Firewalls: Re: Installing NetSP

Firewalls
(November 1995)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Installing NetSP
From:	Mark Smith <msmith @ usair . com>
Date:	Fri, 24 Nov 1995 00:06:23 -0800
To:	firewalls @ greatcircle . com

In response to the question about NetSp install experiences: Most of it 
hasn't been bad.   If I had some wishes about the product, though, these 
would be ones I'd ask for first.

1.  I'd recommend a suggested set of filter rules or references to 
Someone Who Knows as a big improvement to the documentation.  I used the 
Chapman/Zwicky book as the source for the rules we chose to implement; 
I'd strongly recommend that any potential NetSp installer have that book 
prior to doing the filters.   Or you can try telnet, etc. and change 
filters until something actually works...

2.  Despite that book there are still some packet anomalies I 
encountered.  On AIX there are things called "pciconsrvr" and 
"pcimapsrvr" (not at work, so it's hard to verify the spelling) which 
engage in a lot of UDP traffic with source port 127, dest port 125.  
Kill those.  There is also a lot of traffic which shows up in the logs 
which originates at the routers with protocol type "unknown" and dest 
address 255.255.255.255 .   Our best guess is that this is some sort of 
routing protocol traffic.  An option to get rid of that stuff would be 
very very much appreciated.

3. The doc needs some more help.  

I would place a copy of a port/user table in the doc rather than go 
chasing through RFCs; I used "Troubleshooting TCP/IP" by Miller along 
with C&Z.  Hopefully that list would include things like SSL port usage, 
AOL/Compuserve ports, and other new and wonderful services. 

I'd like a list of things to kill off like that PC server stuff.  As 
part of an exchange with support personnel, I suggested that but the 
answer was to fill out the reader comment form.   

I'd like to see a sample DNS and sendmail configuration as part of the 
doc.  The doc suggests split DNS but a sample setup sure wouldn't hurt.

I'd also like to see some comments on the impact of adding up-to-date 
versions of sendmail and named to a NetSP installation.  


The initial version we installed performed nastily when using 
SOCKS-capable client software (Netscape and IBM Web Explorer).  We just 
installed the 2.1 release and haven't tested yet to see if this is 
resolved.

Indexed By Date	Previous:	Re: Firewalls review in Data Comms From: Rodney Campbell <Rodney . Campbell @ Telstra . com . au>
Indexed By Date	Next:	Re: security through obscurity From: vin @ shore . net (Vin McLellan)
Indexed By Thread	Previous:	Re: Firewalls review in Data Comms From: LASDSDN @ ix . netcom . com (LASD DSB)
Indexed By Thread	Next:	Security with FlexLM From: Peter Maersk-Moller <pm @ ghdsign . dk>