Ryan:
Ok..granted, many places allow most anything OUT as a normal policy.
Again, just a curious question, but under what circumstances would you be
using SNMP to an outside resource unless, perhaps, you have an outsourced
admin monitoring your net (though even at that, I would presume many would
use a VPN with high level encryption in doing so). Not being judgemental,
mind you, just curious as to why is all. I've read lots of nasty things
about SNMP (even V2) as being a real security bug-a-boo. Most sites I have
worked with do not let SNMP out of the internal net. Thanks.
Steve
At 07:46 PM 11/17/97 -0800, Ryan Russell wrote:
>
>My policy permits inside users to access just about
>any outside service. I disallowed SNMP for a
>while until I tracked that problem down. I use FW1, but
>had I had an AG in place that had the capability to allow
>SNMP out, I would have allowed it.
>
> Ryan
>
>
>
>
>
>jsk347 @
sprynet .
com on 11/17/97 07:37:36 PM
>
>To: Ryan Russell/SYBASE, dons @
Cadabratech .
com
>cc: Firewalls @
GreatCircle .
COM
>Subject: Re: tcp/udp port numbers - more
>
>
>
>
>An Application Gateway Firewall would (presumably) stop this from happening
>unless you specifically opened a hole for it. Is it safe to "ass-u-me"
>that you were running a packet filter and allowing anything that
>established "inside" as OK to the outside? Just curious...
>Steve Kruse
>At 05:33 PM 11/17/97 -0800, Ryan Russell wrote:
>>
>>
>>It was JetAdmin in my case.
>>
>>I had some particularly bad behavior...
>>One of my users was in from out of town,
>>and plugged in her laptop, and was using DHCP.
>>
>>She was on a net with a subnet of of my
>>130.214 class B. I was getting complaints from
>>a school at something like 130.252.
>>
>>I checked the firewall logs, and it had started
>>at 130.255.255.255 and was working it's was down.
>>She didn't even have the main JetAdmin program
>>loaded at the time. It had thrown a small program
>>in the startup section in the registry. It showed
>>up in the Win95 task list when I did ctrl-alt-del.
>>
>> Ryan
>>
>>
>>
>>
>>
>>dons @
Cadabratech .
com on 11/17/97 04:27:44 PM
>>
>>To: Ryan Russell/SYBASE
>>cc: Firewalls @
GreatCircle .
COM
>>Subject: Re: tcp/udp port numbers - more
>>
>>
>>
>>
>>
>>>
>>> Does it have any HP printer management software?
>>>
>>> I've caught HP drivers doing this...in fact, some of the Internet
>>> sites it reached were not amused.
>>>
>>Yep - it's running JetAdmin. You think this is doing it? I've noticed
>>alot of strange packets running around. We have a mopier (HP 5Si?)
>>which has a JetDirect box built in and I've seen some packets heading
>>across to tcp port 9000.
>>Don
>>
>>
>>
>>
>>
>**************************************************
>* Steve Kruse Milkyway Networks *
>* Network Sales Support 1342 E. Vine St. #224 *
>* Kissimmee, FL 34744 *
>* http://www.milkyway.com skruse @
milkwy .
com *
>**************************************************
>
>
>
>
>
References:
|
|
