at all, > except for the sessions of malicious users (as reported by an IDS). > Separating the functionality into "detect" vs. "respond" is likely to allow > the performance of the security system to match the data rates of the > internal LANs. > > There are a number of IDS systems out (including our RealSecure), but I > don't know how many of them work with how many firewall systems. > > Any comments should be sent to me, as I don't normally follow the list. > > - Ted > > -------------------------------------------------------------- > Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 > > > > > From owner-firewalls-list Sun Dec 7 19:28:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id TAA14911; Sun, 7 Dec 1997 19:18:11 -0800 (PST) Received: from cih-gw.cih.com (cih-gw.cih.com [204.69.206.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id TAA14788 for ; Sun, 7 Dec 1997 19:17:46 -0800 (PST) Received: (from mail@localhost) by cih-gw.cih.com (8.7.6/8.6.9) id WAA31937; Sun, 7 Dec 1997 22:26:57 -0500 X-Authentication-Warning: cih-gw.cih.com: mail set sender to using -f Received: from cih-gw.cih.com(204.69.206.1) via SMTP by cih-gw.cih.com, id smtpd31935aaa; Mon Dec 8 03:26:51 1997 Date: Sun, 7 Dec 1997 22:26:51 -0500 (EST) From: "Craig I. Hagan" Reply-To: hagan@cih.com To: nospam@nospam.com cc: Firewalls@GreatCircle.COM Subject: Re: dinamics filtering rules In-Reply-To: <19971207142455.8802.rocketmail@attach1.rocketmail.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > I hear AbirNet's SessionWall-3 also provides OPSEC support to modify > Check Point's Firewall-1 commands on the fly. I've always wondered about things like this. are they smart and have multiple classes of rules: those that can't be changed, those that can be only added, and those that can be both added and removed? If so, do that handle rules that are in conflict in the sane (most secure) way, or in a first/last/best seen? more imporantly, has that f*cker been QA'ed so that mr. external nastigator can't play games with your rules (e.g. if strobed, you start disabling services, leading to a rather easy DOS/irritation attack). Also: if they alter there rules based upon log events, what happens when the log partition is filled up by dirty mcnasty? Does it fail to react? wait...i might be pissing of some company. i'll stop now :) -- craig ------------------------------------------------------------------------------- Craig I. Hagan "It's a small world, but I wouldn't want to back it up" hagan(at)cih.com "True hackers don't die, their ttl expires" "It takes a village to raise an idiot, but an idiot can raze a village" Stop the spread of spam, use a sendmail condom! http://www.cih.com/~hagan/smtpd-hacks In Bandwidth we trust From owner-firewalls-list Sun Dec 7 19:43:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id TAA13865; Sun, 7 Dec 1997 19:12:00 -0800 (PST) Received: from cih-gw.cih.com (cih-gw.cih.com [204.69.206.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id TAA13846 for ; Sun, 7 Dec 1997 19:11:39 -0800 (PST) Received: (from mail@localhost) by cih-gw.cih.com (8.7.6/8.6.9) id WAA31910; Sun, 7 Dec 1997 22:21:37 -0500 X-Authentication-Warning: cih-gw.cih.com: mail set sender to using -f Received: from cih-gw.cih.com(204.69.206.1) via SMTP by cih-gw.cih.com, id smtpd31908aaa; Mon Dec 8 03:21:32 1997 Date: Sun, 7 Dec 1997 22:21:32 -0500 (EST) From: "Craig I. Hagan" Reply-To: hagan@cih.com To: Yuval Yeret cc: FW-1-Mailinglist , Firewalls Mailinglist Subject: Re: NT as a central intranet firewall [-Drant] In-Reply-To: <34893824.491F83F@netvision.net.il> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > i have a question concerning scalability of firewalls, > specifically as an intranet firewall between LAN's, WAN's > at high speeds. define high speed. is this 1.544mbit, 10mbit, 45mbit, 100bmit, 600bmit, 1 gbit? more? full duplex for media which support this? short take: if we are talking T1's and 10mbit ethernet as 'high' speed, then i wouldn't worry about whether or not the OS can handle it on any US$1500+ computer purchased after 1-dec-1997 at US pricing. > I know most of u out there will respond that solaris is the > preferred OS for this configuration. It depends on our mood and how long it has been since we were on hold for a patch from sun to fix a production problem for a system which we could have fixed if given source code. note: same argument for all non-source release OSes. > > But I would like to hear from people who use NT or other OS > for heavy-duty firewall's, and what they use as a platform. > > The main issue is, can NT scale up to Unix, given the right > hardware ? long take. actually.... #define rant define the right hardware. I'll bet $1000 that an NT machine with a PCI card which had a set of custom ASICs and a few FPGAs which implemented a firewall in hardware and used the PCI bus/NT Os purely for configuration/management purposes would be able to keep up with whatever you could hook up to the card.[1] Given this, perhaps we should redefine 'right hardware' to be what you can go down to compUSA/microcenter/fry's/etc and purchase. call it high end pentium/ppro/p2 Now we have to define scaling. IBM,sun,m$ have all thrown it around like an unwanted mother-in-law, but, nobody has gotten off their arse to define what it *really* is. My working definition is that a scalable environment is one where the application is not machine specific, and has the relevant data/location abstractions to allow 1+ machines to serve the application. This would *REQUIRE* some 'middleware' agent which can properly broker client requests so that the system can allow dynamic increase/decrease of capacity as more hardware is brought into service (or taken down for service/failures). a (IMHO) proper environment allows the services provided to be sufficiently abstract such that ANY system running any supported OS (some services, e.g. RDBMS may have hw/os constraints) can assist with providing additional capacity for that service. With that above definition of scalable in mind, it becomes immediately obvious that software design as well as the design of the entire computing environment needs to be considered, right down to, and including the network. Ok, now that we have scalable defined, can NT scale as well as unix? I'd hazard that it has or can have the relevant abstraction layers to do a decent job of it. I'm *sure* that the MS website, despite its numerous security holes and other assorted shortcomings, could be held up as an example of where a web system can be distributed across god only knows how many NT machines and, for the most part, actually work. Personally, i'd be a little skittish about using NT in a production environment until *I* understood it as well as unix and could accurately predict how it would behave under what software/user load so that i could size the server pool appropriately. I'm not sure, though, that this is what you *meant* by scalable. There are two questions which come to mind that likely are more accurate representations of what you meant. First an assumption. From your letter, i'll assume that to you unix == solaris. Common usage, from what i've seen, is that unix rrepresents a class of operating systems. solaris is a member of that class, and inherits most of the properties of ATT sysv, and some of the properties of BSD. quickie other defs: solaris = solaris 2.5.1/2.6. NT=4.0. both patched. Now what i think that your questions may have been: 1) "Can the hardware which NT supports be sized so as to support as much capacity as unix hardware can within prespecified response time boundaries?" Again, assuming that unix == solaris, and by hardware, you mean PC hardware vs. sparc hardware, the answer is "No. NT doesn't scale as well as unix." Admittedly, solaris on x86 is also capable of handling more users/whatever per unit cpu/memory than NT on intel iron making this true even without the hw assumption. 2) "Can NT, the OS scale to support some of the larger hardware platforms out there?" I'm *sure* that it could, if altered. right now, stock NT server supports what, 4 cpus? and 8 with the enterprise server release[2]. Solaris, last i checked[3], could happily suck up 64 cpus on the galaxy class..*cough*..enterprise 10000. [1] hmm, product idea, i said it first for those patent pissants [2] NT cpu scaling is based upon memory, not looking at facts, check with your friendly neighborhood assmilation agent for the truth about collectiveOS (NT). [3] My guess with JavaCheater's OS is based upon what i've heard there high end boxes are. Look at their web page to verify both this and to see what other benchmarks they are cheating on. perhaps they will merely label their cpu's as 600mhz, when only one part (the clock) actually runs that fast. #undef rant -- craig ------------------------------------------------------------------------------- Craig I. Hagan "It's a small world, but I wouldn't want to back it up" hagan(at)cih.com "True hackers don't die, their ttl expires" "It takes a village to raise an idiot, but an idiot can raze a village" Stop the spread of spam, use a sendmail condom! http://www.cih.com/~hagan/smtpd-hacks In Bandwidth we trust From owner-firewalls-list Sun Dec 7 19:58:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id TAA18885; Sun, 7 Dec 1997 19:49:53 -0800 (PST) Received: from gateway2.ey.com (gateway2.ey.com [199.50.26.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id TAA18829 for ; Sun, 7 Dec 1997 19:49:37 -0800 (PST) From: ARVE.KJOELEN@EY.COM Received: by gateway2.ey.com id AA01116 (InterLock SMTP Gateway 3.0 for firewalls@greatcircle.com); Sun, 7 Dec 1997 22:53:39 -0500 Received: by gateway2.ey.com (Protected-side Proxy Mail Agent-1); Sun, 7 Dec 1997 22:53:39 -0500 To: " - (052)firewalls":; (052) Subject: Re: Gauntlet console Message-Id: <0014500014491104000002L042*@MHS> Date: Sun, 7 Dec 1997 22:50:40 -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Jon Stitzel wrote: > and was wondering if there is any way to connect an admin console > to the firewall via serial? The answer is yes. This should be documented somewhere like the sun-managers FAQ. By default, a solaris machine that boots will perform I/O using ttya when it can't find a console connected (no keyboard/monitor). just connect your wyse or whatever to ttya (you'll need the really funky Sun serial port splitter unless you want to create your own cable), remove your Sun keyboard and monitor and reboot. -Arve Kjoelen From owner-firewalls-list Sun Dec 7 23:28:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id XAA11876; Sun, 7 Dec 1997 23:19:04 -0800 (PST) Received: from penguin.wise.edt.ericsson.se (penguin-ext.wise.edt.ericsson.se [194.237.142.5]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id XAA11869 for ; Sun, 7 Dec 1997 23:18:56 -0800 (PST) Received: from geek.nmac.ericsson.se (geek.nmac.ericsson.se [130.100.187.83]) by penguin.wise.edt.ericsson.se (8.7.5/8.7.3/glacier-1.12) with ESMTP id IAA22451 for ; Mon, 8 Dec 1997 08:22:56 +0100 (MET) Received: from haig.oplab.nmac.ericsson.se (haig.oplab.nmac.ericsson.se [130.100.187.85]) by geek.nmac.ericsson.se (8.8.5/8.8.5) with ESMTP id IAA08654 for ; Mon, 8 Dec 1997 08:21:27 +0100 Received: by haig.oplab.nmac.ericsson.se with Internet Mail Service (5.0.1457.3) id ; Mon, 8 Dec 1997 08:22:41 +0100 Message-ID: <43BED8177D10D011A69A0800092C15D70BBAEE@haig.oplab.nmac.ericsson.se> From: =?iso-8859-1?Q?Robert_St=E5hlbrand?= To: "'firewalls@greatcircle.com'" Subject: FW: Through Checkpoint-1 firewalls Ftp can't access NT virtual's IP Date: Mon, 8 Dec 1997 08:22:39 +0100 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The end of the discussion should be here too.... /Robert St=E5hlbrand, Ericsson Telecom AB in Sweden > -----Original Message----- > From: mrlee325@ms1.hinet.net [SMTP:mrlee325@ms1.hinet.net] > Sent: den 4 december 1997 10:59 > To: Robert St=E5hlbrand > Subject: RE: Through Checkpoint-1 firewalls Ftp can't access NT > virtual's IP >=20 > >Hi! > > > >This is my guess.... > > > >The problem is that you don't use PASSIVE FTP which means that your > >booth using port 21 for commands and port 20 for data. > >A connection is established with your "random" source port and with > 21 > >as destination port on your virtual machine but when it comes to = DATA > >the connection is setup from the virtual machine (random source = port) > to > >your port 20 and I think the problem lies in this scenario. Your > >computer (where the session starts) is not identifing this = connection > as > >a part of the FTP-session and no DATA arrives (your comp. thinks it > >comes from the real ip). That is why you get errormessage "Can't = open > >data connection". > > > >To verify this, try to use Netscape (IE etc. which uses PASSIVE FTP) > on > >the outside and do the FTP. If this works (probably do) my guess is > >right! > > > >Sniff the traffic man! > > > >/Robert St=E5hlbrand, Ericsson Telecom in Sweden > > > >> -----Original Message----- > >> From: mrlee325@ms1.hinet.net [SMTP:mrlee325@ms1.hinet.net] > >> Sent: den 28 november 1997 08:41 > >> To: firewalls@GreatCircle.COM > >> Cc: fw-1-mailinglist@us.checkpoint.com > >> Subject: Through Checkpoint-1 firewalls Ftp can't access NT > >> virtual's IP > >>=20 > >> Hi people of GreatCircle > >>=20 > >> My office has a Checkpoint-1 firewalls NT with 3.0b version,=20 > >> and a NT server 4.0 with multi-hosting(virtual IPs) service. > >>=20 > >> If I start ftp function to access the NT server through FW-1, no > >> matter from > >> local pc or FW-1 itself, there are some conditions , > >>=20 > >> 1. if ftp the NT's real ip, the connection is OK. > >>=20 > >> 2. when you ftp anyone NT's virtual ips, the action is hung,=20 > >> appear " 425 Can't open data connection" error message. > >>=20 > >> 3. when ftp the NT server no through FW-1, from internet user, > >> it also work good,no matter what real ip or virtual ips. > >>=20 > >> 4. if NT server is moved to DMZ, the ftp action from internet > user > >> is the same as the above 2. point. > >>=20 > >> PS. If FW-1's security policy rule is set to " any any any accecpt > >> long GW ...", > >> ftp NT server is no problem, no matter what real ip or virtual > >> ips, > >> when any security rule is set, the situation is the same above > >> descriptions. > >>=20 > >> My environment is: > >>=20 > >> ISP =20 > >> > / > >> = / > >> |--------| | = > >> ( DMZ ) | | > |--------| > >> ---------------| FW-1 |----------------------| > Router | > >> | | | > |--------| > >> |--------| |--------| > >> local net | | NT 4.0 | > >> --------------------------- | SERVER | > >> | |--------| > >> |-----| > >> | pc | > >> |-----| =20 > >>=20 > >> These problems bother me a long time. > >> If anyone know any answer, please tell me. > >>=20 > >> Thanks a lot. > >>=20 > >> Mao-Jung Lee > >>=20 > >> mrlee@cycloria.com.tw > > > > > Hi, > Thank you for your answer, your guess is right. >=20 > The ftp function that will dispear "425 Can't open data = connection" >=20 > pass firewall was solved. > If client site ftp command support "passive" function, enable it, > the problem aboved is no problem. >=20 > I use cute-FTP utility, it is O.K. >=20 >=20 > Mao-Jung Lee From owner-firewalls-list Mon Dec 8 05:13:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id FAA08423; Mon, 8 Dec 1997 05:06:38 -0800 (PST) Received: from pool1.convey.ru (pool1.convey.ru [195.182.128.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id FAA08399 for ; Mon, 8 Dec 1997 05:06:28 -0800 (PST) Received: from mpak.UUCP (uucp@localhost) by pool1.convey.ru (8.8.7/8.7.3) with UUCP id QAA26819 for firewalls@greatcircle.com; Mon, 8 Dec 1997 16:10:31 +0300 (MSK) Received: by mpak.convey.ru (UUPC/@ v6.14g, 06Jun95) id AA21798; Mon, 8 Dec 1997 16:09:32 +0300 (RST) Date: Mon, 08 Dec 1997 16:03:06 RST From: ark@mpak.convey.ru (-= ArkanoiD =-) Reply-To: ark@mpak.convey.ru Message-Id: <748@mpak.convey.ru> To: firewalls@greatcircle.com Cc: firewall-wizards@nfr.net Subject: Wingate? Organization: International Brownian Movement X-Mailer: PCElm 1.10 Lines: 19 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk nuqneH, Does anybody have expirience with software product named "Wingate"? It seems to be something like cheap entry-level firewall system for Windows 95 and NT. People often do ask me if they need a "real" firewall or Wingate is enough for them. So the questions are how good is it from the viewpoint of a) security b) control and monitoring features c) protocol support d) administration e) performance Thanks for any info. -- _ _ _ _ _ _ _ Must be a visit from the dead.. _| o |_ | | _|| | / _||_| |_ |_ |_ CU in Hell .......... Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| From owner-firewalls-list Mon Dec 8 06:58:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA14833; Mon, 8 Dec 1997 06:44:53 -0800 (PST) Received: from Portal.XAIT.Xerox.COM (Portal.XAIT.Xerox.COM [198.114.160.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id GAA14826 for ; Mon, 8 Dec 1997 06:44:46 -0800 (PST) Received: (from uucp@localhost) by Portal.XAIT.Xerox.COM (8.8.5/8.8.5) id JAA07539 for ; Mon, 8 Dec 1997 09:50:15 -0500 (EST) Received: from harmony.xait.xerox.com(13.232.16.11) by Portal.XAIT.Xerox.COM via smap (3.2) id xma007506; Mon, 8 Dec 97 09:49:59 -0500 Received: from Ash.XAIT.Xerox.COM by inconcert.com (SMI-8.6/SMI-SVR4) id JAA29341; Mon, 8 Dec 1997 09:49:42 -0500 Received: by Ash.XAIT.Xerox.COM (SMI-8.6/SMI-SVR4) id JAA18310; Mon, 8 Dec 1997 09:49:02 -0500 Date: Mon, 8 Dec 1997 09:49:02 -0500 From: aenis@InConcert.COM (Aenis Harris) Message-Id: <199712081449.JAA18310@Ash.XAIT.Xerox.COM> To: firewalls@GreatCircle.COM X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk usubscribe firewalls From owner-firewalls-list Mon Dec 8 07:58:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA21576; Mon, 8 Dec 1997 07:54:17 -0800 (PST) Received: from www.valuu.net (www.valuu.net [204.252.40.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA21561 for ; Mon, 8 Dec 1997 07:54:10 -0800 (PST) Received: from fd.valuu.net ([204.252.40.3]) by www.valuu.net (post.office MTA v2.0 0813 ID# 0-11837) with SMTP id AAA253; Mon, 8 Dec 1997 10:57:16 -0500 Received: by fd.valuu.net with Microsoft Mail id <01BD03C8.4D9513C0@fd.valuu.net>; Mon, 8 Dec 1997 10:59:06 -0500 Message-ID: <01BD03C8.4D9513C0@fd.valuu.net> From: rabbi@www.valuu.net (Rabbi Haim Cassorla) To: "'-= ArkanoiD =-'" Cc: "'firewalls@greatcircle.com'" Subject: RE: Wingate? Date: Mon, 8 Dec 1997 10:59:05 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Wingate is a proxy server. Earlier versions were shareware, $20.00 registration. New version is ~$600.00 Shalom Berakha VeTova Rabbi Haim Cassorla ---------- From: -= ArkanoiD =-[SMTP:ark@mpak.convey.ru] Sent: Monday, December 08, 1997 11:03 AM To: firewalls@greatcircle.com Cc: firewall-wizards@nfr.net Subject: Wingate? nuqneH, Does anybody have expirience with software product named "Wingate"? It seems to be something like cheap entry-level firewall system for Windows 95 and NT. People often do ask me if they need a "real" firewall or Wingate is enough for them. So the questions are how good is it from the viewpoint of a) security b) control and monitoring features c) protocol support d) administration e) performance Thanks for any info. -- _ _ _ _ _ _ _ Must be a visit from the dead.. _| o |_ | | _|| | / _||_| |_ |_ |_ CU in Hell .......... Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| From owner-firewalls-list Mon Dec 8 10:28:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id KAA02607; Mon, 8 Dec 1997 10:19:31 -0800 (PST) Received: from out2.ibm.net (out2.ibm.net [165.87.194.229]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id KAA02598 for ; Mon, 8 Dec 1997 10:19:26 -0800 (PST) Received: from jnzbwtaw (slip129-37-244-75.tx.us.ibm.net [129.37.244.75]) by out2.ibm.net (8.8.5/8.6.9) with ESMTP id SAA59730; Mon, 8 Dec 1997 18:23:30 GMT Message-ID: <348C3B65.2542F396@ibm.net> Date: Mon, 08 Dec 1997 12:24:38 -0600 From: Michael Sorbera Organization: Randolph-Brooks Federal Credit Union X-Mailer: Mozilla 4.01 [en] (Win95; I) MIME-Version: 1.0 To: "Guse, Darren J." CC: Firewalls@GreatCircle.com Subject: Re: Firewall for AS/400 X-Priority: 3 (Normal) References: <9711058813.AA881359848@ccmail.zim.bms.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Guse, Darren J. wrote: > Does anyone out there have any experience with IBM's Firewall for > > AS/400? > > Would appreciate any feedback.... > > Darren Guse > Manager, Computer Operations and Network Services > Linvatec Corp Yup, you're in Luck! Just got thru going thru that gyration myself...If you want any further info, send me a private e-mail and we'll talk via the feletone... Later, Michael Sorbera Webmaster, Randolph-Brooks Federal Credit Union "In the land of the clueless, he who has half a clue is King!" From owner-firewalls-list Mon Dec 8 10:39:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id JAA01891; Mon, 8 Dec 1997 09:58:39 -0800 (PST) Received: from nebula.online.ee (nebula.online.ee [194.106.96.11]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id JAA01882 for ; Mon, 8 Dec 1997 09:58:26 -0800 (PST) Received: from localhost (jk@localhost) by nebula.online.ee (8.8.7/8.8.3) with SMTP id UAA03064; Mon, 8 Dec 1997 20:02:15 +0200 (EET) Date: Mon, 8 Dec 1997 20:02:14 +0200 (EET) From: Jyri Kaljundi X-Sender: jk@nebula To: Firewalls@GreatCircle.COM cc: Yuval Yeret Subject: Re: NT as a central intranet firewall In-Reply-To: <199712070900.BAA03607@honor.greatcircle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yuval Yeret asked: > But I would like to hear from people who use NT or other OS > for heavy-duty firewall's, and what they use as a platform. > > The main issue is, can NT scale up to Unix, given the right > hardware ? I don't think NT can be used as an Intranet firewall. If you want heavy duty, go with Solaris Sparc. If you have a budget but still want a reliable Unix, choose Solaris x86 on Pentium Pro. In Intranets you probably want to do 100Mbps real soon if you are not using it already, and NT TCP/IP I have heard gives out much less as I have heard. For easy to use and fast firewall box, please look at Ipsilon running FireWall-1 (http://www.ipsilon.com). For Check Point testing results on NT vs. Solaris, please see http://www.checkpoint.com/products/technology/pdata_sol_nt.html Regards, Jyri Kaljundi jk@stallion.ee AS Stallion Ltd http://www.stallion.ee/ From owner-firewalls-list Mon Dec 8 12:13:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id LAA14746; Mon, 8 Dec 1997 11:49:56 -0800 (PST) Received: from nucleus.com (nucleus.com [199.45.65.129]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id LAA14717; Mon, 8 Dec 1997 11:49:47 -0800 (PST) Received: from loki (usr1-cgy-34.nucleus.com [207.34.65.34]) by nucleus.com (8.8.8/8.8.8-NIS-11-28.97) with SMTP id NAA28258; Mon, 8 Dec 1997 13:03:10 -0700 (MST) Message-Id: <3.0.5.32.19971208125531.009b4c10@nucleus.com> X-Sender: dreamwvr@nucleus.com X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32) Date: Mon, 08 Dec 1997 12:55:31 -0700 To: Firewalls@GreatCircle.COM, firewalls-digest@GreatCircle.COM From: dreamwvr Subject: VPNET plus ire product line In-Reply-To: <199712060644.WAA09593@honor.greatcircle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hey everyone, Anyone here have experience with the vpn product line put out by VPNET? Pros and Cons plus more on their VSU 1010 looks very impressive but is it that good? How does it compare to others in independent testing and where is it weak more importantly. Are there better products than this baby and if so please substantiate claims. No flames please or unholy wars we all know what platforms are the best for our needs;') http://www.vpnet.com/products/vsu1010.htm Check this above url out. Also of memory serves me correct didn't NEC have a simular hardware solution or ! that is the question. Also since it uses xxxdes is there one that uses 128bit as opposed to 56 bit ? Too many environment variables need some feedback from :') Also check out http://www.ire.com/ products has anyone used this one? Not I have used linux fw and fw1 and at this time am a bit sceptical but would like a none vendor opinion on this if possible. Thanks Again:') Best Regards, dreamwvr@nucleus.com From owner-firewalls-list Mon Dec 8 12:53:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id MAA16454; Mon, 8 Dec 1997 12:14:54 -0800 (PST) Received: from edina.xenologics.com (edina.xenologics.com [194.77.5.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id MAA16440 for ; Mon, 8 Dec 1997 12:14:42 -0800 (PST) Received: from www (xpl115.xnc.de [194.77.5.79]) by edina.xenologics.com (8.6.8.1/8.6.6) with SMTP id VAA17124; Mon, 8 Dec 1997 21:18:00 +0100 Message-ID: <348C5EB4.5747F009@www.firmen-info.de> Date: Mon, 08 Dec 1997 21:55:16 +0100 From: Stepken Organization: Freie Software Systeme X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.29 i586) MIME-Version: 1.0 To: Jyri Kaljundi CC: Firewalls@GreatCircle.COM, Yuval Yeret Subject: Re: NT as a central intranet firewall References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Jyri Kaljundi wrote: > > Yuval Yeret asked: > > > But I would like to hear from people who use NT or other OS > > for heavy-duty firewall's, and what they use as a platform. > > > > The main issue is, can NT scale up to Unix, given the right > > hardware ? > > I don't think NT can be used as an Intranet firewall. If you want heavy > duty, go with Solaris Sparc. If you have a budget but still want a > reliable Unix, choose Solaris x86 on Pentium Pro. > For Check Point testing results on NT vs. Solaris, please see > http://www.checkpoint.com/products/technology/pdata_sol_nt.html I will never understand the NT hype. NT has an old modified Reno-Tahoe stack, badly designed and patched overall. NT stack is really slow at many simultaneous connections, getting problematic at > 50 connects. With the new LINUX (not 2.0.32), FreeBSD, OS/2 and SUN, which have a rock solid tcp/ip stack (OS/2 see TCP 4.1, its BSD-UNIX stack!!!!) the same CPU is much faster. NT has really problems with reliability. I know hundreds of e-zines, which are always down, from time to time. (i do fping over hundreds of sites) NT is 20-50 times more offline than any UNIX.(facts!!) NT stack is such bad, that there will never be a real good running ATM card or stack. Forget NT. Too buggy, too unreliable, too slow, too expensive in TCO. You must consider the void patches, the reverse upward patches, the big updates, the security problems, the time, which passes by, till a patch is available (depends on language), the lack of experience in security....OutlookExpress...email is encrypted, attachments are not. Tell me: what company else is doing such nonsense ? Update costs, technology incompatibility costs. M$ is too expensive. 6000$ per Desktop and year is the average TCO. Stay with SUN and its (built in) Firewall (See ipfilter), use some free filters, and you have your problems solved. cu, Guido Stepken From owner-firewalls-list Mon Dec 8 14:28:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA01494; Mon, 8 Dec 1997 14:19:39 -0800 (PST) Received: from loki.iss.net (loki.iss.net [208.21.0.3]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA01473 for ; Mon, 8 Dec 1997 14:19:32 -0800 (PST) Received: from tdoty (tdoty.iss.net [208.21.4.61]) by loki.iss.net (8.8.7/8.7.3) with SMTP id RAA15780 for ; Mon, 8 Dec 1997 17:23:43 -0500 Message-Id: <3.0.3.32.19971208172123.009e71d0@mail.iss.net> X-Sender: tdoty@mail.iss.net X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.3 (32) Date: Mon, 08 Dec 1997 17:21:23 -0500 To: firewalls@greatcircle.com From: Ted Doty Subject: Re: dinamics filtering rules Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk "Craig I. Hagan" wrote: >I've always wondered about things like this. are they smart and have >multiple classes of rules: those that can't be changed, those that can be >only added, and those that can be both added and removed? If so, do that >handle rules that are in conflict in the sane (most secure) way, or in a >first/last/best seen? The easiest (conceptually) to understand use for dynamic filtering is to block (sometimes called "shun") someone detected doing a known nasty through a permitted firewall service (for example, someone trying to use the identd buffer overflow in conjunction with email). Not sure how "smart" this dynamic method has to be ... more like a "Bad dog! No biscuit!" situation. I'd imagine that most implementations time out after a set period. I'd sure want operator intervention for "add but never delete". >more imporantly, has that f*cker been QA'ed so that mr. external >nastigator can't play games with your rules (e.g. if strobed, you start >disabling services, leading to a rather easy DOS/irritation attack). A better idea might be to base the update on the source of the attack, rather than turning the service off. Granted, the source could be spoofed, but you're probably only blocking a small subset of the net. If the spoofed address is one of your major partners, then why doesn't your firewall run a VPN to that site? There are layered approaches to this problem that will keep it from getting out of hand. Can't stop DoS attacks, tho. As to irritation, these guys are irritating. ;-) OTOH, which attacks are you more worried about? >Also: if they alter there rules based upon log events, what happens when >the log partition is filled up by dirty mcnasty? Does it fail to >react? This is an argument for external Intrusion Detection (not to mention quicker response time, or offloading the firewall). - Ted -------------------------------------------------------------- Ted Doty, Internet Security Systems | Phone: +1 770 395 0150 41 Perimeter Center East | Fax: +1 770 395 1972 Atlanta, GA 30346 USA | Web: http://www.iss.net -------------------------------------------------------------- PGP key fingerprint: 362A EAC7 9E08 1689 FD0F E625 D525 E1BE From owner-firewalls-list Mon Dec 8 15:13:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA05311; Mon, 8 Dec 1997 15:01:30 -0800 (PST) Received: from vangogh.visualnet.com.br (VanGogh.visualnet.com.br [200.255.209.65]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA05292 for ; Mon, 8 Dec 1997 15:01:21 -0800 (PST) Received: from K6 (line26.visualnet.com.br [200.255.209.250]) by vangogh.visualnet.com.br (8.8.8/8.8.8) with SMTP id VAA07001 for ; Mon, 8 Dec 1997 21:10:08 -0200 Received: by K6 with Microsoft Mail id <01BD041D.3E2AD8C0@K6>; Mon, 8 Dec 1997 21:07:07 -0200 Message-ID: <01BD041D.3E2AD8C0@K6> From: Bruno Coelho Nunes da Costa To: "Firewalls@GreatCircle.COM" Subject: Novell BorderManager Date: Mon, 8 Dec 1997 21:06:28 -0200 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Anyone here have experience or knows some information about the Novell = BorderManager? I searched the novell site, but they give a lot of = importance for the cache stuff, and say very little about the security = stuff. I have some questions like: Does it block java and activeX? It says blocking .exe files... Based in the extension or in the file = itself? Any info wold be helpful Thanks Bruno Coelho Consultoria Tecnica Modulo Consultoria e Informatica http://www.modulo.com.br From owner-firewalls-list Mon Dec 8 15:28:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA07815; Mon, 8 Dec 1997 15:19:10 -0800 (PST) Received: from gotham.mcny.com ([207.122.13.30]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id PAA07799 for ; Mon, 8 Dec 1997 15:19:03 -0800 (PST) Received: from localhost (security@localhost) by gotham.mcny.com (8.8.5/8.7.2) with SMTP id SAA02727 for ; Mon, 8 Dec 1997 18:19:13 -0500 (EST) Date: Mon, 8 Dec 1997 18:19:13 -0500 (EST) From: MCNY Security Officer To: Firewalls@GreatCircle.COM Subject: WINS Port Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone know what port a Microsoft NT workstation uses to query a Microsoft NT server for WINS resolution? Thanks, Lou Person lperson@mcny.com From owner-firewalls-list Mon Dec 8 15:43:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id PAA06903; Mon, 8 Dec 1997 15:11:25 -0800 (PST) Received: from m6.sprynet.com (m6.sprynet.com [165.121.1.89]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id PAA06867 for ; Mon, 8 Dec 1997 15:11:14 -0800 (PST) Received: from zeos (hdn88-017.hil.compuserve.com [206.175.98.17]) by m6.sprynet.com (8.6.12/8.6.12) with SMTP id PAA15147; Mon, 8 Dec 1997 15:15:09 -0800 Message-Id: <3.0.3.32.19971208182342.007ad600@m6.sprynet.com> X-Sender: jsk347@m6.sprynet.com X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Mon, 08 Dec 1997 18:23:42 -0500 To: Jyri Kaljundi , Firewalls@GreatCircle.COM From: Steve Kruse Subject: Re: NT as a central intranet firewall Cc: Yuval Yeret In-Reply-To: References: <199712070900.BAA03607@honor.greatcircle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Jyri: I believe that your statement is a bit broad in scope. There are many cases where an NT firewall would perform adequately for Intranet applications. There are a great number of variables as to the performance requirement for an Intranet. The same can be said of the various NT solutions on the market. I would not feel comfortable making the suggestion that Solaris is the ONLY solution without getting more detail! Steve Kruse At 08:02 PM 12/8/97 +0200, Jyri Kaljundi wrote: > >Yuval Yeret asked: > >> But I would like to hear from people who use NT or other OS >> for heavy-duty firewall's, and what they use as a platform. >> >> The main issue is, can NT scale up to Unix, given the right >> hardware ? > >I don't think NT can be used as an Intranet firewall. If you want heavy >duty, go with Solaris Sparc. If you have a budget but still want a >reliable Unix, choose Solaris x86 on Pentium Pro. > >In Intranets you probably want to do 100Mbps real soon if you are not >using it already, and NT TCP/IP I have heard gives out much less as I have >heard. > >For easy to use and fast firewall box, please look at Ipsilon running >FireWall-1 (http://www.ipsilon.com). > >For Check Point testing results on NT vs. Solaris, please see >http://www.checkpoint.com/products/technology/pdata_sol_nt.html > >Regards, > >Jyri Kaljundi >jk@stallion.ee >AS Stallion Ltd >http://www.stallion.ee/ > *********************************************** * jsk347@sprynet.com (Personal E-Mail) * * skruse@milkyway.com (Company E-Mail) * * http://www.milkyway.com * *********************************************** From owner-firewalls-list Mon Dec 8 16:10:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id OAA04001; Mon, 8 Dec 1997 14:52:05 -0800 (PST) Received: from x11.boston.juno.com (x11.boston.juno.com [205.231.100.26]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id OAA03958 for ; Mon, 8 Dec 1997 14:51:45 -0800 (PST) Received: (from wiseleo@juno.com) by x11.boston.juno.com (queuemail) id RMJ22910; Mon, 08 Dec 1997 17:06:18 EST To: ark@mpak.convey.ru Cc: firewalls@GreatCircle.COM, firewall-wizards@nfr.net Date: Mon, 8 Dec 1997 13:49:23 -0800 Subject: Re: Wingate? Message-ID: <19971208.140107.5903.4.wiseleo@juno.com> References: <748@mpak.convey.ru> X-Mailer: Juno 1.38 X-Juno-Line-Breaks: 0-3,6-7,10-11,13-14,17-27,29-32,35-36,38-41,44-47, 49-55,57-82 From: wiseleo@juno.com (Leonid S Knyshov) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Arkanoid and other list members: I use Wingate... and you can call it gateway to hell :) It absolutely hates NT: by that I mean random 100% CPU consumption... Turtle speed slowdowns etc. Once it got so bad I had to almost reboot the server... Also it has a tendency to disobey it's license agreement as gatekeeper (the config console) if you add more than 50 users... Also the performance of gatekeeper chokes... And oh yes, it also likes to disobey gatekeeper's settings as well (can't hang up phone dialer when you click reset, for example) inline logins to ftp/http resources aren't supported, such as ftp://user@host you must use user:password@host (security hole imho), http://user:password@host won't work either. Tricky SMTP setup user#host, password. Yeah that's # However, once these bugs are worked out, it's a nice system. I like these features: Full timestamped logs Billing control Transparency, automatic config of clients SECURITY RESTRICTIONS by IP and Location, and time and userid. (although a bit time consuming to configure) Groups of users.. Default rights And a bunch of others. The control interface is intuitive to use... However, beware it crashes sometimes. Also you must not forget to save settings. Administration could be streamlined a bit. Performance is OK.. But not blazing... we are having reports with extreme slowdowns in version 2.1beta. That's being investigated. *NEW* Version 2.1beta features Java client authentication. Their latest beta appears to be stable... for more information check out http://www.wingate.net (main site) and http://beta.wingate.net (beta, registration required) They run internal discussion forums and a search engine, have fun :) P.S. I don't work for Deerfield software and no solicitation was intended, I am their beta tester, however. *** Leonid S. Knyshov Information Systems Manager wiseleo@juno.com (for MIME messages: wiseleo@hotmail.com) Also known as Wise_One of CyBrids CSE On Mon, 08 Dec 1997 16:03:06 RST ark@mpak.convey.ru (-= ArkanoiD =-) writes: >nuqneH, > >Does anybody have expirience with software product named "Wingate"? It >seems to >be something like cheap entry-level firewall system for Windows 95 and >NT. >People often do ask me if they need a "real" firewall or Wingate is >enough for >them. So the questions are how good is it from the viewpoint of > >a) security >b) control and monitoring features >c) protocol support >d) administration >e) performance > >Thanks for any info. > >-- > _ _ _ _ _ _ _ > Must be a visit from the dead.. _| o |_ | | _|| | / _||_| >|_ |_ |_ > CU in Hell .......... Arkan#iD |_ o _||_| _||_| / _| | o >|_||_||_| > From owner-firewalls-list Mon Dec 8 16:15:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id QAA16297; Mon, 8 Dec 1997 16:01:10 -0800 (PST) Received: from corp-gateway.tais.toshiba.com (corp-gateway.tais.toshiba.com [159.119.4.200]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id QAA16220 for ; Mon, 8 Dec 1997 16:00:53 -0800 (PST) From: Sheila.Soulia@tais.toshiba.com Received: from zmsvr02.tais.com (zmsvr02.tais.net [159.119.4.251]) by corp-gateway.tais.toshiba.com (8.8.8/8.8.8) with SMTP id OAA13035 for ; Mon, 8 Dec 1997 14:56:11 -0800 (PST) Received: by zmsvr02.tais.com(Lotus SMTP MTA SMTP MTA v1.1.04 (495.1 10-24-1997)) id 88256567.007DFE93 ; Mon, 8 Dec 1997 14:56:11 -0800 X-Lotus-FromDomain: TOSHIBA-TAIS To: firewalls@GreatCircle.com Message-ID: <88256567.007D9F81.00@zmsvr02.tais.com> Date: Mon, 8 Dec 1997 14:56:03 -0800 Subject: http through firewall-1 Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello all, We just installed firewall-1 and did major network changes including a new domain name and bgp on internet routers. We are having problems getting to some sites in the internet, but not all. Some examples are novell.com and cisco.com. During the installation I was asked if I'd like secure http and I checked yes, other than that, I have no rules set in the policy in regards to http. I can ping and traceroute to the destinations, but cannot access via a browser. Any ideas? Thanks, Sheila From owner-firewalls-list Mon Dec 8 18:59:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id SAA19573; Mon, 8 Dec 1997 18:43:13 -0800 (PST) Received: from eshu.request.net ([207.48.133.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id SAA19565 for ; Mon, 8 Dec 1997 18:43:07 -0800 (PST) Received: from max.net ([208.204.15.2]) by eshu.request.net with ESMTP id <8401-27480>; Mon, 8 Dec 1997 21:46:23 -0500 Received: from zap-mama ([134.7.136.12]) by max.net with SMTP id <1785-11625>; Mon, 8 Dec 1997 21:46:10 -0500 Message-Id: <3.0.3.32.19971209104708.0096b4d0@bwa.net> X-Sender: lists@bwa.net X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.3 (32) Date: Tue, 09 Dec 1997 10:47:08 To: ark@mpak.convey.ru (-= ArkanoiD =-) From: Bret Watson Subject: Re: Wingate? Cc: firewalls@GreatCircle.COM In-Reply-To: <749@mpak.convey.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 04:03 PM 12/8/97 RST, you wrote: >nuqneH, > >Does anybody have expirience with software product named "Wingate"? It seems to >be something like cheap entry-level firewall system for Windows 95 and NT. >People often do ask me if they need a "real" firewall or Wingate is enough for >them. So the questions are how good is it from the viewpoint of Not really its more a SOHO internget gateway. > >a) security It provides NAT so that you can load up a whole pile of people on one dial-up IP - this is about all the security it does provide, though there seems to be some basic packet filtering/proxy work. I think the proxy is a proxy cache not an application proxy... >b) control and monitoring features Pretty good actually - beats MS RRAS hands down - I set this up in about two minutes and it worked! >c) protocol support lets see I think it does most of the normal stuff - look at wingate.net -there shold be a two user demo available... >d) administration not too bad - not a lot of reporting though >e) performance OK for two to three users - don't know after that, I suspect it wouldn't be suitable for more than ten users. A good test would be to get webdown (avail nonags) and mirror a site with the connections set at 100 - if it doesn't load down the web server then you should get an indication of how well it handles lots of web connections.. Cheers, Bret Technical Incursion Countermeasures Providing the means for your company's self-defense consulting@bwa.net http://www.bwa.net/ ph: (+61)(08) 9429 8898(UTC+8 hrs) fax: (+61)(08) 9429 8800 From owner-firewalls-list Mon Dec 8 19:25:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id RAA02803; Mon, 8 Dec 1997 17:16:24 -0800 (PST) Received: from edina.xenologics.com (edina.xenologics.com [194.77.5.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id RAA02667 for ; Mon, 8 Dec 1997 17:15:51 -0800 (PST) Received: from www (xpl104.xnc.de [194.77.5.68]) by edina.xenologics.com (8.6.8.1/8.6.6) with SMTP id CAA29480; Tue, 9 Dec 1997 02:19:48 +0100 Message-ID: <348C9CB3.6C93D744@www.firmen-info.de> Date: Tue, 09 Dec 1997 02:19:47 +0100 From: Stepken Organization: Freie Software Systeme X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.29 i586) MIME-Version: 1.0 To: Steve Kruse CC: Jyri Kaljundi , Firewalls@GreatCircle.COM, Yuval Yeret Subject: Re: NT as a central intranet firewall References: <199712070900.BAA03607@honor.greatcircle.com> <3.0.3.32.19971208182342.007ad600@m6.sprynet.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Steve Kruse wrote: > > Jyri: > > I believe that your statement is a bit broad in scope. There are many > cases where an NT firewall would perform adequately for Intranet > applications. There are a great number of variables as to the performance > requirement for an Intranet. The same can be said of the various NT > solutions on the market. No, e.g. there are some companies, which had raptor eagle and NT just for ISDN 64KBit. A P166 was too slow. cu, Guido Stepken From owner-firewalls-list Mon Dec 8 20:28:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA00756; Mon, 8 Dec 1997 20:22:41 -0800 (PST) Received: from mail.mel.aone.net.au (mail.mel.aone.net.au [203.12.176.157]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id UAA00749 for ; Mon, 8 Dec 1997 20:22:35 -0800 (PST) Received: from nemesis.ue.com.au (mail.ue.com.au [203.103.135.130]) by mail.mel.aone.net.au (8.8.6/8.8.6) with SMTP id PAA11675; Tue, 9 Dec 1997 15:26:47 +1100 (EST) Received: by nemesis.ue.com.au (8.6.12) id PAA04140; Tue, 9 Dec 1997 15:26:46 +1100 Received: from mail.ue.com.au(146.178.75.10) by nemesis.ue.com.au via smap (V1.3) id sma004020; Tue Dec 9 15:25:10 1997 MIME-Version: 1.0 Date: 9 Dec 97 15:25:08 -1000 From: "Pemberton Steven" Subject: Squid are a firewall proxy? Message-Id: <9712091525.aa08@UEMAIL4.> To: sage-au@sage-au.org.au, firewalls-digest@greatcircle.com Content-Type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk G'day, Apologies for the clueless questions, but... I'm trying to convince management to install squid on our company firewall to handle HTTP and HTTPS/SSL connections. Their major concern is security, ie. "Squid isn't a firewall"... If you use Squid as a HTTP proxy, exposed to the internet, and as part of a firewall system, could you please email me regarding your experience. Do you think squid is suitable for this role? Thanks, Steven P. From owner-firewalls-list Mon Dec 8 20:43:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA00437; Mon, 8 Dec 1997 20:17:13 -0800 (PST) Received: from cih-gw.cih.com (cih-gw.cih.com [204.69.206.1]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id UAA00430 for ; Mon, 8 Dec 1997 20:17:06 -0800 (PST) Received: (from mail@localhost) by cih-gw.cih.com (8.7.6/8.6.9) id XAA06649; Mon, 8 Dec 1997 23:27:42 -0500 X-Authentication-Warning: cih-gw.cih.com: mail set sender to using -f Received: from cih-gw.cih.com(204.69.206.1) via SMTP by cih-gw.cih.com, id smtpd06647aaa; Tue Dec 9 04:27:34 1997 Date: Mon, 8 Dec 1997 23:27:33 -0500 (EST) From: "Craig I. Hagan" Reply-To: hagan@cih.com To: Steve Kruse cc: Jyri Kaljundi , Firewalls@GreatCircle.COM, Yuval Yeret Subject: Re: NT as a central intranet firewall In-Reply-To: <3.0.3.32.19971208182342.007ad600@m6.sprynet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > I would not feel comfortable making the suggestion that Solaris is the ONLY > solution without getting more detail! really. consider all of the other goodies that run on PC's. lesse, we have BSDI, 368bsd (jolitz), SCO, Unixware, QNX, other commercials that i've forgotten, then the big cost/performance guns: free/open/net/etcBSD, and linux. Just picking three capriciously, BSDI, FreeBSD, and linux, i'd hazard that they could do a damn competetive job with solaris x86 in terms of performance/response time.[1] anyhow, the point is that people have a lot of choices on the x86 archicture. hell, they even have choices on PPC, sparc, and alpha. These choices include, but, certainly aren't limited to solaris and NT. [1] i'm not trying to start a my os is god, your os was found in the mummy's tomb type thing. -- craig ------------------------------------------------------------------------------- Craig I. Hagan "It's a small world, but I wouldn't want to back it up" hagan(at)cih.com "True hackers don't die, their ttl expires" "It takes a village to raise an idiot, but an idiot can raze a village" Stop the spread of spam, use a sendmail condom! http://www.cih.com/~hagan/smtpd-hacks In Bandwidth we trust From owner-firewalls-list Mon Dec 8 20:58:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id UAA02642; Mon, 8 Dec 1997 20:45:52 -0800 (PST) Received: from mail.cosapidata.com.pe (mail.cosapidata.com.pe [200.4.207.4]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id UAA02626 for ; Mon, 8 Dec 1997 20:45:42 -0800 (PST) Received: from fernando ([200.37.28.65]) by mail.cosapidata.com.pe (8.8.7/8.8.8) with SMTP id AAA03407 for ; Tue, 9 Dec 1997 00:50:22 -0500 Received: by fernando with Microsoft Mail id <01BD0434.56A36040@fernando>; Mon, 8 Dec 1997 23:52:27 -0500 Message-ID: <01BD0434.56A36040@fernando> From: Fernando De los Rios Boggio To: "firewalls@GreatCircle.COM" Date: Mon, 8 Dec 1997 23:52:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk usubscribe firewalls From owner-firewalls-list Mon Dec 8 21:43:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id VAA12010; Mon, 8 Dec 1997 21:38:14 -0800 (PST) Received: from inergen.sybase.com (inergen.sybase.com [192.138.151.43]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id VAA11956 for ; Mon, 8 Dec 1997 21:38:02 -0800 (PST) Received: from smtp1.sybase.com (sybgate.sybase.com [130.214.220.35]) by inergen.sybase.com (8.8.4/8.8.4) with SMTP id VAA13291; Mon, 8 Dec 1997 21:43:53 -0800 (PST) Received: from gwwest.sybase.com by smtp1.sybase.com (4.1/SMI-4.1/SybH3.5-030896) id AA28345; Mon, 8 Dec 97 21:44:50 PST Received: by gwwest.sybase.com(Lotus SMTP MTA v1.1 (385.6 5-6-1997)) id 88256568.001F9E44 ; Mon, 8 Dec 1997 21:45:21 -0800 X-Lotus-Fromdomain: SYBASENOTES From: "Ryan Russell" To: spember@mail.ue.com.au Cc: sage-au@sage-au.org.au, firewalls-digest@GreatCircle.COM Message-Id: <88256568.001EF8A7.00@gwwest.sybase.com> Date: Mon, 8 Dec 1997 21:40:05 -0800 Subject: Re: Squid are a firewall proxy? Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk It's true. The proxy portion isn't a firewall. The OS functions or a filtering router or some other mechanism are. Sounds like in your case it'd be best to clean up the host that squid will run on, and do filtering at the outside and inside router(s). Then you've got a firewall, and a proxy to allow inside users out. Ryan spember@mail.ue.com.au on 12/09/97 05:25:08 PM To: sage-au@sage-au.org.au, firewalls-digest@GreatCircle.COM cc: (bcc: Ryan Russell/SYBASE) Subject: Squid are a firewall proxy? G'day, Apologies for the clueless questions, but... I'm trying to convince management to install squid on our company firewall to handle HTTP and HTTPS/SSL connections. Their major concern is security, ie. "Squid isn't a firewall"... If you use Squid as a HTTP proxy, exposed to the internet, and as part of a firewall system, could you please email me regarding your experience. Do you think squid is suitable for this role? Thanks, Steven P. From owner-firewalls-list Mon Dec 8 21:58:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id VAA11426; Mon, 8 Dec 1997 21:35:18 -0800 (PST) Received: from smtp.enteract.com (david.enteract.com [206.54.252.252]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id VAA11397 for ; Mon, 8 Dec 1997 21:35:02 -0800 (PST) Received: (qmail 10179 invoked from network); 9 Dec 1997 05:39:02 -0000 Received: from jimst.sa.enteract.com (HELO jimst.alephconsult.com) (207.229.133.64) by david.enteract.com with SMTP; 9 Dec 1997 05:39:02 -0000 Received: by localhost with Microsoft MAPI; Mon, 8 Dec 1997 23:38:02 -0600 Message-ID: <01BD0432.53569120.jimst@enteract.com> From: James Strompolis Reply-To: "jimst@enteract.com" To: "'ark@mpak.convey.ru'" , "firewalls@GreatCircle.COM" Cc: "firewall-wizards@nfr.net" Subject: RE: Wingate? Date: Mon, 8 Dec 1997 23:37:50 -0600 Organization: Aleph Consultants, Inc. X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk As another poster said, Wingate hates NT and since 95 has no real security, IMO, Wingate is not suitable as a security product. WinProxy is much better but has a few warts. Try them both out. They're both available for eval download. WinProxy is at http://www.ositis.com and WinGate is at http://www.deerfield.com. I don't sell these products but have used both. I prefer MS Proxy over both in an NT environment, prefer WinGate on a small 95 network where cost is a major issue and prefer WinProxy on a small network with an NT server where the owner balks at the cost of MS Proxy. It may actually be cheaper to buy a small hardware based proxy machine now. - James Strompolis Aleph Consultants, Inc. jimst@enteract.com On Monday, December 08, 1997 10:03 AM, -= ArkanoiD =- [SMTP:ark@mpak.convey.ru] wrote: > nuqneH, > > Does anybody have expirience with software product named "Wingate"? It seems to > be something like cheap entry-level firewall system for Windows 95 and NT. > People often do ask me if they need a "real" firewall or Wingate is enough for > them. So the questions are how good is it from the viewpoint of > > a) security > b) control and monitoring features > c) protocol support > d) administration > e) performance > > Thanks for any info. > > -- > _ _ _ _ _ _ _ > Must be a visit from the dead.. _| o |_ | | _|| | / _||_| |_ |_ |_ > CU in Hell .......... Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| From owner-firewalls-list Mon Dec 8 22:43:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA18310; Mon, 8 Dec 1997 22:15:30 -0800 (PST) Received: from [10.143.3.117] ([202.98.117.87]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA18220 for ; Mon, 8 Dec 1997 22:14:55 -0800 (PST) Message-Id: <199712090614.WAA18220@honor.greatcircle.com> Received: from guipc (guijun [200.1.1.75]) by bdnt (Viking/0.9.30) with SMTP for ; Tue, 10 Dec 1996 06:19:12 +0800 From: guijun@202.96.152.194@GMSERVER2.GMADVERTISING.COM To: firewalls-digest@greatcircle.com Date: Tue, 9 Dec 1997 14:18:52 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: usubcribe X-Viking: Unregistered Viking-Server at bdnt Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From owner-firewalls-list Mon Dec 8 22:58:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA24410; Mon, 8 Dec 1997 22:46:19 -0800 (PST) Received: from [10.143.3.117] ([202.98.117.87]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA16035 for ; Mon, 8 Dec 1997 22:03:21 -0800 (PST) Message-Id: <199712090603.WAA16035@honor.greatcircle.com> Received: from guipc (guijun [200.1.1.75]) by bdnt (Viking/0.9.30) with SMTP for ; Tue, 10 Dec 1996 06:07:04 +0800 From: "Guijun" To: firewalls@greatcircle.com Date: Tue, 9 Dec 1997 14:06:04 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: usubscribe firewalls X-Viking: Unregistered Viking-Server at bdnt Sender: firewalls-owner@GreatCircle.COM Precedence: bulk usubscribe firewalls From owner-firewalls-list Mon Dec 8 23:28:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA15756; Mon, 8 Dec 1997 22:00:58 -0800 (PST) Received: from smtp.enteract.com (david.enteract.com [206.54.252.252]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id WAA15711 for ; Mon, 8 Dec 1997 22:00:39 -0800 (PST) Received: (qmail 10742 invoked from network); 9 Dec 1997 06:04:44 -0000 Received: from jimst.sa.enteract.com (HELO jimst.alephconsult.com) (207.229.133.64) by david.enteract.com with SMTP; 9 Dec 1997 06:04:44 -0000 Received: by localhost with Microsoft MAPI; Tue, 9 Dec 1997 00:04:22 -0600 Message-ID: <01BD0436.00ECB5A0.jimst@enteract.com> From: James Strompolis Reply-To: "jimst@enteract.com" To: "'MCNY Security Officer'" , "Firewalls@GreatCircle.COM" Subject: RE: WINS Port Date: Tue, 9 Dec 1997 00:03:20 -0600 Organization: Aleph Consultants, Inc. X-Mailer: Microsoft Internet E-mail/MAPI - 8.0.0.4211 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk port 42 and I believe it also requires ports > 1023 although I don't have them handy - James Strompolis Aleph Consultants, Inc. jimst@enteract.com On Monday, December 08, 1997 5:19 PM, MCNY Security Officer [SMTP:security@mcny.com] wrote: > Does anyone know what port a Microsoft NT workstation > uses to query a Microsoft NT server for WINS resolution? > > Thanks, > > Lou Person > lperson@mcny.com > From owner-firewalls-list Mon Dec 8 23:51:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id WAA25861; Mon, 8 Dec 1997 22:51:43 -0800 (PST) Received: from evo.tla.org (evo.tla.org [207.77.241.19]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id WAA25770 for ; Mon, 8 Dec 1997 22:51:23 -0800 (PST) From: carson@tla.org Received: from taltos.tla.org (taltos.tla.org [207.77.241.130]) by evo.tla.org (8.8.6/8.8.6) with ESMTP id BAA21977; Tue, 9 Dec 1997 01:55:22 -0500 (EST) Received: (from carson@localhost) by taltos.tla.org (8.8.6/8.8.6) id BAA29299; Tue, 9 Dec 1997 01:55:15 -0500 (EST) Date: Tue, 9 Dec 1997 01:55:15 -0500 (EST) Message-Id: <199712090655.BAA29299@taltos.tla.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit To: "Pemberton Steven" Cc: sage-au@sage-au.org.au, firewalls-digest@GreatCircle.COM Subject: Re: Squid are a firewall proxy? In-Reply-To: <9712091525.aa08@UEMAIL4.> References: <9712091525.aa08@UEMAIL4.> X-Mailer: VM 6.22 under 19.15 XEmacs Lucid Reply-To: carson@tla.org Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >>>>> "Pemberton" == Pemberton Steven writes: Pemberton> Their major concern is security, ie. "Squid isn't a firewall"... Pemberton> Do you think squid is suitable for this role? Nope. Uh-uh. Fuggedaboudit. Do some casual strolling through the source some day, and see how many buffer overflows you can find in 20 minutes or less... Nice project, but secure? Not. In a past life, I got around this problem by SOCKSifying squid and running SOCKSv5 on my firewall. -- Carson Gaspar -- carson@cs.columbia.edu carson@tla.org carson@cugc.org http://www.cs.columbia.edu/~carson/home.html Queen Trapped in a Butch Body From owner-firewalls-list Tue Dec 9 01:43:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id BAA23699; Tue, 9 Dec 1997 01:21:56 -0800 (PST) Received: from relay1.cie-bancaire.fr (relay1.cie-bancaire.fr [194.250.154.2]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id BAA23689 for ; Tue, 9 Dec 1997 01:21:48 -0800 (PST) Received: from mail (localhost [127.0.0.1]) by relay1.cie-bancaire.fr (0.9/8.8.5) with SMTP id KAA20088 for ; Tue, 9 Dec 1997 10:28:58 GMT Message-ID: <348D1C02.6E1D@cie-bancaire.fr> Date: Tue, 09 Dec 1997 10:22:58 +0000 From: Alban Bayart Organization: Compagnie Bancaire - GEP DT Telecoms X-Mailer: Mozilla 3.01 (X11; I; SunOS 5.5.1 sun4u) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: (no subject) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk usubscribe firewalls -- From owner-firewalls-list Tue Dec 9 06:29:34 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA17765; Tue, 9 Dec 1997 06:26:07 -0800 (PST) Received: from mail.westbaytech.com (mail.westbaytech.com [168.151.133.111]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id GAA17746 for ; Tue, 9 Dec 1997 06:25:59 -0800 (PST) Received: from [168.151.133.201] by mail.infowar.com (NTMail 3.03.0013/1.acgz) with ESMTP id ha251973 for ; Tue, 9 Dec 1997 09:13:13 +0000 Message-ID: <348D55BD.5E1A@INFOWAR.COM> Date: Tue, 09 Dec 1997 09:29:17 -0500 From: "WebWarrior3@INFOWAR.COM" Reply-To: WebWarrior3@INFOWAR.COM Organization: INFOWAR.COM X-Mailer: Mozilla 3.04 (WinNT; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: FAQ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I just tuned into this mail list and wanted to say that I have seen some good advice amd good attitudes displayed thus far. Before I go asking any questions or bringing up any points, however, I wanted to find out if there is a FIREWALLS FAQ to peruse that might have some basics that have been bled dry. Any info re: companies that provide evaluation copies of firewalls for NT and/or UNIX (BSD or Linux)(crippleware, or whatever is fine, just messing around with the home LAN) would be appreciated; Please post here or email them to me at mailto:scott@efflorida.org. Best regards, -Scott Brower http://www.infowar.com From owner-firewalls-list Tue Dec 9 07:13:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA20773; Tue, 9 Dec 1997 07:03:10 -0800 (PST) Received: from nebula.online.ee (nebula.online.ee [194.106.96.11]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA20730 for ; Tue, 9 Dec 1997 07:02:58 -0800 (PST) Received: from localhost (jk@localhost) by nebula.online.ee (8.8.7/8.8.3) with SMTP id RAA12901; Tue, 9 Dec 1997 17:07:06 +0200 (EET) Date: Tue, 9 Dec 1997 17:07:05 +0200 (EET) From: Jyri Kaljundi X-Sender: jk@nebula To: Steve Kruse cc: Firewalls@GreatCircle.COM, Yuval Yeret Subject: Re: NT as a central intranet firewall In-Reply-To: <3.0.3.32.19971208182342.007ad600@m6.sprynet.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 8 Dec 1997, Steve Kruse wrote: > I believe that your statement is a bit broad in scope. There are many > cases where an NT firewall would perform adequately for Intranet > applications. Might be, but we were talking about heavy-duty Intranet firewalls. For me heavy-duty Intranet firewall is one which has many Ethernet interfaces, at least some of these more than 10Mbps. It must have 24h uptime and it has big number of simultaneous connections going through. And I do not think NT is the right solution in this kind of environment. > I would not feel comfortable making the suggestion that Solaris is the ONLY > solution without getting more detail! Of course there are many many other free and commercial Unix operating systems, on many different processors not just x86. But NT is not one of them. Jyri Kaljundi jk@stallion.ee AS Stallion Ltd http://www.stallion.ee/ From owner-firewalls-list Tue Dec 9 07:35:33 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id GAA20319; Tue, 9 Dec 1997 06:59:38 -0800 (PST) Received: from mail2.allegro.net (mail2.allegro.net [204.253.83.52]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id GAA20276 for ; Tue, 9 Dec 1997 06:59:27 -0800 (PST) Received: from ALLEGRO-Message_Server by mail2.allegro.net with Novell_GroupWise; Tue, 09 Dec 1997 10:03:12 -0500 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Tue, 09 Dec 1997 09:38:47 -0500 From: Andrew Bell To: firewalls@GreatCircle.COM Subject: Firewall Architecture Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a firewall that's evolved to look something like this... LAN | Router-WAN | Proxy Server | Router | Internet Now I need to add support for a semi-proprietary app through the firewall that won't work when it undergoes NAT (as it must when passing through a proxy). I can successfully proxy this service on a dedicated machine, but not on the firewall itself. So, I need to build the network to support 2 separate proxy hosts. I've come up with a theoretical design that I'd like some feedback on, if anyone is interested in giving it a look. In a nutshell, I'd change the proxy server(s) from being dual-homed to single homed, then put them on a DMZ segment. Using access lists in the routers, I can simply drop all traffic from the Internet to any host not on the DMZ, and from the internal networks to the Internet. I can even collapse the routers into one, something like this: DMZ (with proxy servers) | WAN---Router----LAN | Internet Does anybody see any glaring mistakes here? Thanks. Andrew From owner-firewalls-list Tue Dec 9 07:37:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA21835; Tue, 9 Dec 1997 07:12:03 -0800 (PST) Received: from x400gtw.pararede.pt (x400gtw.pararede.pt [194.79.64.130]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with SMTP id HAA21766 for ; Tue, 9 Dec 1997 07:11:44 -0800 (PST) From: manuel.ricca@pararede.pt Received: by x400gtw.pararede.pt (8.6.8.1/1.2-eef) id PAA05757; Tue, 9 Dec 1997 15:16:07 GMT X400-Received: by /PRMD=pararede/ADMD=ip/C=pt; Relayed; 09 Dec 97 15:16:04 +0000 Date: 09 Dec 97 15:16:04 +0000 Delivery-Date: 09 Dec 97 15:16:06 +0000 Message-Type: Multiple Part X400-Originator: manuel.ricca@pararede.pt X400-MTS-Identifier: [/PRMD=pararede/ADMD=ip/C=pt;ISOCOR-34719d8c-Tubarao] X400-Recipients: firewalls@greatcircle.com Original-Encoded-Information-Types: Teletex X400-Content-Type: P2-1984 Message-ID: Importance: normal Subject: Java insecurities Autoforwarded: FALSE To: firewalls@greatcircle.com (Non Receipt Notification Requested) Conversion: Allowed Conversion-With-Loss: Allowed Alternate-Recipient: Prohibited Content-Identifier: Java insecuritie Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8Bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello all, There are a lot of products that block not certified ActiveX and Java applets. Does anyone actually know what security risks are involved in Java applets? I mean, if a Java applet cannot access the file system (right?), the only risk I can see is it communicating with machines in the Intranet. If a good security policy is defined this would cause no trouble, since the IP addresses could be hidden with NAT, and the Web server would probably be in a DMZ anyway. And what about Java script, that cannot be blocked? And finally, is there a reason why you cannot certify Java applets? Thanks, manuel ----------------- Manuel Ricca ParaRede - Tecnologias de Comunicação, S.A. R. D. Constantino de Bragança, 12 1400 Lisboa Portugal Tel: +351 1 3020451 Fax: +351 1 3020444 E-mail: manuel.ricca@pararede.pt From owner-firewalls-list Tue Dec 9 07:57:01 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA26311; Tue, 9 Dec 1997 07:40:31 -0800 (PST) Received: from nhs.uk (netway.nhs.uk [194.72.129.18]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA26302 for ; Tue, 9 Dec 1997 07:40:24 -0800 (PST) From: PETER.HANKINSON@nhstb.nwest.nhs.uk Received: from relay.nhs.uk ([194.62.42.80]) by netway.nhs.uk with SMTP id <32882>; Tue, 9 Dec 1997 15:48:50 +0000 Received: by relay.nhs.uk (5.65/1.2-eef) id AA15911; Tue, 9 Dec 97 15:46:16 GMT X400-Received: by mta HUBSMG in /ADMD=NHS/C=GB; Relayed; 09 Dec 97 15:25:27 +0000 X400-Received: by mta HUBSMTP in /ADMD=NHS/C=GB; Relayed; 09 Dec 97 15:46:08 +0000 X400-Received: by /PRMD=NHS national/ADMD=NHS/C=GB; Relayed; 09 Dec 97 16:46:52 +0000 X400-Received: by /PRMD=NHS national/ADMD=NHS/C=GB; Relayed; 09 Dec 97 15:25:27 +0000 X400-Received: by /PRMD=NHS national/ADMD=NHS/C=GB; Relayed; 09 Dec 97 15:46:08 +0000 Date: Tue, 9 Dec 1997 14:46:16 +0000 Delivery-Date: 09 Dec 97 15:46:16 +0100 Message-Type: Multiple Part X400-Originator: PETER.HANKINSON@nhstb.nwest.nhs.uk X400-Mts-Identifier: [/PRMD=NHS national/ADMD=NHS/C=GB;WIN2927-971209164652-0170] X400-Recipients: firewalls@greatcircle.com Original-Encoded-Information-Types: IA5-Text Message-Id: <97Dec9.154850gmt.32882@netway.nhs.uk> Illegal-Object: Syntax error in Message-Id: value found on netway.nhs.uk: Message-Id: ^-illegal end of message identification Importance: normal Subject: register Autoforwarded: FALSE To: firewalls@greatcircle.com (Receipt Notification Requested) Conversion: Allowed Conversion-With-Loss: Allowed Alternate-Recipient: Allowed Content-Identifier: register Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7Bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Please can I register to receive info on Firewalls. e.mail peter.hankinson@nhstb.nwest.nhs.uk From owner-firewalls-list Tue Dec 9 08:01:33 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970926-1) id HAA26604; Tue, 9 Dec 1997 07:42:36 -0800 (PST) Received: from ns.vanguard.com (ns.VANGUARD.COM [192.175.209.31]) by honor.greatcircle.com (8.8.5/Honor-971021-1) with ESMTP id HAA26593 for ; Tue, 9 Dec 1997 07:42:30 -0800 (PST) From: ekleinfe@putter.vanguard.com Received: from eagle.vanguard.com (eagle.VANGUARD.COM [192.175.133.71]) by ns.vanguard.com (8.8.7/8.8.7) with ESMTP id KAA11684; Tue, 9 Dec 1997 10:44:34 -0500 (EST) Received: from putter.vanguard.com (putter.vanguard.com [192.175.225.86]) by eagle.vanguard.com (8.8.7/8.8.7) with ESMTP id KAA00582; Tue, 9 Dec 1997 10:48:15 -0500 (EST) Received: from putter.vanguard.com (localhost [127.0.0.1]) by putter.vanguard.com (8.8.7/8.8.7) with ESMTP id KAA19287; Tue, 9 Dec 1997 10:48:12 -0500 (EST) Message-Id: <199712091548.KAA19287@putter.vanguard.com> X-Mailer: exmh version 2.0zeta 7/24/97 To: Firewalls@GreatCircle.COM cc: ekleinfe@advsys.com Subject: Re: NT as a central intranet firewall In-reply-to: Your message of "Mon, 08 Dec 1997 23:27:33 EST." Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 09 Dec 1997 10:48:12 -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk "Craig I. Hagan" wrote: > Just picking three capriciously, BSDI, FreeBSD, and linux, i'd hazard that > they could do a damn competetive job with solaris x86 in terms of > performance/response time.[1] Your dead on. But the problem is beyond the architecture and the OS in most cases. Your looking at the basic Price/Performance charts, and even though your conclusions are valid, what tends to throw these solutions out the door is support and brand name. When it comes down to it, the only thing your manager and upper management want is the ability to make that phone call and have someone out within a few hours to make the necessary fixes. And when you, as the designer, draw up the proposal, you can, in most cases, make a good bet that the people seeing the proposal would rather see 'Sun', or *maybe* 'BSDI' when it comes to UNIX. It's unfortunate, but it tends to be that way in medium to large corporations. It's the name and support that the manager gets caught up in, even if you have good unix security consultants on call, management wants a large name with the support contract to be responsible for their hardware and software. I am in no way saying that this is a bad thing, only that it reduces/limits your options when makin