In response to the question about NetSp install experiences: Most of it
hasn't been bad. If I had some wishes about the product, though, these
would be ones I'd ask for first.
1. I'd recommend a suggested set of filter rules or references to
Someone Who Knows as a big improvement to the documentation. I used the
Chapman/Zwicky book as the source for the rules we chose to implement;
I'd strongly recommend that any potential NetSp installer have that book
prior to doing the filters. Or you can try telnet, etc. and change
filters until something actually works...
2. Despite that book there are still some packet anomalies I
encountered. On AIX there are things called "pciconsrvr" and
"pcimapsrvr" (not at work, so it's hard to verify the spelling) which
engage in a lot of UDP traffic with source port 127, dest port 125.
Kill those. There is also a lot of traffic which shows up in the logs
which originates at the routers with protocol type "unknown" and dest
address 255.255.255.255 . Our best guess is that this is some sort of
routing protocol traffic. An option to get rid of that stuff would be
very very much appreciated.
3. The doc needs some more help.
I would place a copy of a port/user table in the doc rather than go
chasing through RFCs; I used "Troubleshooting TCP/IP" by Miller along
with C&Z. Hopefully that list would include things like SSL port usage,
AOL/Compuserve ports, and other new and wonderful services.
I'd like a list of things to kill off like that PC server stuff. As
part of an exchange with support personnel, I suggested that but the
answer was to fill out the reader comment form.
I'd like to see a sample DNS and sendmail configuration as part of the
doc. The doc suggests split DNS but a sample setup sure wouldn't hurt.
I'd also like to see some comments on the impact of adding up-to-date
versions of sendmail and named to a NetSP installation.
The initial version we installed performed nastily when using
SOCKS-capable client software (Netscape and IBM Web Explorer). We just
installed the 2.1 release and haven't tested yet to see if this is