Firewalls: locate unauthorized connections

Firewalls
(September 1996)

Indexed By Thread: [Previous] [Next]

Subject:	locate unauthorized connections
From:	meritj @ fincen . treas . gov (Jim Meritt)
Date:	Tue, 3 Sep 1996 09:43:54 -0400
To:	firewalls @ GreatCircle . COM

A problem after a firewall - no matter how secure the firewall is 
itself - is that users put (for whatever reason) connections to
the "secure" side that act as backdoors.

How do you determine if such a thing has been done (after the connection has been made but before disaster befalls)?  I'm
looking at the output of netstat on every node at both the
routes and the remote nodes connected to.  I use a simple script
to extract the information from netstat and netstat -r.  Does anyone
have other recommendations?

Jim Meritt

Indexed By Date	Previous:	Shiva and firewalls [Eagle] From: "Stefan Kwiatkowski" <stefan @ bscgnj . com>
Indexed By Date	Next:	RE: Subject: C2 certified OS that can run a firewall From: Peter Schumacher <peter . schumacher @ netpartner . ch>
Indexed By Thread	Previous:	Shiva and firewalls [Eagle] From: "Stefan Kwiatkowski" <stefan @ bscgnj . com>
Indexed By Thread	Next:	RE: Subject: C2 certified OS that can run a firewall From: Peter Schumacher <peter . schumacher @ netpartner . ch>