From firewalls-owner Thu Oct 31 23:57:48 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA08468 for firewalls-outgoing; Thu, 31 Oct 1996 23:49:20 -0800 (PST) Received: from malasada.lava.net (malasada.lava.net [199.222.42.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id XAA08461; Thu, 31 Oct 1996 23:49:08 -0800 (PST) Received: by malasada.lava.net (Smail3.1.28.1 #9) id m0vJELg-000AW4C; Thu, 31 Oct 96 21:49 WET Message-Id: Date: Thu, 31 Oct 96 21:49 WET From: rbc@lava.net (Robert B. Carleton) To: Russ.Cooper.RC.on.ca@GreatCircle.COM CC: firewalls@GreatCircle.COM, drjarmon@ingr.com In-reply-to: <2191B2309F33D0118F7000A02458D19C000000005C9A@NS> (message from Russ on Fri, 1 Nov 1996 01:12:13 -0500) Subject: RE: PPTP setup Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From: Russ Date: Fri, 1 Nov 1996 01:12:13 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Don Jarmon asked... >I was planning to add a Dual NIC NTS4.0 server to a DMZ. One >NIC configured to support PPTP and the other NIC connected >to the Intranet. I was wondering 'bout what type of access is >needed on the boundry router to support Remote PPTP enabled >Internet Clients. According to the internet draft the PNS, (PPTP Network Server) receives an incoming TCP call on port 5678. If that is true then the DMZ external router would need to allow an incoming TCP call on port 5678 of the pptp server. In a cisco, that would look something like this: ! pptp incoming to PNS access-list 100 permit tcp 0.0.0.0 255.255.255.255 XXX.XXX.XXX.XXX 0.0.0.0 eq 5678 (where XXX.XXX.XXX.XXX is the PNS server IP address) This access list could be refered to in the external interface setup with a "ip access-group 100 in". You might need to have additional filter entries if you filter outbound packets from your DMZ router's internal interface. I haven't tried this but it seems reasonable, --Bruce -- Robert B. Carleton + rbc@lava.net + http://www.lava.net/~rbc From firewalls-owner Fri Nov 1 03:31:10 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id DAA15414 for firewalls-outgoing; Fri, 1 Nov 1996 03:10:13 -0800 (PST) Received: from sgst-gw.sgst.co.uk ([194.72.116.253]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id DAA15397 for ; Fri, 1 Nov 1996 03:09:41 -0800 (PST) Received: from sgst-gw.sgst.co.uk (194.72.116.117) by sgst-gw.sgst.co.uk (Integralis SMTPRS 1.4) with SMTP id ; Wed, 17 Jul 1996 11:08:15 +0100 Message-ID: <3279DA8A.101D@sgst.co.uk> Date: Fri, 01 Nov 1996 11:10:02 +0000 From: "Stephen McLean - (0171 762 5177)" Reply-To: steve.mclean@sgst.co.uk Organization: SGST X-Mailer: Mozilla 3.0 (Win95; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Re: Firewalls-Digest V5 #598 References: <199611010900.BAA11114@miles.greatcircle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Firewalls-Digest wrote: > > Firewalls-Digest Friday, November 1 1996 Volume 05 : Number 598 Remote Console Issues Dear Sir, The command REMOTE ENCRYPT will generate a password in encypted form for Remote Console, which can then be started via LDREMOTE.NCF on NetWare 4. Those with RCONSOLE issues should perhaps consider a migration to the later release. Regards Steve McLean From firewalls-owner Fri Nov 1 04:42:38 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA17798 for firewalls-outgoing; Fri, 1 Nov 1996 04:31:50 -0800 (PST) Received: from firewall.tns.co.za (gauntlet.tns.co.za [196.23.1.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA17786 for ; Fri, 1 Nov 1996 04:31:30 -0800 (PST) Received: by firewall.tns.co.za id AA23068; Fri, 1 Nov 96 14:33:21+020 Received: from commerce.tns.co.za(10.0.0.8) by firewall.tns.co.za via smap (V3.1.1) id xma023066; Fri, 1 Nov 96 14:33:09 +0200 Received: from quick.is.co.za (quick.tns.co.za [10.0.0.43]) by commerce.tns.co.za (940816.SGI.8.6.9/8.6.12) with SMTP id OAA26849 for ; Fri, 1 Nov 1996 14:30:07 +0200 Message-Id: <199611011230.OAA26849@commerce.tns.co.za> Comments: Authenticated sender is From: "David Untiedt" To: firewalls@GreatCircle.COM Date: Fri, 1 Nov 1996 14:30:45 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: MS Exch client X-Mailer: Pegasus Mail for Win32 (v2.31) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi We are in the process of standardising our mail clients with MS Exch. ... Yes I know. We need to be able to ensure that access to the server is not sniffed from our dial up clients. The actual content is not that critical. Does anyone have information on APOP for MS Exch clients. Or another, compatible, solution. Thanks dave For more information on TNS see http://www.tns.co.za/ ================================================================== David Untiedt ,-| |-, Tel : 2711-447-7171 david@tns.co.za -=( | | )=- Fax : 2711-447-7172 Trusted Network Solutions `-| |-' P.O.Box 3234,Parklands,2121 ================================================================== From firewalls-owner Fri Nov 1 05:58:26 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA20574 for firewalls-outgoing; Fri, 1 Nov 1996 05:43:44 -0800 (PST) Received: from lists (alfalfa.sips.state.nc.us [149.168.11.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA20564 for ; Fri, 1 Nov 1996 05:43:33 -0800 (PST) Received: from everett.pitt.cc.nc.us by lists (SMI-8.6/SMI-SVR4) id IAA14258; Fri, 1 Nov 1996 08:34:46 -0500 Received: from EVERETT/SpoolDir by everett.pitt.cc.nc.us (Mercury 1.21); 1 Nov 96 08:53:45 EST5EDT Received: from SpoolDir by EVERETT (Mercury 1.30); 1 Nov 96 08:53:24 EST5EDT From: "Jim Leo" Organization: Pitt Community College To: firewalls@greatcircle.com Date: Fri, 1 Nov 1996 08:53:21 EST MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Can fibre-optic be tapped??? Reply-to: admin@everett.pitt.cc.nc.us X-mailer: Pegasus Mail for Windows (v2.01) Message-ID: Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Did I miss something here? Why worry about such a sophisticated 'intrusion', when some of the most successful intrusions aren't even based on technology? Point in fact... the truly successful intrusion attempts aren't even detected. Who did that *nix guru you hired last year work for the year before? What about that bright young Phd. candidate that came in to do a consulting job for you last month? Remember 'Occam's Razor'.. Or as someone else stated... K.I.S.S. Jim Leo admin@everett.pitt.cc.nc.us From firewalls-owner Fri Nov 1 06:28:11 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA21691 for firewalls-outgoing; Fri, 1 Nov 1996 06:09:06 -0800 (PST) Received: from ns.rc.on.ca ([207.176.151.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA21662 for ; Fri, 1 Nov 1996 06:08:52 -0800 (PST) Received: by NS with IMAIL 2.0 id <01BBC7D4.1D4C3B70@NS>; Fri, 1 Nov 1996 09:07:32 -0500 Message-ID: <2191B2309F33D0118F7000A02458D19C000000005C9F@NS> From: Russ To: "'rbc@lava.net'" Cc: firewalls@GreatCircle.COM, drjarmon@ingr.com Subject: RE: PPTP setup Date: Fri, 1 Nov 1996 09:07:29 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yep, yep, yep....5678, not 7654, sorry. From firewalls-owner Fri Nov 1 07:01:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA23965 for firewalls-outgoing; Fri, 1 Nov 1996 06:51:31 -0800 (PST) Received: from sndsu1.sedalia.sinet.slb.com (sinet.slb.com [163.185.18.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id GAA23958 for ; Fri, 1 Nov 1996 06:51:21 -0800 (PST) Received: from [163.185.164.110] (dyn110.houston.omnes.net [163.185.164.110]) by sndsu1.sedalia.sinet.slb.com (8.6.9/8.6.9) with ESMTP id OAA12747 ; Fri, 1 Nov 1996 14:51:15 GMT Date: Fri, 1 Nov 1996 14:51:15 GMT X-Sender: chaabouni@sndsn1.sedalia.sinet.slb.com Message-Id: In-Reply-To: <3.0b28.32.19961031100108.006a63e8@netevolve.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Irwin Lazar From: Nassim Chaabouni Subject: Re: Firewall performance Cc: firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk We are running FW-1 on a SUN ultra 1 with ATM /OC3 interface to a FORE switch, we are testing FW-1 on SUN ultra 1 with 2 ATM /OC3 interfaces Regards, >Greetings all: > >Can anyone recommend a good source for finding studies comparing the impact >on network performance of some of the leading firewalls. Specifically, how >they perform under various network loads. > >thanks in advance for any responses. > >Irwin Lazar >lazar@netevolve.com From firewalls-owner Fri Nov 1 07:19:33 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA24787 for firewalls-outgoing; Fri, 1 Nov 1996 07:04:37 -0800 (PST) Received: from yertle (yertle.napier.com [206.79.8.181]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA24752 for ; Fri, 1 Nov 1996 07:04:20 -0800 (PST) Received: by yertle (SMI-8.6/SMI-SVR4) id HAA20981; Fri, 1 Nov 1996 07:04:24 -0800 Date: Fri, 1 Nov 1996 07:04:24 -0800 From: ryates@napier.com (Robert Yates) Message-Id: <199611011504.HAA20981@yertle> Subject: email addressing Content-Type: text Apparently-To: firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Can someone publish a recipe on this list to accomplish addressing such as "first.last@company.com" with sendmail. Thanks, Robert Yates From firewalls-owner Fri Nov 1 08:28:03 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA28532 for firewalls-outgoing; Fri, 1 Nov 1996 08:13:28 -0800 (PST) Received: from telxon (telxon.mis.telxon.com [149.23.2.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA28469 for ; Fri, 1 Nov 1996 08:13:02 -0800 (PST) Received: from exchange.mis.telxon.com by telxon (SMI-8.6/SMI-SVR4) id LAA17715; Fri, 1 Nov 1996 11:12:58 -0500 Received: by exchange.mis.telxon.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24) id <01BBC7E5.E9794E20@exchange.mis.telxon.com>; Fri, 1 Nov 1996 11:14:56 -0500 Message-ID: From: "Wojno, Jim" To: "'firewalls@greatcircle.com'" Subject: RE: email addressing Date: Fri, 1 Nov 1996 11:14:55 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.24 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk If you surf over to: http://www.completeis.com/sendmail/sendmail.cgi you will find a website that will build a sendmail.cf file for most versions of Unix. It works fairly well, and we used it to create a vanilla sendmail.cf file for our servers. Of course, some modifications had to be done for final implementation, but not much needed changed. It sure beats building one by hand. Jim Wojno Systems Administrator Telxon Corporation jwojn@telxon.com >---------- >From: ryates@napier.com[SMTP:ryates@napier.com] >Sent: Friday, November 01, 1996 10:04 AM >To: firewalls@greatcircle.com >Subject: email addressing > >Can someone publish a recipe on this list to accomplish >addressing such as "first.last@company.com" with sendmail. > >Thanks, >Robert Yates > > From firewalls-owner Fri Nov 1 08:42:50 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA00469 for firewalls-outgoing; Fri, 1 Nov 1996 08:37:54 -0800 (PST) Received: from netcom.netcom.com (netcom.netcom.com [192.100.81.100]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA00446 for ; Fri, 1 Nov 1996 08:37:43 -0800 (PST) Received: (from judab@localhost) by netcom.netcom.com (8.6.13/Netcom) id IAA22090; Fri, 1 Nov 1996 08:27:22 -0800 Date: Fri, 1 Nov 1996 08:27:22 -0800 (PST) From: Juda Barnes Subject: Re: Packet filtering using C or C++. To: GOULDING CP cc: firewalls-digest@GreatCircle.COM In-Reply-To: <327E924F25@smserver1.ulst.ac.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 31 Oct 1996, GOULDING CP wrote: > I'm looking for source code for TCP and IP packet filtering using C > or C++. If any one knows where I might get either the code or a good > reference, please let me know. > Thanks > CPG > i guess you can take tcp_wrappers_7.5.tar.gz and check the source From firewalls-owner Fri Nov 1 08:58:00 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA01078 for firewalls-outgoing; Fri, 1 Nov 1996 08:48:05 -0800 (PST) Received: from shaggy.xsite.net (shaggy.xsite.net [206.126.241.41]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA01071 for ; Fri, 1 Nov 1996 08:47:55 -0800 (PST) Received: from xs0-22.xsite.net (xs0-22.xsite.net [206.126.235.22]) by shaggy.xsite.net (8.8.2/8.6.12) with SMTP id KAA22675 for ; Fri, 1 Nov 1996 10:40:34 -0600 (CST) Message-ID: <327A45EE.70B0@eyehand.com> Date: Fri, 01 Nov 1996 10:48:14 -0800 From: Josh Hugh Ermentrout Reply-To: josh@eyehand.com Organization: NorthCoast Interactive, Inc. X-Mailer: Mozilla 3.0 (Win16; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Instant Interenet Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a client that has asked me to do some research on security solutions for an e-mmail server that will link up to their Novell LAN. I was wondering if anyone on this list knows anything about Instant Internet and what they might think of it. Thanks, Josh Hugh Ermentrout NorthCoast Interactive, Inc. From firewalls-owner Fri Nov 1 09:12:50 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA02116 for firewalls-outgoing; Fri, 1 Nov 1996 09:06:03 -0800 (PST) Received: from citadel.evolving.com (citadel.evolving.com [198.202.204.162]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA02109 for ; Fri, 1 Nov 1996 09:05:53 -0800 (PST) Received: from valiant.evolving.com (valiant.evolving.com [198.202.204.66]) by citadel.evolving.com (8.6.12/8.6.9) with ESMTP id KAA25611 for ; Fri, 1 Nov 1996 10:05:59 -0700 Received: from thepound.evolving.com (thepound.evolving.com [206.214.51.52]) by valiant.evolving.com (8.6.12/8.6.9) with ESMTP id KAA12224 for ; Fri, 1 Nov 1996 10:05:59 -0700 Received: (from rtruitt@localhost) by thepound.evolving.com (8.6.12/8.6.12) id KAA05239 for firewalls@greatcircle.com; Fri, 1 Nov 1996 10:05:42 -0700 From: Todd Truitt Message-Id: <199611011705.KAA05239@thepound.evolving.com> Subject: Re: 3com To: firewalls@greatcircle.com Date: Fri, 1 Nov 1996 10:05:42 -0700 (MST) X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> >> Now that various people have put bits of info in the public domain[1] so nobody >> at 3com can claim I'm breaking confidences, I'd like to invite the entire >> world to try sending IP data with 0 length options (IP or TCP) to the >> management port of all their 3com routers and kit, especially the little >> routers, bridges and managed hubs. >> >> Have fun >> > > So what's this supposed to do to a 3com router ? Regards, --Todd _____________________________________________________________________________ R. Todd Truitt Todd.Truitt@evolving.com Evolving Systems, Inc. From firewalls-owner Fri Nov 1 09:28:52 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA02243 for firewalls-outgoing; Fri, 1 Nov 1996 09:08:34 -0800 (PST) Received: from answerman.mindspring.com (answerman.mindspring.com [204.180.128.8]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id JAA02213 for ; Fri, 1 Nov 1996 09:08:17 -0800 (PST) Received: from hal (ip213.mission-viejo.ca.interramp.com [38.12.83.213]) by answerman.mindspring.com (8.7.5/8.7.3) with SMTP id MAA26477; Fri, 1 Nov 1996 12:14:13 -0500 (EST) Message-Id: <1.5.4.32.19961101171206.0067c9e0@pop.mindspring.com> X-Sender: us028272@pop.mindspring.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 01 Nov 1996 09:12:06 -0800 To: "Thomas V. Myers" From: "Jeff C. Flynn" Subject: Re: Can fibre-optic be tapped??? Cc: firewalls@GreatCircle.COM Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Is there another method I should be aware of? Those of us who have used cable scanners to maintain Thinnet LANs are aware that the location of breaks in segments can be determined through the use of TDR (i.e. time domain reflectometry). There are also OTDR (optical) devices available. Seems like the same technique could be used to detect the location of sharp bends or nicks. I suppose, if the intruders were very sophisticated (and we are talking sophisticated here), they could "break and make" a connection so that the transmission characteristics of your line changed for only a very brief length of time. Still, it seems that some reflection at the tap site would be hard to avoid. Perhaps you could scan the cable from time to time. This would involve taking down a high bandwidth line. I'm not aware of any products that can scan the line without interrupting normal communications. I'd like to see the brochures, if anybody knows of some. >Any plumber who has had to >tap a pressurized water main can show you how to get around that little >impediment. Please provide details on this. (I don't trust my plumber :) Jeff From firewalls-owner Fri Nov 1 09:59:26 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA05484 for firewalls-outgoing; Fri, 1 Nov 1996 09:49:27 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA05466 for ; Fri, 1 Nov 1996 09:49:16 -0800 (PST) Received: (qmail 9441 invoked from smtpd); 1 Nov 1996 17:49:07 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 1 Nov 1996 17:49:07 -0000 Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id LAA23712; Fri, 1 Nov 1996 11:49:07 -0600 Received: by sonic.nmti.com; id AA16339; Fri, 1 Nov 1996 11:48:49 -0600 From: peter@baileynm.com (Peter da Silva) Message-Id: <9611011748.AA16339@sonic.nmti.com.nmti.com> Subject: Re: email addressing To: jwojn@telxon.com (Wojno, Jim) Date: Fri, 1 Nov 1996 11:48:49 -0600 (CST) Cc: firewalls@greatcircle.com In-Reply-To: from "Wojno, Jim" at Nov 1, 96 11:14:55 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > vanilla sendmail.cf file for our servers. Of course, some modifications > had to be done for final implementation, but not much needed changed. It > sure beats building one by hand. If you're building sendmail files directly you're already lost. Go into ~src/sendmail/cf/mc and look at the files there. Edit the mc file to your taste. Never touch /etc/sendmail.cf ever again. From firewalls-owner Fri Nov 1 10:14:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA05798 for firewalls-outgoing; Fri, 1 Nov 1996 09:52:26 -0800 (PST) Received: from hidata.com (hidata.com [205.158.61.34]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA05749 for ; Fri, 1 Nov 1996 09:51:58 -0800 (PST) Received: by hidata.com; id AA14527; Fri, 1 Nov 96 09:52:04 PST Received: from osc.hidata.com(205.158.62.10) by hds-gw.hidata.com via smap (V3.1.1) id xma014523; Fri, 1 Nov 96 09:51:40 -0800 Received: from sysadmin by osc.osc.hidata.com (SMI-8.6/SMI-SVR4) id JAA05466; Fri, 1 Nov 1996 09:51:39 -0800 Message-Id: <2.2.32.19961101174821.012602c4@osc.hidata.com> X-Sender: bstout@osc.hidata.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 01 Nov 1996 09:48:21 -0800 To: "Thomas V. Myers" , firewalls@greatcircle.com From: Bill Stout Subject: Re: Can fibre-optic be tapped??? Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yes fiber is tappable, and it's nothing new. I was trained to do that in 1984 in a class given by a contractor/other gvt. guys. The easiest way to do this is simply by plugging into a F.O. hub with available ports. The other way is to polish some of the cladding off, and epoxy this to the side of another polished fiber. It takes practice, just like polishing ends. Your receiver has to be very sensitive (high Rset). Look for a point-to-point fiber with few connectors and no passive stars which will cause attenuation, and most likely the flux budget of the fiber link will be be able to afford a little loss. This works well with 62.5/125 multimode fiber, but not with singlemode. BTW if attenuation-monitored link is only between an active hub (star) and the CPU, another port on that star will not affect the Db loss of that link. The science of spying is much more advanced than people think. Probably today the 'pros' are using 'squid' devices to clamp on a fiber. Squid devices are very sensitive to energy, and are used in Satellite, Plane, ship, sub, and handheld devices. They are used in devices to watch people inside buildings(from the outside and high above), and examine crowds to view body energy which backlights any weapons concealed. Think of it as night vision and x-ray vision combined. Ain't this a little extreme of a concern for firewalls? Maybe we should stop this thread (now that I had a chance to share my gossip). ;) Bill Stout _______________________________________________________________________________ Senior Systems Admin NT/Solaris/WWW/Firewalls/Routers/Mainframe_UNIX Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself Republican Libertarians (Libertarianism with a chance)! -> http://www.rlc.org/ Smaller governmnt, pro-privacy, anti-gun control, anti-censorship, anti-IRS ;+ War Veteran, Tax cuts & Capitalism --> http://www.dolekemp96.org/ Big Government, pro-Clipper chip, pro-Key Escrow, pro-censorship, pro-IRS;+ Draft dodging, Corruption, Taxes & Socialism --> http://www.clintongore96.org/ Vote for your future. From firewalls-owner Fri Nov 1 11:17:52 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA11364 for firewalls-outgoing; Fri, 1 Nov 1996 10:54:17 -0800 (PST) Received: from smtp.mctinc.com (mail.mctinc.com [204.215.190.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id KAA11356 for ; Fri, 1 Nov 1996 10:54:08 -0800 (PST) Received: by smtp.mctinc.com(Lotus SMTP MTA Release 1.0) id 852563D5.006CCD02 ; Fri, 1 Nov 1996 14:48:23 -0400 X-Lotus-FromDomain: MISSION CRITICAL TECHNOLOGIES From: "Roy Berger" To: firewalls@greatcircle.com Message-ID: <852563D5:006A95F5.00@smtp.mctinc.com> Date: Fri, 1 Nov 1996 14:48:20 -0400 Subject: Looking for NT "Compromise Detection" software Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm a newbie who has subscribed to this list for about 5 months. This is my first post so please be gentle. I've been assigned the task of researching firewall technologies for my companies products. We have a NT based WWW product which needs to access a database server (via ODBC) which will reside behind a firewall. We're basically trying to just be flexible about security in terms of fitting in with a given customer's security setup. We have a customer who has a firewall (not sure which one) running on a Unix box. Their security guy knows the Unix world and has indicated to us that there is some software running on their Unix box which can detect if the system is being compromised and do something like shutdown that connection, log the event, etc. They wanted to know if we knew of any similar code which could run on the NT box to perform the same function. This information came to me third hand, so obviously I'm missing details. For all I know, the software they are talking about is actually part of the firewall they are running on the Unix box. After sitting on this list for 5 months and doing additional research on firewall technology out there, I know that this type of functionality is incorportated into some of the firewall products out there. I have a couple of questions: If this "Compromise Detection" software is, in fact, a separate piece of code which is not part of the firewall software, is there a "generic" name for such an animal in the Unix world ? If there is a generic name for this type of software, does anyone know if such an animal exists for the NT world ? Thanks in advance. Roy Berger Mission Critical Technologies From firewalls-owner Fri Nov 1 12:02:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA02116 for firewalls-outgoing; Fri, 1 Nov 1996 11:53:00 -0800 (PST) Received: from igate1.rkv.nasd.com (igate1.nasd.com [204.71.174.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA02105 for ; Fri, 1 Nov 1996 11:52:32 -0800 (PST) Received: by igate1.rkv.nasd.com; id OAA16840; Fri, 1 Nov 1996 14:52:02 -0500 Received: from pd00_fddi.rkv.nasd.com(150.123.209.1) by igate1.nasd.com via smap (g3.0) id xma016834; Fri, 1 Nov 96 14:51:47 -0500 Received: from rkv-srv-exch2.rkv.nasd.com by rksqpd00.rkv.nasd.com (8.6.13/1.35) id OAA04644; Fri, 1 Nov 1996 14:50:26 -0500 Received: by rkv-srv-exch2.rkv.nasd.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBC804.895B7F80@rkv-srv-exch2.rkv.nasd.com>; Fri, 1 Nov 1996 14:54:09 -0500 Message-ID: X-MS-TNEF-Correlator: From: "Maiwald, Eric" To: "'Firewalls List'" Subject: Re: Can fiber optics be tapped Date: Fri, 1 Nov 1996 14:54:07 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 X-MS-Attachment: WINMAIL.DAT 0 00-00-1980 00:00 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Please excuse the terminalogy as I am not an optical engineer. I seem to recall hearing about devices that could detect a tap in fiber. They worked by sending light at frequencies slightly different than the primary channel. If the fiber were bent to tap the light, the other frequencies would attenuate a larger amount than the primary channel thus allowing a monitor to "see" the tap. Any body else hear of these things? Eric Eric Maiwald Assistant Director, Information Security NASD Production Services 9513 Key West Ave. Rockville, MD 20850 301-208-2954 email: maiwalde@nasd.com begin 600 WINMAIL.DAT M>)\^(@H3`0:0" `$```````!``$``0>0!@`(````Y 0```````#H``$(@ <` M& ```$E032Y-:6-R;W-O9G0@36%I;"Y.;W1E`#$(`06 `P`.````S <+``$` M#@`V``<`!0`O`0$@@ ,`#@```,P'"P`!``X`-@`(``4`, $!"8 !`"$````R M-C=$-C$U0C``@0`0```&4```!03$5! M4T5%6$-54T542$5415)-24Y!3$]'64%324%-3D]404Y/4%1)0T%,14Y'24Y% M15))4T5%351/4D5#04Q,2$5!4DE.1T%"3U541$5624-%4U1(051#3U5,1$1% M5$5#5$%4``````,`$! ``````P`1$ `````"`0D0`0```) "``",`@``W ,` M`$Q:1G6F3#M!_P`*`0\"%0*D`^0%ZP*#`% 3`U0"`&-H"L!S973N,@8`!L," M@S(#Q@<3`H/B,Q$G<')Q$B ';0* _GT*@ C/"=D"@ J!#;$+8.!N9S$P,Q0@ M"PH2\H4!T" *A5!L96$1\" @97AC=1L!=&@;&X$$D&T+@ = ;V=Y$B :\"!) M')!M(&XL;W0*A0.1;P4P:6.?!T ;(!BP"X )X'(N"H47"H4L&PDL?Q)9AN3)&,E("C1"H4D@-\","!"(_(;HB:S+!N3 M'3#_&[ %P"=)"H4E,",B(G ;X#QN=2)P&Q CT M@_4%N'( & MX&3_'( J\!L!(/(=X"M3&W,A,=1S/Q\,10408Q\,"OOQ%"%S,3@:1CI9!= + M$*=C,P,2U&@4=P1!#.-#MU(" +<&PZ),!(@8D^ M@F5 '#!S9"X%H!9M.W46(0!*L!X`< `!````( ```%)E.B @0V%N(&9I8F5R M(&]P=&EC*%XZ 8WC.]$="@ MK@``P&9#2 ``0 `Y`*#R27$NR+L!`P#Q/PD$```#`"8```````,`-@`````` M`@%'``$````S````8SU54SMA/2 [<#U.05-$.VP]4DM67U-25E]%6$,M.38Q M,3 Q,3DU-# W6BTQ,#@X,C(```(!^3\!````10````````#`/H_`0````X` M``!-86EW86QD+"!%&-H,BYR:W8N;F%S9"YC;VT^``]V ` end From firewalls-owner Fri Nov 1 12:32:11 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA04123 for firewalls-outgoing; Fri, 1 Nov 1996 12:25:24 -0800 (PST) Received: from mclo50.med.navy.mil ([164.167.86.50]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA04114 for ; Fri, 1 Nov 1996 12:25:16 -0800 (PST) Received: from mclo100.med.navy.mil (mclo100.med.navy.mil [164.167.86.100]) by mclo50.med.navy.mil (8.7.4/8.7.3) with ESMTP id QAA04539; Fri, 1 Nov 1996 16:13:38 -0500 Message-Id: <199611012113.QAA04539@mclo50.med.navy.mil> From: "Bob Resino" To: "Maiwald, Eric" , "'Firewalls List'" Subject: Re: Can fiber optics be tapped Date: Fri, 1 Nov 1996 15:23:10 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A modified OTDR (Optical Time-Domain Reflectimeter)? ---------- > From: Maiwald, Eric > To: 'Firewalls List' > Subject: Re: Can fiber optics be tapped > Date: Friday, November 01, 1996 2:54 PM > > > Please excuse the terminalogy as I am not > an optical engineer. > > I seem to recall hearing about devices that > could detect a tap in fiber. They worked by > sending light at frequencies slightly different > than the primary channel. If the fiber were > bent to tap the light, the other frequencies > would attenuate a larger amount than the > primary channel thus allowing a monitor > to "see" the tap. > > Any body else hear of these things? > > Eric > > > > Eric Maiwald > Assistant Director, Information Security > NASD Production Services > 9513 Key West Ave. > Rockville, MD 20850 > 301-208-2954 > email: maiwalde@nasd.com > > From firewalls-owner Fri Nov 1 13:31:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA07591 for firewalls-outgoing; Fri, 1 Nov 1996 13:16:03 -0800 (PST) Received: from emout08.mail.aol.com (emout08.mx.aol.com [198.81.11.23]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id NAA07577 for ; Fri, 1 Nov 1996 13:15:56 -0800 (PST) From: KRES007@aol.com Received: by emout08.mail.aol.com (8.6.12/8.6.12) id QAA09295 for firewalls@greatcircle.com; Fri, 1 Nov 1996 16:15:49 -0500 Date: Fri, 1 Nov 1996 16:15:49 -0500 Message-ID: <961101161548_1947567760@emout08.mail.aol.com> To: firewalls@greatcircle.com Subject: HOW DO I GET OFF THE LIST Sender: firewalls-owner@GreatCircle.COM Precedence: bulk SOME BODY PLEASE TELL ME HOW I GET OFF send email to KRES@JUNO.COM From firewalls-owner Fri Nov 1 14:47:30 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA11946 for firewalls-outgoing; Fri, 1 Nov 1996 14:32:28 -0800 (PST) Received: from deere-bh.dx.deere.com (deere-bh.dx.deere.com [207.122.201.66]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id OAA11923 for ; Fri, 1 Nov 1996 14:32:18 -0800 (PST) Received: (from uucp@localhost) by deere-bh.dx.deere.com (8.6.12/8.6.11) id QAA27316 for ; Fri, 1 Nov 1996 16:32:55 -0600 Received: from deere.com by deere-bh.dx.deere.com via smap (V1.3) id sma027307; Fri Nov 1 16:32:53 1996 Received: from 90.deere.com (dts.90.deere.com) by deere.dx.deere.com (4.1/SMI-4.0) id AA12364; Fri, 1 Nov 96 16:32:09 CST Received: from dogbert by 90.deere.com (SMI-8.6/SMI-SVR4) id QAA20747; Fri, 1 Nov 1996 16:31:16 -0600 Message-Id: <327A7A33.4C1D@90.deere.com> Date: Fri, 01 Nov 1996 16:31:15 -0600 From: Bert Carroll Organization: John Deere X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5.1 sun4u) Mime-Version: 1.0 To: firewalls@GreatCircle.com Subject: VPN for PC users Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Any one have an good ideal of how to allow remote users connecting to most any ISP to do VPN back to my network? I like PPTP (willing to look at other stuff) but I don't want to stick a NT server on the internet. bc17684@90.deere.com Thanks, I need all the help I can get. From firewalls-owner Fri Nov 1 15:01:59 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA12578 for firewalls-outgoing; Fri, 1 Nov 1996 14:54:38 -0800 (PST) Received: from thor.inlink.com (ultra.inlink.com [206.196.96.100]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA12565 for ; Fri, 1 Nov 1996 14:54:26 -0800 (PST) Received: from texan69.inlink.com (pm00727.inlink.com [206.196.98.219]) by thor.inlink.com (8.8.0/V8) with ESMTP id QAA16112; Fri, 1 Nov 1996 16:54:08 -0600 (CST) Message-Id: <199611012254.QAA16112@thor.inlink.com> From: "rpage" To: , Subject: Re: HOW DO I GET OFF THE LIST Date: Fri, 1 Nov 1996 16:52:52 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I wish I knew. I've been trying to get off this list for months. I have followed all the directions with no luck! ---------- > From: KRES007@aol.com > To: firewalls@GreatCircle.COM > Subject: HOW DO I GET OFF THE LIST > Date: Friday, November 01, 1996 3:15 PM > > SOME BODY PLEASE TELL ME HOW I GET OFF > > send email to > > KRES@JUNO.COM From firewalls-owner Fri Nov 1 15:17:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA12586 for firewalls-outgoing; Fri, 1 Nov 1996 14:54:45 -0800 (PST) Received: from phoenix.iss.net (phoenix.iss.net [204.241.60.5]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id OAA12564 for ; Fri, 1 Nov 1996 14:54:25 -0800 (PST) Received: (from cklaus@localhost) by phoenix.iss.net (8.6.13/8.6.12) id RAA30921 for firewalls@greatcircle.com; Fri, 1 Nov 1996 17:53:58 -0500 From: Christopher Klaus Message-Id: <199611012253.RAA30921@phoenix.iss.net> Subject: Hacker Sites Illegal To: firewalls@greatcircle.com Date: Fri, 1 Nov 1996 17:53:57 -0500 (EST) X-Mailer: ELM [version 2.4 PL24 PGP2] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does the following mean that the SPA will go after all the hacker sites you find thru Alta Vista search? Or should there be some ACA (anti cracker association) to go stop hacker sites? Would the posting of exploit code to bugtraq be considered liable for indirect infringement or is this only for hacker tools in regard to software piracy? Piracy has taken many forms on the Internet. These include making unauthorized copies of software available for download, the posting of serial numbers, cracker and hacker utilities and links to pirate FTP sites. Although many believe piracy is limited to "warez" or illegal copies of software, it extends beyond that narrow definition. Under the law, anyone who knows -- or should have known -- of the infringement and who assists, encourages or induces the infringement is liable for indirect infringement. In each of the actions SPA filed, at least two of the above infringements were present. - CUD Cu Digest Homepage: http://www.soci.niu.edu/~cudigest CONTENTS, #8.76 (Sun, Oct 27, 1996) File 2--Internet Anti-Piracy Campaign Launched -- Christopher William Klaus Voice: (770)395-0150. Fax: (770)395-1972 Internet Security Systems, Inc. "Internet Scanner finds Ste. 660,41 Perimeter Center East,Atlanta,GA 30346 your network security holes Web: http://www.iss.net/ Email: cklaus@iss.net before the hackers do." From firewalls-owner Fri Nov 1 16:17:21 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA18776 for firewalls-outgoing; Fri, 1 Nov 1996 16:11:37 -0800 (PST) Received: from halon.sybase.com (halon.sybase.com [192.138.151.33]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id QAA18769 for ; Fri, 1 Nov 1996 16:11:30 -0800 (PST) Received: from smtp1.sybase.com (sybgate) by halon.sybase.com (5.x/SMI-SVR4/SybFW4.0) id AA23078; Fri, 1 Nov 1996 16:13:22 -0800 Received: from notesgw2.sybase.com by smtp1.sybase.com (4.1/SMI-4.1/SybH3.5-030896) id AA25601; Fri, 1 Nov 96 16:11:33 PST Received: by notesgw2.sybase.com (5.x/SMI-4.1/SybEGW3.3) id AA06281; Fri, 1 Nov 1996 16:11:22 -0800 Message-Id: <9611020011.AA06281@notesgw2.sybase.com> Received: by SybaseNotes (Lotus Notes Mail Gateway for SMTP V1.1) id 2894BB7B08439E5C882563D600014ED4; Fri, 1 Nov 96 16:11:21 EDT To: Bert Carroll Cc: firewalls From: Ryan Russell/SYBASE Date: 1 Nov 96 16:14:47 EDT Subject: Re: VPN for PC users X-Lotus-Type: Reply All Mime-Version: 1.0 Content-Type: Text/Plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Firewall-1 has that feature for Win95 clients. I haven't looked into it in detail yet. Ryan ---------- Previous Message ---------- To: firewalls cc: From: bc17684 @ 90.deere.com (Bert Carroll) @ smtp Date: 11/01/96 04:31:15 PM Subject: VPN for PC users Any one have an good ideal of how to allow remote users connecting to most any ISP to do VPN back to my network? I like PPTP (willing to look at other stuff) but I don't want to stick a NT server on the internet. bc17684@90.deere.com Thanks, I need all the help I can get. From firewalls-owner Fri Nov 1 17:02:12 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA21119 for firewalls-outgoing; Fri, 1 Nov 1996 16:54:29 -0800 (PST) Received: from ns.rc.on.ca ([207.176.151.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id QAA21112 for ; Fri, 1 Nov 1996 16:54:23 -0800 (PST) Received: by ns with IMAIL 2.0 id <01BBC82E.470FCFD0@ns>; Fri, 1 Nov 1996 19:52:56 -0500 Message-ID: <2191B2309F33D0118F7000A02458D19C000000005CB0@ns> From: Russ To: "firewalls@greatcircle.com" , "'Christopher Klaus'" Subject: RE: Hacker Sites Illegal Date: Fri, 1 Nov 1996 19:52:55 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Does the following mean that the SPA will go after all the >hacker sites you find thru Alta Vista search? Or should >there be some ACA (anti cracker association) to go stop >hacker sites? Would the posting of exploit code to bugtraq >be considered liable for indirect infringement or is this only >for hacker tools in regard to software piracy? From firewalls-owner Fri Nov 1 17:20:06 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA21529 for firewalls-outgoing; Fri, 1 Nov 1996 17:03:09 -0800 (PST) Received: from swinc.com (swinc.com [198.252.182.233]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id RAA21515 for ; Fri, 1 Nov 1996 17:02:40 -0800 (PST) Received: from grail.austin.swinc.com ([204.107.173.67]) by anthrax.swinc.com with SMTP id <17025-1>; Fri, 1 Nov 1996 19:08:58 -0600 Received: by grail.austin.swinc.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBC827.C4669EC0@grail.austin.swinc.com>; Fri, 1 Nov 1996 19:06:20 -0600 Message-ID: From: "Webb, Andy" To: "'firewalls@greatcircle.com'" Subject: RE: VPN for PC users Date: Fri, 1 Nov 1996 19:06:19 -0600 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Secure Computing has a package called Net.Courier which will do this to IPsec compliant firewalls. Key exchange is currently manual. http://www.border.com regards Andy =================================================================== Andy Webb "The clue meter is reading zero." - Dilbert awebb@swinc.com Simpler-Webb, Inc. Austin, TX =================================================================== >-----Original Message----- >From: Bert Carroll [SMTP:bc17684@90.deere.com] >Sent: Friday, November 01, 1996 4:31 PM >To: firewalls@GreatCircle.com >Subject: VPN for PC users > >Any one have an good ideal of how to allow remote users connecting to >most any ISP to do VPN back to my network? I like PPTP (willing to look >at other stuff) but I don't want to stick a NT server on the internet. > > >bc17684@90.deere.com > >Thanks, I need all the help I can get. From firewalls-owner Fri Nov 1 17:37:47 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA22342 for firewalls-outgoing; Fri, 1 Nov 1996 17:21:32 -0800 (PST) Received: from answerman.mindspring.com (answerman.mindspring.com [204.180.128.8]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id RAA22333 for ; Fri, 1 Nov 1996 17:21:22 -0800 (PST) Received: from [38.11.94.66] (ip112.norfolk.va.interramp.com [38.11.94.112]) by answerman.mindspring.com (8.7.5/8.7.3) with SMTP id UAA12586; Fri, 1 Nov 1996 20:27:14 -0500 (EST) Date: Fri, 1 Nov 1996 20:27:14 -0500 (EST) X-Sender: pelicans@pop.mindspring.com Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: "Bob Resino" From: pelicans@mindspring.com (BeachCruiser) Subject: Re: Can fiber optics be tapped Cc: "Maiwald, Eric" , "'Firewalls List'" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 3:23 PM 11/1/96, Bob Resino wrote: >A modified OTDR (Optical Time-Domain Reflectimeter)? Reflectometer...but you're close enough. :) rmck From firewalls-owner Fri Nov 1 18:06:15 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA24270 for firewalls-outgoing; Fri, 1 Nov 1996 17:48:14 -0800 (PST) Received: from us.net (laurel.us.net [198.240.72.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id RAA24263 for ; Fri, 1 Nov 1996 17:48:04 -0800 (PST) Received: from rmcm001.us.net (endd7.laurel.us.net [198.240.112.152]) by us.net (8.6.5/8.6.12) with SMTP id UAA00149; Fri, 1 Nov 1996 20:27:39 -0500 X-Provider: US Net - Advanced Internet Services - (301) 572-5926 - info@us.net Message-ID: <327AA3D4.53C0@us.net> Date: Fri, 01 Nov 1996 20:28:53 -0500 From: "R. McMahon" Reply-To: rmcm001@us.net X-Mailer: Mozilla 3.0Gold (Win95; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM, cisco@spot.Colorado.EDU Subject: Router IP/MAC address Correlation Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Are any of the CISCO IOS'd capable of authenticating IP to MAC addresses from hosts outside of your LAN or router ? (used as a countermeasure against IP address spoofing from hosts over a WAN). Thanks in advance rwm From firewalls-owner Fri Nov 1 18:16:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA24210 for firewalls-outgoing; Fri, 1 Nov 1996 17:47:27 -0800 (PST) Received: from c2smtp.on.com (c2smtp.on.com [207.18.216.5]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id RAA24192 for ; Fri, 1 Nov 1996 17:47:18 -0800 (PST) Received: from Connect2 Message Router by c2smtp.on.com via Connect2-SMTP 4.10.rc2C.1; Fri, 1 Nov 1996 20:45:57 -0500 Message-ID: <58FF786201D40000@c2smtp.on.com> Date: Fri, 1 Nov 1996 20:45:00 -0500 From: Justin Potts Organization: On Technology To: firewalls@greatcircle.com, texan69@inlink.com (rpage) Subject: Re: HOW DO I GET OFF THE LIST MIME-Version: 1.0 Content-type: text/plain; charset="US-ASCII" Content-disposition: inline Content-transfer-encoding: 7BIT X-Mailer: Connect2-SMTP 4.10.rc2C.1 MHS to SMTP Gateway Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ======== Original Message ======== I wish I knew. I've been trying to get off this list for months. I have followed all the directions with no luck! ---------- > From: KRES007@aol.com > To: firewalls@GreatCircle.COM > Subject: HOW DO I GET OFF THE LIST > Date: Friday, November 01, 1996 3:15 PM > > SOME BODY PLEASE TELL ME HOW I GET OFF > > send email to > > KRES@JUNO.COM ======== Fwd by: Justin Potts ======== I'd like to second this comment. The unsubscribe instructions are incorrect and do not work, I've tried repeatedly, but to no avial. How can I contact the list administrator directly? From firewalls-owner Fri Nov 1 19:16:59 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA29275 for firewalls-outgoing; Fri, 1 Nov 1996 19:09:30 -0800 (PST) Received: from reflections.mindspring.com (reflections.mindspring.com [204.180.142.192]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id TAA29267 for ; Fri, 1 Nov 1996 19:09:15 -0800 (PST) Received: (from lists@localhost) by reflections.mindspring.com (8.7.1/8.7.1) id WAA27111; Fri, 1 Nov 1996 22:08:27 -0500 Date: Fri, 1 Nov 1996 22:08:26 -0500 (EST) From: Todd Graham Lewis To: "R. McMahon" cc: Firewalls@GreatCircle.COM, cisco@spot.Colorado.EDU Subject: Re: Router IP/MAC address Correlation In-Reply-To: <327AA3D4.53C0@us.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 1 Nov 1996, R. McMahon wrote: > Are any of the CISCO IOS'd capable of authenticating IP to MAC addresses > from hosts outside of your LAN or router ? (used as a countermeasure > against IP address spoofing from hosts over a WAN). Uhh, how exactly does one acquire the MAC address of non-local interfaces, pray tell. Additionally, if you could discover it, what's to stop an impersonator from discovering it and impersonating that as well? There are cryptographic measures which address this concern, and a lot of books which describe them. Buy one. __ Todd Graham Lewis Linux! Core Engineering Mindspring Enterprises tlewis@mindspring.com (800) 719 4664, x2804 From firewalls-owner Sat Nov 2 06:47:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA02774 for firewalls-outgoing; Sat, 2 Nov 1996 06:34:57 -0800 (PST) Received: from dns.ottawa.net (dns.ottawa.net [205.211.4.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA02767 for ; Sat, 2 Nov 1996 06:34:51 -0800 (PST) Received: from slip-ppp31.ottawa.net (slip-ppp31.ottawa.net [205.211.5.31]) by dns.ottawa.net (8.8.2/1.2) with SMTP id JAA15630; Sat, 2 Nov 1996 09:34:44 -0500 (EST) Date: Sat, 2 Nov 1996 09:34:44 -0500 (EST) Message-Id: <199611021434.JAA15630@dns.ottawa.net> X-Sender: bjm@ottawa.net X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Bert Carroll , firewalls@GreatCircle.COM From: bjm@ottawa.net (Brian McIntosh) Subject: Re: VPN for PC users Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Raptor's "EagleMobile" also provides this capability. At 04:31 PM 96/11/1 -0600, Bert Carroll wrote: >Any one have an good ideal of how to allow remote users connecting to >most any ISP to do VPN back to my network? I like PPTP (willing to look >at other stuff) but I don't want to stick a NT server on the internet. > > >bc17684@90.deere.com > >Thanks, I need all the help I can get. > > ======================================================== Brian J. McIntosh UniSol Inc. 53 Courtney Road Tel: 613 831 6373 Kanata, Ontario Fax: 613 831 4739 Canada, K2L 1M1 Email: bjm@ottawa.net ======================================================== From firewalls-owner Sat Nov 2 07:02:26 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA02863 for firewalls-outgoing; Sat, 2 Nov 1996 06:37:15 -0800 (PST) Received: from dns.ottawa.net (dns.ottawa.net [205.211.4.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA02856 for ; Sat, 2 Nov 1996 06:37:09 -0800 (PST) Received: from slip-ppp31.ottawa.net (slip-ppp31.ottawa.net [205.211.5.31]) by dns.ottawa.net (8.8.2/1.2) with SMTP id JAA17590; Sat, 2 Nov 1996 09:37:01 -0500 (EST) Date: Sat, 2 Nov 1996 09:37:01 -0500 (EST) Message-Id: <199611021437.JAA17590@dns.ottawa.net> X-Sender: bjm@ottawa.net X-Mailer: Windows Eudora Version 1.4.4 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: "Roy Berger", firewalls@GreatCircle.COM From: bjm@ottawa.net (Brian McIntosh) Subject: Re: Looking for NT "Compromise Detection" software Sender: firewalls-owner@GreatCircle.COM Precedence: bulk As you noted, some firewalls have this functionality built into the system. I'm not aware of any standalone products of this nature. At 02:48 PM 96/11/1 -0400, Roy Berger wrote: > > > > > I'm a newbie who has subscribed to this list for about 5 months. This is > my first post so please be gentle. I've been assigned the task of > researching firewall technologies for my companies products. We have a > NT based WWW product which needs to access a database server (via ODBC) > which will reside behind a firewall. We're basically trying to just be > flexible about security in terms of fitting in with a given customer's > security setup. We have a customer who has a firewall (not sure which > one) running on a Unix box. Their security guy knows the Unix world and > has indicated to us that there is some software running on their Unix box > which can detect if the system is being compromised and do something like > shutdown that connection, log the event, etc. They wanted to know if we > knew of any similar code which could run on the NT box to perform the > same function. This information came to me third hand, so obviously I'm > missing details. For all I know, the software they are talking about is > actually part of the firewall they are running on the Unix box. After > sitting on this list for 5 months and doing additional research on > firewall technology out there, I know that this type of functionality is > incorportated into some of the firewall products out there. I have a > couple of questions: > > If this "Compromise Detection" software is, in fact, a separate piece > of code which is not part of the firewall software, is there a > "generic" name for such an animal in the Unix world ? > If there is a generic name for this type of software, does anyone know > if such an animal exists for the NT world ? > > > Thanks in advance. > > Roy Berger > Mission Critical Technologies > > > > ======================================================== Brian J. McIntosh UniSol Inc. 53 Courtney Road Tel: 613 831 6373 Kanata, Ontario Fax: 613 831 4739 Canada, K2L 1M1 Email: bjm@ottawa.net ======================================================== From firewalls-owner Sat Nov 2 09:33:06 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA13933 for firewalls-outgoing; Sat, 2 Nov 1996 09:20:27 -0800 (PST) Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [204.246.65.62]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA13926 for ; Sat, 2 Nov 1996 09:20:18 -0800 (PST) Received: from parka.winternet.com (parka.winternet.com [198.174.169.9]) by darkstar.sysinfo.com (8.6.11/8.6.9) with SMTP id LAA08552; Sat, 2 Nov 1996 11:22:06 -0600 Date: Sat, 2 Nov 1996 11:13:33 -0600 (CST) From: Ron DuFresne To: "W.C. Epperson" cc: firewalls@GreatCircle.COM Subject: Re: Firewalls vs Blocking Sites In-Reply-To: <199610311459.GAA24053@miles.greatcircle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Am I the only one here getting dupes of postings to the list days after I've already gone through them? Is this a problem fron the mailing list side, or is my ISP screwing up again? Thanks, later, Ron DuFresne On Thu, 31 Oct 1996, W.C. Epperson wrote: > Wayne could of sed: > > -> By the way, I've already gotten calls from people who said they lost a lot > > -> of sleep over their PC being blocked. Knew they were doing the wrong > > -> thing. I think its working. (Of couse this is before we limited > > -> it to porno sites only). > > -> > > > > Actually, have you thought of the legal ramifications of all this? > > > > Since you have exerted control over access to sites, you have now assumed > > responsibility for the material that does get through. > > > > "It's not my fault judge, since this site wasn't blocked > > I thought it was officially approved" > > > > Wham! Multi-million dollar harrasment suit. > [snip] > > This conjecture is often made in discussions of location and/or content > filtering, but I have not seen any case law that would remotely support it. > (Caveat: I'm not a lawyer, but I'll play one on the golf course if the > strokes are right). I assume folks are analogizing/extrapolating on > decisions that providers have given up their right to a "common carrier" > defense and have become "publishers" when they begin to control content in > any fashion, but those have to do with liability for publishing libel, > obscenity, etc. That's a very different situation from that of an employer > who deploys a technical solution that partially implements an access policy > of which employees have been properly informed. If there are statutes or > case precedents that would support an employer's harrassment liability > for completing the policy implementation via monitoring and applying > sanctions, I'd like to know about them. > -- > W.C. Epperson "I have great faith in fools. > Senior SE Self-confidence, my friends call it." > Information Security Officer --Edgar Allan Poe-- > DBA Emeritus > Curmudgeon-for-Life > Virginia Dept. of Education > epperson@pen.k12.va.us > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. From firewalls-owner Sat Nov 2 11:17:53 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA29166 for firewalls-outgoing; Sat, 2 Nov 1996 10:46:08 -0800 (PST) Received: from actcom.co.il (actcom.co.il [192.114.47.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA29159 for ; Sat, 2 Nov 1996 10:45:59 -0800 (PST) Received: from localhost by actcom.co.il with SMTP (8.7.6/actcom-0.1) id UAA26796; Sat, 2 Nov 1996 20:46:40 +0200 (EET) (rfc931-sender: hayam@localhost) Date: Sat, 2 Nov 1996 20:46:39 +0200 (EET) From: Avraham Hayam To: Michael Dillon cc: firewalls@greatcircle.com Subject: Re: Can fibre-optic be tapped??? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 31 Oct 1996, Michael Dillon wrote: > > I saw thsi in a USENET newsgroup. Any basis in fact? > > > I thought I read somewhere that someone had come up with a way to > > "read" data going over a fiber link, by interference with a second laser > > "perpendicular" to the fiber - does this ring any bells out there? Hi, This is one of the ways to do it. Avraham Hayam ITSSC Jerusalem, Israel E-=Mail: hayam@actcom.co.il From firewalls-owner Sat Nov 2 11:40:10 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA06394 for firewalls-outgoing; Sat, 2 Nov 1996 11:20:34 -0800 (PST) Received: from nemesis.psionic.com (nemesis.psionic.com [206.161.70.238]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA05729 for ; Sat, 2 Nov 1996 11:19:17 -0800 (PST) Received: (from maildrop@localhost) by nemesis.psionic.com (8.7.4/8.7.3) id OAA25956 for ; Sat, 2 Nov 1996 14:19:25 -0500 X-Authentication-Warning: nemesis.psionic.com: maildrop set sender to using -f Received: from localhost(127.0.0.1) by nemesis.psionic.com via smap (V2.0beta) id xma025951; Sat, 2 Nov 96 14:18:58 -0500 Message-ID: <327B9E93.4C027A2E@psionic.com> Date: Sat, 02 Nov 1996 14:18:44 -0500 From: "Craig H. Rowland" Organization: Psionic Software Systems X-Mailer: Mozilla 3.0 (X11; I; Linux 2.0.23 i486) MIME-Version: 1.0 Newsgroups: comp.security.unix,comp.security.firewalls CC: firewalls@greatcircle.com Subject: New: Log File Auditing Package For UNIX (Free) Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk All, I'm releasing a new software package for UNIX that automates log file auditing for unusual activity and security violations. This package works very well with Firewall Tool Kit from TIS, as well as stand-alone systems running the TCP wrapper and similiar utilities. This package is essentially a clone of the "frequentcheck.sh" scripts from the TIS Gauntlet system, but has been _completely_ re-written and implemented in a slightly different manner to make it more generic for systems not running FWTK. I *have* asked for permission to clone this package from sources at TIS and there were no objections mentioned to me about doing this. This package has been extensively tested (about a year)on BSDI 2.x, Linux (Slackware and Redhat) and FreeBSD 2.x with no problems. The systems ranged from personal workstations to full-blown high volume ISP websites. No problems have been reported with it's use. Please visit my website at : http://www.psionic.com for more information. The actual program is located on : http://www.psionic.com/logcheck.html This is a low-bandwidth site (28.8) so please be patient if it is slow. Thank you for your time.. -- Craig Rowland From firewalls-owner Sat Nov 2 12:17:47 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA15957 for firewalls-outgoing; Sat, 2 Nov 1996 12:05:42 -0800 (PST) Received: from josef.ifi.unizh.ch (josef.ifi.unizh.ch [130.60.48.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id MAA15931 for ; Sat, 2 Nov 1996 12:05:33 -0800 (PST) Received: from alcatraz.ifi.unizh.ch by josef.ifi.unizh.ch with SMTP (PP) id <28984-0@josef.ifi.unizh.ch>; Sat, 2 Nov 1996 21:05:25 +0100 Message-ID: <327BA985.41C67EA6@ifi.unizh.ch> Date: Sat, 02 Nov 1996 21:05:25 +0100 From: Alejandro Motta X-Mailer: Mozilla 3.0 (X11; I; SunOS 4.1.4 sun4m) MIME-Version: 1.0 To: Majordomo Subject: Does GFX support VPN? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi everybody, Could someone tell me, if the firewall GFX-solutions support VPN? I appreciate very much Alex From firewalls-owner Sat Nov 2 13:02:30 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA20283 for firewalls-outgoing; Sat, 2 Nov 1996 12:59:24 -0800 (PST) Received: from hermes.intel.com (hermes.intel.com [143.183.152.3]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA20276 for ; Sat, 2 Nov 1996 12:59:18 -0800 (PST) Received: from ts21-06.tor.iSTAR.ca by hermes.intel.com (8.7.6/10.0i); Sat, 2 Nov 1996 12:58:13 -0800 Received: by ts21-06.tor.iSTAR.ca with Microsoft Mail id <01BBC8D5.EF021160@ts21-06.tor.iSTAR.ca>; Sat, 2 Nov 1996 15:53:04 -0500 Message-ID: <01BBC8D5.EF021160@ts21-06.tor.iSTAR.ca> From: Gene Lee To: "kmeade@tcd.ie" , "'Sunny Azah'" Cc: "Firewalls@GreatCircle.COM" Subject: RE: Remote admin. on FW's Date: Sat, 2 Nov 1996 15:52:54 -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tuesday, October 29, 1996 1:29 PM, Sunny Azah[SMTP:sazah@ibu.sj.nec.com] wrote: >Encryption based upon DES or 3-DES is sufficiently strong. >The real questions are: > > 1) How good are the keys and how well are they created, > protected, and managed? > > 2) How strong is the authentication and how well does it > resist cracking and replay attacks? > > 3) Can it be spoofed (e.g. man in the middle attack)? > > 4) Is the risk associated with remote management worth > the convenience? Also add in: 5) How secure is the remote management client? X11 attacks on a remote management GUI will defeat the strongest encryption. -- Gene Lee genel@inforamp.net genelee@vnet.ibm.com From firewalls-owner Sat Nov 2 22:32:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id WAA15454 for firewalls-outgoing; Sat, 2 Nov 1996 22:28:44 -0800 (PST) Received: from answerman.mindspring.com (answerman.mindspring.com [204.180.128.8]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id WAA15447 for ; Sat, 2 Nov 1996 22:28:37 -0800 (PST) Received: from hal (ip117.mission-viejo.ca.interramp.com [38.12.83.117]) by answerman.mindspring.com (8.7.5/8.7.3) with SMTP id BAA18298; Sun, 3 Nov 1996 01:35:14 -0500 (EST) Message-Id: <1.5.4.32.19961103063212.0066b9a8@pop.mindspring.com> X-Sender: us028272@pop.mindspring.com X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 02 Nov 1996 22:32:12 -0800 To: "Roy Berger" From: "Jeff C. Flynn" Subject: Re: Looking for NT "Compromise Detection" software Cc: firewalls@GreatCircle.COM Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > If this "Compromise Detection" software is, in fact, a separate piece > of code which is not part of the firewall software, is there a > "generic" name for such an animal in the Unix world ? I don't know a generic name, but here are some specific names... SWATCH (ftp://coast.cs.purdue.edu/pub/tools/unix/swatch/), Tripwire(ftp://coast.cs.purdue.edu/pub/COAST/Tripwire), and Netstalker (info@haystack.com) Good luck, Jeff From firewalls-owner Sun Nov 3 16:22:20 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA21452 for firewalls-outgoing; Sun, 3 Nov 1996 14:48:47 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA21445 for ; Sun, 3 Nov 1996 14:48:43 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id OAA06255 for firewalls@greatcircle.com; Sun, 3 Nov 1996 14:48:26 -0800 (PST) Received: from spanky.ov.com (spanky.pls.ov.com [198.153.190.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id RAA14396 for ; Thu, 24 Oct 1996 17:01:26 -0700 (PDT) From: footes@ov.com Received: from ccgate.pls.ov.com by spanky.ov.com with SMTP on Thu, 24 Oct 1996 17:02:28 -0700 Received: from ccMail by ccgate.pls.ov.com id AA846201707 Thu, 24 Oct 96 17:01:47 PST Date: Thu, 24 Oct 96 17:01:47 PST Message-Id: <9609248462.AA846201707@ccgate.pls.ov.com> To: firewalls@GreatCircle.COM Subject: Re[2]: Kerberos Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi PM, For a commercially available version of Kerberos, visit http://www.ov.com and read the information regarding the AXXiON-Authenitcate product. Steve From firewalls-owner Sun Nov 3 16:23:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA23000 for firewalls-outgoing; Sun, 3 Nov 1996 15:23:02 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id PAA22993 for ; Sun, 3 Nov 1996 15:22:57 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id PAA07120 for firewalls@greatcircle.com; Sun, 3 Nov 1996 15:22:40 -0800 (PST) Received: from fastlane.net (fastlane.net [204.251.16.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA04510 for ; Fri, 1 Nov 1996 12:33:07 -0800 (PST) Received: from pc11 (fw-166-124.fastlane.net [207.55.166.124]) by fastlane.net (8.7.5/8.7.3) with SMTP id OAA23288 for ; Fri, 1 Nov 1996 14:35:15 -0600 (CST) Message-Id: <1.5.4.32.19961101193130.00738c98@fastlane.net> X-Sender: tkyle@fastlane.net X-Mailer: Windows Eudora Light Version 1.5.4 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Priority: 1 (Highest) Date: Fri, 01 Nov 1996 14:31:30 -0500 To: firewalls@GreatCircle.COM From: tkyle@FastLane.NET Subject: A good fire wall for NT Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Howdy folks, I have gotten the OK to buy firewall software, it has to go on a NT network and be reasonably priced, ( 3,000-10,000) for under 100 users. Also what hardware config should I use ( intel pentium with 64megs ram or what?) It will go to a ascend pipeline 130 or a cisco 2501. any help or info is greatly appreciated!!! From firewalls-owner Sun Nov 3 16:23:52 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA22330 for firewalls-outgoing; Sun, 3 Nov 1996 15:08:10 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id PAA22323 for ; Sun, 3 Nov 1996 15:08:06 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id PAA06693 for firewalls@greatcircle.com; Sun, 3 Nov 1996 15:07:49 -0800 (PST) Received: from mars.process.com (mars.process.com [192.42.95.144]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA18099 for ; Tue, 29 Oct 1996 12:29:17 -0800 (PST) Received: from Microsoft Mail (PU Serial #1063) by mars.process.com (PostalUnion/SMTP(tm) v2.1.9a for Windows NT(tm)) id AA-1996Oct29.152600.1063.565557; Tue, 29 Oct 1996 15:27:22 -0500 From: Marcus.Goncalves@mars.process.com (Goncalves, Marcus) To: firewalls@greatcircle.com ('firewalls@greatcircle.com') Message-ID: <1996Oct29.152600.1063.565557@mars.process.com> X-Mailer: Microsoft Mail via PostalUnion/SMTP for Windows NT Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Organization: Process Software Corporation Date: Tue, 29 Oct 1996 15:27:22 -0500 Subject: **Call for Authors** Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Publisher is seeking authors in the areas of Internet, Web security, networking and emerging technologies. If you have a book idea, an outline and a conviction about it, please let me know. All submissions will be considered. Send e-mail to mg@manning.com or goncalvesv@aol.com. We'll reply quickly. _____________________________________________________ M. Goncalves, Editor - mg@manning.com Manning Publications Co., 3 Lewis Street, Greenwich, CT 06830 508-460-8084, fax 508-460-8085 http://www.browsebooks.com, http://www.spindoczine.com _____________________________________________________ From firewalls-owner Sun Nov 3 16:24:07 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA22991 for firewalls-outgoing; Sun, 3 Nov 1996 15:22:42 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id PAA22977 for ; Sun, 3 Nov 1996 15:22:38 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id PAA07115 for firewalls@greatcircle.com; Sun, 3 Nov 1996 15:22:21 -0800 (PST) Received: from gatekeeper.panasonic.com (gatekeeper.panasonic.com [140.212.2.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id KAA10453 for ; Fri, 1 Nov 1996 10:44:16 -0800 (PST) Received: from mecamail.panasonic.com by gatekeeper.panasonic.com (AIX 4.1/UCB 5.64/4.03) id AA22696; Fri, 1 Nov 1996 13:44:48 -0500 Received: from Microsoft Mail (PU Serial #1486) by mecamail.panasonic.com (PostalUnion/SMTP(tm) v2.1.8d for Windows NT(tm)) id AA-1996Nov01.134700.1486.250775; Fri, 01 Nov 1996 13:45:27 -0500 From: gelbe@panasonic.com (Gelb, Ed) To: josh@eyehand.com (josh) Cc: firewalls@GreatCircle.COM ('Majordomo-firewalls') Message-Id: <1996Nov01.134700.1486.250775@mecamail.panasonic.com> X-Mailer: Microsoft Mail via PostalUnion/SMTP for Windows NT Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Date: Fri, 01 Nov 1996 13:45:27 -0500 Subject: RE: Instant Interenet Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Just read article on IPX-IP hardware/software gates in PC Magazine November 19, 1996 issue. Article is entitled "Link Your Network to the Net" .. Among others Instant Internet is evaluated. Regards, Ed ---------- From: josh To: Firewalls Subject: Instant Interenet Date: Friday, November 01, 1996 13:01EDT I have a client that has asked me to do some research on security solutions for an e-mmail server that will link up to their Novell LAN. I was wondering if anyone on this list knows anything about Instant Internet and what they might think of it. Thanks, Josh Hugh Ermentrout NorthCoast Interactive, Inc. ------------------------------------------------- Ed Gelb Strategic Information Systems Matsushita Electric Corporation of America Panasonic Communications & Systems Company Secaucus, New Jersey, 07094 Father Creator of the "8000# Gorilla" (TM) and "PanaLOK" (TM) Firewalls ------------------------------------------------- From firewalls-owner Sun Nov 3 16:25:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA21804 for firewalls-outgoing; Sun, 3 Nov 1996 14:59:14 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA21744 for ; Sun, 3 Nov 1996 14:58:39 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id OAA06458 for firewalls@greatcircle.com; Sun, 3 Nov 1996 14:58:21 -0800 (PST) Received: from mesbne01.medeserv.com.au (mesbne01.medeserv.com.au [203.9.184.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id AAA03754 for ; Mon, 28 Oct 1996 00:47:43 -0800 (PST) Received: (from mail@localhost) by mesbne01.medeserv.com.au (8.7.4/8.7.3) id SAA27125 for ; Mon, 28 Oct 1996 18:47:34 +1000 (EST) Received: from conf010.medeserv.com.au(172.17.253.10) by mesbne01 via smap (V1.3) id /mail/incoming/sma027095; Mon Oct 28 18:47:13 1996 Message-ID: <327458B3.665E@medeserv.com.au> Date: Mon, 28 Oct 1996 16:54:43 +1000 From: Steven Herod Reply-To: sherod@medeserv.com.au Organization: Med-E-Serv Pty Ltd X-Mailer: Mozilla 3.0 (WinNT; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.com Subject: Spoofing... How does it work. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, this text came from a Telstra Security Paper as explaination of Spoofing. What I don't understand is step 5 >1.the attacker would change her host's IP address to match that of the >trusted client, > >2.the attacker would then construct a source route to the server that >specifies the direct path the IP packets should take to the server and >should take from the server back to the attacker's host, using the >trusted client as the last hop in the route to the server, > >3.the attacker sends a client request to the server using the source >route, > >4.the server accepts the client request as if it came directly from the >trusted client and returns a reply to the trusted client, > >5.the trusted client, using the source route, forwards the packet on to >the attacker's host. If the attacker's host and the trusted client both have the same IP address, Wouldn't the trusted client receive the packet and process it, regardless of it's source routing options, rather than passing it on? What am I missing? TIA Steven Herod sherod@medeserv.com.au From firewalls-owner Sun Nov 3 16:51:34 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA23094 for firewalls-outgoing; Sun, 3 Nov 1996 15:25:45 -0800 (PST) Received: from honor.greatcircle.com (honor.greatcircle.com [198.102.244.44]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id PAA23080 for ; Sun, 3 Nov 1996 15:25:39 -0800 (PST) Received: (brent@localhost) by honor.greatcircle.com (8.7.5/Honor-960830-1) id PAA07206 for firewalls@greatcircle.com; Sun, 3 Nov 1996 15:25:22 -0800 (PST) Received: from tavor.openu.ac.il (tavor.openu.ac.il [147.233.128.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id PAA27356 for ; Sat, 2 Nov 1996 15:11:50 -0800 (PST) Received: from ramon.openu.ac.il[rafi] by tavor.openu.ac.il with SMTP id AA02258 (5.67a8/IDA-1.5 for ); Sun, 3 Nov 1996 01:11:40 +0200 Received: from localhost (nullhost.openu.ac.il)[] by ramon.openu.ac.il with SMTP id AA04199 (5.67a8/IDA-1.5); Sun, 3 Nov 1996 01:11:38 +0200 Date: Sun, 3 Nov 1996 01:11:37 +0200 (IST) From: Rafi Sadowsky X-Sender: rafi@ramon Reply-To: Rafi Sadowsky To: Ron DuFresne Cc: "W.C. Epperson" , firewalls@GreatCircle.COM Subject: Re: Firewalls vs Blocking Sites In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk well this is second time I've seen your message & it seems to be a frequent occurence :-( havn't checked to see if every message is doubled though .... examining the headers it seems that your mail is relayed via darkstar.sysinfo.com unless it should be it may be bouncing back all the mails ( sorry - no time to check all the headers from the firewalls list :-( ) add to that that I don't find either of darkstar.sysinfo.com or 204.246.65.62 in the DNS database + the fact that there is no route to that IP address ( get stuck in ibm.net's backbone network with a host unreachable ) - something funny is going on Enjoy (?) Rafi P.S. what has the firewalls list owner to say : = Return-Path: Received: from miles.greatcircle.com by relay4.UU.NET with ESMTP (peer crosschecked as: miles.greatcircle.com [198.102.244.34]) id QQbocs07685; Sat, 2 Nov 1996 12:38:33 -0500 (EST) Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA13933 for firewalls-outgoing; Sat, 2 Nov 1996 09:20:27 -0800 (PST) Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [204.246.65.62]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA13926 for ; Sat, 2 Nov 1996 09:20:18 -0800 (PST) Received: from parka.winternet.com (parka.winternet.com [198.174.169.9]) by darkstar.sysinfo.com (8.6.11/8.6.9) with SMTP id LAA08552; Sat, 2 Nov 1996 11:22:06 -0600 Date: Sat, 2 Nov 1996 11:13:33 -0600 (CST) From: Ron DuFresne ============ -- Rafi Sadowsky rafi@tavor.openu.ac.il [postmaster@openu.ac.il] VoiceMail: +972-3-6460592 FAX: +972-3-6460744 Network Architect | ILAN-CERT(CERT-L@VM.TAU.AC.IL) Open University of Israel | Technical coordinator (PGP key availble by finger or key servers) On Sat, 2 Nov 1996, Ron DuFresne wrote: > > Am I the only one here getting dupes of postings to the list days after > I've already gone through them? Is this a problem fron the mailing list > side, or is my ISP screwing up again? > > Thanks, later, > > Ron DuFresne > > > On Thu, 31 Oct 1996, W.C. Epperson wrote: > > > Wayne could of sed: > > > -> By the way, I've already gotten calls from people who said they lost a lot > > > -> of sleep over their PC being blocked. Knew they were doing the wrong > > > -> thing. I think its working. (Of couse this is before we limited > > > -> it to porno sites only). > > > -> > > > > > > Actually, have you thought of the legal ramifications of all this? > > > > > > Since you have exerted control over access to sites, you have now assumed > > > responsibility for the material that does get through. > > > > > > "It's not my fault judge, since this site wasn't blocked > > > I thought it was officially approved" > > > > > > Wham! Multi-million dollar harrasment suit. > > [snip] > > > > This conjecture is often made in discussions of location and/or content > > filtering, but I have not seen any case law that would remotely support it. > > (Caveat: I'm not a lawyer, but I'll play one on the golf course if the > > strokes are right). I assume folks are analogizing/extrapolating on > > decisions that providers have given up their right to a "common carrier" > > defense and have become "publishers" when they begin to control content in > > any fashion, but those have to do with liability for publishing libel, > > obscenity, etc. That's a very different situation from that of an employer > > who deploys a technical solution that partially implements an access policy > > of which employees have been properly informed. If there are statutes or > > case precedents that would support an employer's harrassment liability > > for completing the policy implementation via monitoring and applying > > sanctions, I'd like to know about them. > > -- > > W.C. Epperson "I have great faith in fools. > > Senior SE Self-confidence, my friends call it." > > Information Security Officer --Edgar Allan Poe-- > > DBA Emeritus > > Curmudgeon-for-Life > > Virginia Dept. of Education > > epperson@pen.k12.va.us > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > "Cutting the space budget really restores my faith in humanity. It > eliminates dreams, goals, and ideals and lets us get straight to the > business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > > OK, so you're a Ph.D. Just don't touch anything. > From firewalls-owner Sun Nov 3 18:47:43 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id SAA08724 for firewalls-outgoing; Sun, 3 Nov 1996 18:35:19 -0800 (PST) Received: from merak.idola.net.id (merak.IdOLA.net.id [202.152.0.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id SAA08717 for ; Sun, 3 Nov 1996 18:35:10 -0800 (PST) Received: from ded_la6.IdOLA.net.id by merak.idola.net.id; (5.65v3.2/1.1.8.2/22Mar96-0518PM) id AA03886; Mon, 4 Nov 1996 09:39:02 +0700 Date: Mon, 4 Nov 1996 09:39:02 +0700 Message-Id: <9611040239.AA03886@merak.idola.net.id> X-Sender: aries@202.152.0.250 (Unverified) X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: firewalls@greatcircle.com From: "Yohannes A. Sulistyono" Subject: Re: HOW DO I GET OFF THE LIST Sender: firewalls-owner@GreatCircle.COM Precedence: bulk me too..... At 16:15 01/11/96 -0500, you wrote: >SOME BODY PLEASE TELL ME HOW I GET OFF > >send email to > >KRES@JUNO.COM > > --------------------------------------------------------------- Yohannes Aries Sulistyono email : aries@idola.net.id Internet Service Division http://www.idola.net.id/~aries PT Aplikanusa Lintasarta Phone : +6221-2302345 Menara Thamrin 12th Fl Fax : +6221-2303883 Jl MH Thamrin kav 3 JAKARTA - 10340 INDONESIA --------------------------------------------------------------- From firewalls-owner Sun Nov 3 20:02:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA12539 for firewalls-outgoing; Sun, 3 Nov 1996 19:54:43 -0800 (PST) Received: from hil-img-3.compuserve.com (hil-img-3.compuserve.com [149.174.177.133]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id TAA12532 for ; Sun, 3 Nov 1996 19:54:37 -0800 (PST) Received: by hil-img-3.compuserve.com (8.6.10/5.950515) id WAA04564; Sun, 3 Nov 1996 22:54:36 -0500 Date: 03 Nov 96 22:51:35 EST From: John Madincea <71333.2026@CompuServe.COM> To: Subject: multicast question Message-ID: <961104035134_71333.2026_DHB47-1@CompuServe.COM> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi All, My firewalls have recently begun to receive UDP 520 broadcasts from internal (secured) routers. The destination for these broadcast are for IP address 224.0.0.9. I beleive that this address is used for some type of multicasting (RIP 1 or RIP 2) ? If anyone knows anything about this Id like to hear from you. Thanks, John Madincea 71333.2026@compuserve.com From firewalls-owner Mon Nov 4 01:32:51 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA24850 for firewalls-outgoing; Mon, 4 Nov 1996 01:18:15 -0800 (PST) Received: from ibmmail.COM (ibmmail.com [199.171.26.3]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA24843 for ; Mon, 4 Nov 1996 01:18:07 -0800 (PST) From: dehtpnmk@ibmmail.com Message-Id: <199611040918.BAA24843@miles.greatcircle.com> Received: from ibmmail by ibmmail.COM (IBM VM SMTP V2R3) with BSMTP id 2186; Mon, 04 Nov 96 04:18:00 EST Date: Mon, 04 Nov 1996 04:17:57 EST To: FIREWALLS@GREATCIRCLE.COM MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From: Amadeus Forums AT MUCVM1 Organization: AMADEUS Global travel - Erding - DE Subject: FW-1 proxy and HTTPS Amadeus FORUMS for DAVID BLACK : private replies to: How can a i get HTTPS working through firewall-1, we are running 2.1 and received 'Netscape is unable to locate the server' Thanks, Dave Black System Programmer, Amadeus Global Travel, Munich, Germany osg023@mucvm1, dehtpz79@ibmmail.com, (49) 8122-43-5795 fax(3260) From firewalls-owner Mon Nov 4 01:47:40 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA24976 for firewalls-outgoing; Mon, 4 Nov 1996 01:22:35 -0800 (PST) Received: from mustard.roke.co.uk (dns.roke.co.uk [193.118.192.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA24969 for ; Mon, 4 Nov 1996 01:22:28 -0800 (PST) From: Greg.Donkin@roke.co.uk Received: from sage.roke.co.uk by mustard.roke.co.uk with SMTP (PP); Mon, 4 Nov 1996 09:19:27 +0000 Received: from ccMail by sage.roke.co.uk (SMTPLINK V2.11) id AA847121120; Mon, 04 Nov 96 09:21:06 PST Date: Mon, 04 Nov 96 09:21:06 PST Message-Id: <9610048471.AA847121120@sage.roke.co.uk> To: Firewalls@GreatCircle.com Subject: Portscan by Netmeeting Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The other day i was looking at the logs from our Firewall-1 and saw a portscan starting at port 1 all the way up to 65535. Of course i start looking at it further & discover it's come from the *inside* of the wall. Looks like one of the users has been playing around, so pausing only to pick up the office baseball bat on the way out, i go to have a quiet word, but when i talked to him he said it's part of the beta Netmeeting 2 from our old chums Microsoft. I haven't looked at it myself but i'd take our guy's word for it. He says it's a few lines of VBasic which looks for a port to use. Seems to me this is, how shall i put it? Irresponsible? Designed to piss off Firewall administrators? Anyone else come across this? Anyone from M$ care to comment? Greg Greg Donkin Email: Greg.Donkin@roke.co.uk Siemens Business Services at Roke Manor Research #include From firewalls-owner Mon Nov 4 02:17:34 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id CAA27729 for firewalls-outgoing; Mon, 4 Nov 1996 02:02:44 -0800 (PST) Received: from duct.mail.pipex.net (duct.mail.pipex.net [158.43.128.21]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id CAA27713 for ; Mon, 4 Nov 1996 02:02:31 -0800 (PST) Received: from zeufwext.zeuros.co.uk by duct.pipex.net with SMTP (PP); Mon, 4 Nov 1996 10:01:42 +0000 Received: by snow-white.zeuros.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBCA37.58C247C0@snow-white.zeuros.co.uk>; Mon, 4 Nov 1996 10:02:54 -0000 Message-ID: From: Andrew Bays To: "'Lawrence Lerner'" Cc: "'firewalls@greatcircle.com'" Subject: RE: MIMESweeper Date: Mon, 4 Nov 1996 10:02:47 -0000 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Lawrence, We have installed and configured MIIMEsweeper at a few sites now. The lag time is minimal for 95% of e-mail traffic. It really does fly through the system if the system is configured with enough memory and disk space. Obviously the larger the attachment for unravelling the longer it takes. This is marginal in terms of the overall delivery time of e-mail generally. As for configuration, the position of MIMEsweeper for the sites we have consulted in is directly behind the firewall in front of the SMTP gateway(s) for the corporation. For the most part the configuration is virus scanning, User authentication and automatic replies set for certain mail captured i.e. Virus detect, Unreadable data, User not authorised etc... Users will not see the delay unless of course their e-mail is quarantined or bounced. Andrew Zeuros Network Solutions >---------- >From: Lawrence Lerner[SMTP:lernerl@metamor.com] >Sent: 31 October 1996 13:09 >To: 'FW-MailingList' >Subject: MIMESweeper > >A few months ago there was heavy discussion on virus walls and e-mail >checkers. Is anybody currently using MIMESweeper? If so, what is the >configuration for the MIMESweeper box and what is your mail traffic like? I >am trying to establish, how much lag time it will add to incoming an outgoing >mail. > >Thanks! >/**********************************************************************/ >Lawrence Lerner 312.251.7975 >Metamor Technologies, Ltd. lernerl@metamor.com >One North Franklin >Chicago, IL 60606 > From firewalls-owner Mon Nov 4 02:32:56 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id CAA28920 for firewalls-outgoing; Mon, 4 Nov 1996 02:17:30 -0800 (PST) Received: from malraux.matranet.com ([194.117.213.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id CAA28883 for ; Mon, 4 Nov 1996 02:17:10 -0800 (PST) Received: (from uucp@localhost) by malraux.matranet.com (8.7.4/8.7.3) id LAA26298; Mon, 4 Nov 1996 11:09:50 +0100 (MET) Received: from verlaine.imatranet.com(192.0.2.2) by malraux.matranet.com via smap (3.2) id xma026292; Mon, 4 Nov 96 11:09:25 +0100 Received: from ronsard.imatranet.com ([192.0.2.13]) by verlaine.imatranet.com (post.office MTA v2.0 0813 ID# 0-18250U90) with SMTP id AAA267; Mon, 4 Nov 1996 11:14:49 +0100 Message-ID: <327DC15D.167EB0E7@matranet.com> Date: Mon, 04 Nov 1996 11:11:41 +0100 From: chilali Organization: matranet X-Mailer: Mozilla 3.0 (X11; I; BSD/OS 2.0 i386) MIME-Version: 1.0 To: jadylson@iptec.com.br CC: firewalls@GreatCircle.com Subject: Re: TIS - Fwtk instalation in BSDI References: <2.2.32.19961031130220.006f2ed4@gb1-rio.rio.nutecnet.com.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk jadylson@iptec.com.br wrote: > > > > Hi All, > > I`m trying to intall the TIS - fwtk in BSDI. When i run Make, i > have the following message: > > bash# make > for a in lib auth smap smapd netacl plug-gw ftp-gw tn-gw rlogin-gw http-gw x-gw; > do ( cd $a; echo all: `pwd`; make all ); done > all: /fwtk/fwtk/lib > "Makefile", line 14: Need an operator > Fatal errors encountered -- cannot continue > *** Error code 1 > The bsdi make and the gnu one are incompatible: bsd make uses the notation: .include "Makfeile.config" and the gnu make : include Makefile.config so you have to clean all the makefiles (or run gmake instead of make...) The FWTK distrib comes with a script that should solve your problem. look for fixmake. Mahmoud Chilali chilali@matranet.com http://www.matranet.com From firewalls-owner Mon Nov 4 04:17:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA05369 for firewalls-outgoing; Mon, 4 Nov 1996 04:04:39 -0800 (PST) Received: from qs.secapl.com (QS.secapl.com [192.131.69.9]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA05360 for ; Mon, 4 Nov 1996 04:04:27 -0800 (PST) Received: from Cookie.secapl.com (Cookie.secapl.com [192.108.247.19]) by qs.secapl.com (8.6.12/8.6.12) with SMTP id FAA121974; Mon, 4 Nov 1996 05:51:16 -0600 Received: from Fozzie.secapl.com by Cookie.secapl.com (AIX 3.2/UCB 5.64/4.03) id AA25276; Mon, 4 Nov 1996 06:04:25 -0600 Received: from localhost by fozzie.secapl.com (AIX 4.1/UCB 5.64/4.03) id AA121324; Mon, 4 Nov 1996 07:03:38 -0500 Date: Mon, 4 Nov 1996 07:03:36 -0500 (EST) From: Tony Iannotti To: Frank Willoughby Cc: firewalls@GreatCircle.COM Subject: Re: NCSA membership In-Reply-To: <9610310049.AA03180@su1.in.net> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 30 Oct 1996, Frank Willoughby wrote: > Another alternative which I have found very useful is to try the folks > at CSI (Computer Security Institute). Their web address is: > http://www.gocsi.com They can also be reached via landlines at: > (415) 905-2626. They are the older, and more traditional group, ya? I have almost gone to two of their seminars in Chi, and will definitely do so next time. Excellent agendas..... From firewalls-owner Mon Nov 4 04:32:38 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA05407 for firewalls-outgoing; Mon, 4 Nov 1996 04:05:52 -0800 (PST) Received: from lexicon.ins.com (lexicon.ins.com [199.0.193.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id EAA05378 for ; Mon, 4 Nov 1996 04:05:36 -0800 (PST) Received: from martin_d.cci.cox.com ([206.98.142.20]) by lexicon.ins.com (8.7.5/8.7.3) with SMTP id EAA27843; Mon, 4 Nov 1996 04:05:07 -0800 (PST) Message-Id: <2.2.32.19961104120458.006d28d0@lexicon.ins.com> X-Sender: martin_d@lexicon.ins.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 04 Nov 1996 07:04:58 -0500 To: Greg.Donkin@roke.co.uk From: Darwin Martinez Subject: Re: Portscan by Netmeeting Cc: firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Using FW-1 here, and unfortunately when using NAT, FW-1 ver 3.0 is needed, and not due out until later this year. BUT, when my client was trying this app, I didn'd see what you are referring to. Just the applicable ports needed by NetMeeting, no portscanning. Hope this helps. At 09:21 AM 11/4/96 PST, you wrote: > >The other day i was looking at the logs from our Firewall-1 and saw a >portscan starting at port 1 all the way up to 65535. Of course i start >looking at it further & discover it's come from the *inside* of the wall. >Looks like one of the users has been playing around, so pausing only to >pick up the office baseball bat on the way out, i go to have a quiet word, >but when i talked to him he said it's part of the beta Netmeeting 2 from >our old chums Microsoft. I haven't looked at it myself but i'd take our >guy's word for it. He says it's a few lines of VBasic which looks for a >port to use. Seems to me this is, how shall i put it? Irresponsible? >Designed to piss off Firewall administrators? > >Anyone else come across this? Anyone from M$ care to comment? > >Greg > >Greg Donkin Email: Greg.Donkin@roke.co.uk > >Siemens Business Services at Roke Manor Research > >#include > > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Darwin L. Martinez Voice: 404-843-5954 Network Systems Engineer Pager: 888-346-1320 International Network Services Vmail: 770-641-4004 Atlanta Office Email: darwin_martinez@ins.com "Let him who hath understanding reckon the number of the beast." ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From firewalls-owner Mon Nov 4 04:52:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA06781 for firewalls-outgoing; Mon, 4 Nov 1996 04:38:08 -0800 (PST) Received: from tymix.Tymnet.COM (tymix.tymnet.com [131.146.2.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA06757 for ; Mon, 4 Nov 1996 04:37:59 -0800 (PST) Received: by tymix.Tymnet.COM (4.1/SMI-4.1) id AA23369; Mon, 4 Nov 96 04:37:55 PST Received: from delta by tymix.Tymnet.COM (in.smtpd); 4 Nov 0 4:37:54 PDT Received: by delta.tymnet.com (4.1/SMI-4.1) id AA07349; Mon, 4 Nov 96 04:37:52 PST From: dtosic@delta.Tymnet.COM (Dragan Tosic) Message-Id: <9611041237.AA07349@delta.tymnet.com> Subject: Sun Screen experiance To: firewalls@greatcircle.com Date: Mon, 4 Nov 1996 04:37:51 -0800 (PST) X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi there, anybody on this list with experience with Sun Screen product ? If yes ,would you mind sharing your opinions ( good or bad ) with me ? I am interested in performance issues, encryption ( SunScreen has couple encryption algorhytmus implemented),user friendliness and such... TIA D.B.Tosic Frankfurt/Germany From firewalls-owner Mon Nov 4 05:02:46 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA08110 for firewalls-outgoing; Mon, 4 Nov 1996 04:56:39 -0800 (PST) Received: from dtcro002.apogee-com.fr (firewall.apogee-com.fr [194.2.187.130]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id EAA08091 for ; Mon, 4 Nov 1996 04:56:28 -0800 (PST) Received: by dtcro002.apogee-com.fr; id NAA22380; Mon, 4 Nov 1996 13:56:19 +0100 (MET) Received: from dtcxs001.apogee-com.fr(10.129.16.1) by firewall.apogee-com.fr via smap (V3.1.1) id xma022378; Mon, 4 Nov 96 13:56:17 +0100 Received: from ingpc003.apogee-com.fr by dtcxs001.apogee-com.fr (4.1/SMI-4.1) id AA26833; Mon, 4 Nov 96 13:52:32 +0100 Message-Id: <327DE649.EEA@apogee-com.fr> Date: Mon, 04 Nov 1996 13:49:13 +0100 From: Jean-Francois Zwobada Reply-To: zwobada@apogee-com.fr Organization: APOGEE Communications X-Mailer: Mozilla 3.0Gold (Win95; I) Mime-Version: 1.0 To: dehtpnmk@ibmmail.com Cc: FIREWALLS@GREATCIRCLE.COM Subject: Re: References: <199611040918.BAA24843@miles.greatcircle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk dehtpnmk@ibmmail.com wrote: > > From: Amadeus Forums AT MUCVM1 > Organization: AMADEUS Global travel - Erding - DE > Subject: FW-1 proxy and HTTPS > > Amadeus FORUMS for DAVID BLACK : > private replies to: > > How can a i get HTTPS working through firewall-1, we are > running 2.1 and received 'Netscape is unable to locate the server' > > Thanks, > Dave Black > System Programmer, Amadeus Global Travel, Munich, Germany > osg023@mucvm1, dehtpz79@ibmmail.com, (49) 8122-43-5795 fax(3260) Well, did you add a service object for https ? (443/TCP) Jean-Francois -- _____ Jean-Francois Zwobada (mailto:zwobada@apogee-com.fr) _______ Apogee Communications Tel : +33 01 69 85 56 47 Fax : +33 01 69 85 56 48 This guy is powered by a Z81 running gopherd _________________________________________________________________ From firewalls-owner Mon Nov 4 05:33:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA10129 for firewalls-outgoing; Mon, 4 Nov 1996 05:22:38 -0800 (PST) Received: from iquest.net (iquest4.iquest.net [206.53.230.100]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA10101 for ; Mon, 4 Nov 1996 05:22:28 -0800 (PST) Received: from LOCALNAME by iquest.net with smtp (Smail3.1.29.1 #5) id m0vKOve-003iLyC; Mon, 4 Nov 96 08:19 EST Message-ID: <327E173F.7C88@iquest.net> Date: Mon, 04 Nov 1996 08:18:07 -0800 From: "Charles L. Johnson" Organization: RCI, Resort Condominiums International X-Mailer: Mozilla 2.01 (Win16; U) MIME-Version: 1.0 To: Tony Iannotti CC: Frank Willoughby , firewalls@GreatCircle.COM Subject: Re: NCSA membership References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Tony Iannotti wrote: > > On Wed, 30 Oct 1996, Frank Willoughby wrote: > > > Another alternative which I have found very useful is to try the folks > > at CSI (Computer Security Institute). Their web address is: > > http://www.gocsi.com They can also be reached via landlines at: > > (415) 905-2626. > > They are the older, and more traditional group, ya? I have almost gone to > two of their seminars in Chi, and will definitely do so next time. > Excellent agendas..... Good Morning Gentlemen; I have been following the 'thread' on NCSA as well as Tony's comments on CSI. I am a member of CSI, ISSA, and ASIS all of which support in one form or another the Information or Computer Security Professional / Practitioner. From personal experience I can assure you that CSI is by far the leading association that supports it's members and provides valuable information and solutions to today's problems. I have been an attendee, guest speaker, and author of several articles on Information Security/Computer Security and I have to say that I am very proud of CSI. There is a conference in Chicago, this NOV 11-13, with additional workshops beginning and ending the conference. I highly encourage you to attend. There are fabulous Birds-of-a Feather sessions that really get down to solving problems. You will walk away with more than your company invested - guaranteed. The presenter's are instructed to provide real world solutions or 'HOW TO' type presentations. These are real, not theories.... I am and have been the Information Systems Security Architect, (Officer) for two global corporations and one national corporation. CSI has been there when i needed answers. Either via the WEB, BBS, or just contacts made at the conferences. Charles L. Johnson Information Systems Security Architect RCI Indianapolis, IN From firewalls-owner Mon Nov 4 05:57:03 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA09775 for firewalls-outgoing; Mon, 4 Nov 1996 05:16:53 -0800 (PST) Received: from dns.networx.com.au (dns.networx.com.au [203.21.140.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA09701 for ; Mon, 4 Nov 1996 05:16:34 -0800 (PST) Received: from Blasphemy.death.net.au (203.21.140.10) by dns.networx.com.au (EMWAC SMTPRS 0.81) with SMTP id ; Mon, 04 Nov 1996 23:08:28 +1000 Message-ID: From: "Leon O'Brien" To: , Subject: Re: Spoofing... How does it work. Date: Mon, 4 Nov 1996 22:45:03 +1100 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Well if i understand correctly i would say that the telstra guys have it wrong... As far as i know what happens is this... 1) The Attacker gains the IP of the trusted client. 2) The Attacker the changes his IP address (the source address) to that of the trusted client 3) the Attacker then renders the Trusted Client inoperative, mainly a port, using a SYN flood method. Usually a port like the rexec would be best. 4) Then the attacker sends a request for connection to that port on the Target Server, this is all blind because the packets that are sent back do not make it to its destination (we've disabled the port). 5) Because it is all blind the attacker must know the exact actions that occur during this activity. Usually the attacker will send a command that will enable another method of entry. As far as i know thats how its done.....but i have been known to be wrong :-) Leon M/D NetWorx Pty Ltd leon@networx.com.au ---------- > From: Steven Herod > To: Firewalls@GreatCircle.com > Subject: Spoofing... How does it work. > Date: Monday, 28 October 1996 17:54 > > Hi, this text came from a Telstra Security Paper as explaination > of Spoofing. What I don't understand is step 5 > > >1.the attacker would change her host's IP address to match that of the >trusted client, > > > >2.the attacker would then construct a source route to the server that >specifies the direct path the IP packets should take to the server and >should take from the server back to the attacker's host, using the > >trusted client as the last hop in the route to the server, > > > >3.the attacker sends a client request to the server using the source >route, > > > >4.the server accepts the client request as if it came directly from the >trusted client and returns a reply to the trusted client, > > > >5.the trusted client, using the source route, forwards the packet on to >the attacker's host. > > If the attacker's host and the trusted client both have the same IP > address, Wouldn't the trusted client receive the packet and > process it, regardless of it's source routing options, rather > than passing it on? What am I missing? > > TIA > Steven Herod > sherod@medeserv.com.au From firewalls-owner Mon Nov 4 06:07:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA12841 for firewalls-outgoing; Mon, 4 Nov 1996 06:01:07 -0800 (PST) Received: from ns.rc.on.ca ([207.176.151.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA12816 for ; Mon, 4 Nov 1996 06:00:53 -0800 (PST) Received: by ns with IMAIL 2.0 id <01BBCA2E.734C30A0@ns>; Mon, 4 Nov 1996 08:59:13 -0500 Message-ID: <2191B2309F33D0118F7000A02458D19C000000005CDE@ns> From: Russ To: firewalls@GreatCircle.COM, "'tkyle@FastLane.NET'" Subject: RE: A good fire wall for NT Date: Mon, 4 Nov 1996 08:59:04 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A good Firewall for an NT network is one that provides you with the tools and options to secure your environment in the way you want to. This doesn't mean it has to be an NT Firewall! Unlike, say, a good modem (where its important that its reliable, fast, compatible, and easy to install), a Firewall has to first meet one very important criteria, namely, that it can do the job that your security policy dictates it must do. * So before you worry about whether it should run on a Pentium or not, you should define what it is you are trying to secure, who you are trying to secure it from, and what access you are going to give to people who pass through it. Without detailing these items, its impossible to pick a "good" Firewall for any environment. * Do you need to allow remote access to your network from the Internet? Do you want to have an HTTP server inside or outside of the Firewall? Do you need to pass SQL through it? Do you have the time to read reams of logs, or do you want some AI that will do much of that work for you? Do you need support for Real Audio? Are you going to use some advanced authentication to allow access out from your Internal network or do you want the Firewall to be transparent? Do you have multiple sites which you'd like to connect into a virtual LAN across the Internet? I could go on and on... * Once the features have been determined, and the assets that you are protecting have been quantified, then you can start looking at vendors. For many COTS Firewalls the operating environment isn't important. They only present you with a shell interface that can do their commands, so you don't need to understand Unix or NT in order to operate them. These Firewalls are specifically designed to do their task at hand, and nothing else. Other vendors have made products based on an underlying OS and have left access to that OS available. Usually this is so it can be customized by the user, or because they realize that other tasks might be done on the Firewall (like running an HTTP or SMTP server). The ability to run programs other than those provided by the Firewall vendor, on the Firewall, is arguable. The more you run on a Firewall, the more potential there is for something to be exploited, giving a hacker the opportunity to compromise your security. * Since I'm an NT bigot, I'd say that the ability to run IIS or MS Exchange on a Firewall represents a huge opportunity for savings for small to medium sized companies, since the cost of duplicating hardware is often not part of the budget. This lack of budget is usually because enough time wasn't spent detailing the assets that are trying to be protected. If those assets are properly quantified, the cost of the additional hardware is rarely an issue (its usually a single digit percentage of the assets that are being protected). However, if the vendor has done their work well, they may be able to run happily with other products and add security to those products as well. Given that none of the NT products have been around that long, their ability to do this is still in question. * On the surface, however, there are a number of good ports of well-known Unix Firewalls to Windows NT. Their feature sets vary, so recommending one is entirely dependent on your particular needs. * - Raptor Systems Inc. (http://www.raptor.com), has the Raptor Eagle for NT * - Global Internet (http://www.gi.net) has the Centri Firewall for Windows NT (based on TIS Gauntlet) * - Checkpoint Software Technologies Ltd. (http://www.checkpoint.com) has the Firewall-1 for Microsoft Windows NT * - Digital Equipment Corporation (http://altavista.software.digital.com/products/firewall/nfintro.htm) has their Altavista Firewall product for NT * - NetGuard Ltd. (http://www.netguard.com) has the Guardian Internet Firewall System, which has the dubious distinction of being the only Firewall listed on Microsoft's Server resources webpage, despite the fact that Global Internet is working closely with Microsoft on other products. * Of course there are others, but that should be sufficient to get your thought process working on what you need and how you can achieve it. Each vendor will probably make their own recommendations as far as hardware/ram is concerned. Remember, for most sites (i.e. those with ISDN/FR/FT1), the performance of your Internet access is dependent on the size of the pipe you have to the Internet, not on your Firewall. * Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting mailto:Russ.Cooper@RC.on.ca <-- *note the new address* From firewalls-owner Mon Nov 4 06:23:46 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA13611 for firewalls-outgoing; Mon, 4 Nov 1996 06:12:04 -0800 (PST) Received: from smartwall.v-one.com (smartwall.v-one.com [206.205.89.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA13602 for ; Mon, 4 Nov 1996 06:11:56 -0800 (PST) Received: by smartwall.v-one.com; id JAA10400; Mon, 4 Nov 1996 09:08:41 -0500 (EST) Received: from securemail.v-one.com(10.6.0.6) by smartwall.v-one.com via smap (V3.1.1) id xma010394; Mon, 4 Nov 96 09:08:24 -0500 Received: from smoubray.v-one.com (user@[10.6.0.11]) by securemail.v-one.com (8.7.4/8.7.3) with SMTP id IAA14900 for ; Mon, 4 Nov 1996 08:15:50 -0500 (EST) Date: Mon, 4 Nov 1996 08:15:50 -0500 (EST) Message-Id: <199611041315.IAA14900@securemail.v-one.com> X-Sender: smoubray@127.0.0.1 X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Firewalls@GreatCircle.COM From: smoubray@v-one.com (Steve Moubray) Subject: Re: Instant Internet Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I worked for a company that used to sell the Instant Internet box for IPX to IP connectivity. It's very inexpensive and they will swap equipment out over night easily. The tech support wasn't very good when I worked with them. They were very hard to get a hold of and seemed to take a lot of holidays. If connecting the system on a LAN with any filtering you must pass NETBIOS over IPX for the communications. That was something that even the senior Instant Internet guys didn't know. Seems like they should. In fact they kept refusing to even discuss it. They were no help at all. You will need to replace every WINSOCK.DLL that will access the Internet. That can cause a bunch of problems if your not careful. Outside of that it's not bad for the price. Some people try to install it as a firewall but it has nothing to with firewalling at all. It's an IPX to IP gateway and it isn't too bad if you ignore the tech support. It isn't a security product in any way shape or form but it does meet certain needs. >From: josh >To: Firewalls >Subject: Instant Interenet >Date: Friday, November 01, 1996 13:01EDT > >I have a client that has asked me to do some research on security >solutions for an e-mmail server that will link up to their Novell LAN. >I was wondering if anyone on this list knows anything about Instant >Internet and what they might think of it. > >Thanks, > >Josh Hugh Ermentrout >NorthCoast Interactive, Inc. > ~ Steve ---------------------------------------- Virtual Open Network Environment Security for the Connected World (tm) From firewalls-owner Mon Nov 4 07:15:19 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA17602 for firewalls-outgoing; Mon, 4 Nov 1996 07:00:58 -0800 (PST) Received: from www.gf.org (www.gf.org [207.86.8.66]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA17553 for ; Mon, 4 Nov 1996 07:00:42 -0800 (PST) Received: from ppp.gf.org by www.gf.org with smtp (Smail3.1.29.1 #2) id m0vKQRg-000TYpC; Mon, 4 Nov 96 09:56 EST Message-Id: X-Sender: ms@207.86.8.66 X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 04 Nov 1996 09:59:43 -0500 To: Firewalls@GreatCircle.COM From: Michael Smith Subject: Administrators: Do you block outgoing SSL? Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I already posted this question to the firewalls newsgroup, so I apologize to anybody who sees it twice. My company is working up an Internet application in which it is proposed to use SSL. The question has arisen, How many potential users are behind firewalls that won't let SSL (port 443) out? I'd appreciate hearing from firewall administrators as to their individual policies on this issue. (My post to the firewalls newsgroup got one permitter and one prohibiter.) Extra gratitude and good karma to administrators who are willing to discuss the rationale for their decision either way. --Michael Smith ms@gf.org From firewalls-owner Mon Nov 4 07:41:09 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA17852 for firewalls-outgoing; Mon, 4 Nov 1996 07:02:22 -0800 (PST) Received: from gw.iai.com (gw.iai.com [206.64.157.62]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA17844 for ; Mon, 4 Nov 1996 07:02:11 -0800 (PST) Received: by gw.iai.com; id KAA08015; Mon, 4 Nov 1996 10:02:08 -0500 (EST) Received: from milford.iai.com(192.206.185.2) by gw.iai.com via smap (3.2) id xma008008; Mon, 4 Nov 96 10:01:37 -0500 Received: from giga0002.iai.com by milford.iai.com (AIX 4.1/UCB 5.64/4.03) id AA25334; Mon, 4 Nov 1996 10:01:37 -0500 Received: by GIGA0002.iai.com (IBM OS/2 SENDMAIL VERSION 1.3.2)/1.0) id AA0757; Mon, 04 Nov 96 10:28:47 -0800 Message-Id: <9611041828.AA0757@GIGA0002.iai.com> Received: by Services (Lotus Notes Mail Gateway for SMTP V1.1) id 51AA57AE804C781A852563D800526EC1; Mon, 4 Nov 96 10:28:25 EDT To: Justin Potts Cc: firewalls , rpage From: Jim Egan Date: 4 Nov 96 10:02:22 EDT Subject: Re: HOW DO I GET OFF THE LIST Mime-Version: 1.0 Content-Type: Text/Plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Actually, it's easy. I inadvertantly had a mail problem on my end which caused my mail to bounce back to the list. Within one day I was off the list. To: firewalls @ greatcircle.com @ INTERNET, texan69 @ inlink.com (rpage) @ INTERNET cc: (bcc: Jim Egan) From: jpotts @ on.com (Justin Potts) @ INTERNET Date: 11/01/96 08:45:00 PM Subject: Re: HOW DO I GET OFF THE LIST ======== Original Message ======== I wish I knew. I've been trying to get off this list for months. I have followed all the directions with no luck! ---------- > From: KRES007@aol.com > To: firewalls@GreatCircle.COM > Subject: HOW DO I GET OFF THE LIST > Date: Friday, November 01, 1996 3:15 PM > > SOME BODY PLEASE TELL ME HOW I GET OFF > > send email to > > KRES@JUNO.COM ======== Fwd by: Justin Potts ======== I'd like to second this comment. The unsubscribe instructions are incorrect and do not work, I've tried repeatedly, but to no avial. How can I contact the list administrator directly? From firewalls-owner Mon Nov 4 08:09:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA23128 for firewalls-outgoing; Mon, 4 Nov 1996 07:52:50 -0800 (PST) Received: from netcom.netcom.com (netcom.netcom.com [192.100.81.100]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA23114 for ; Mon, 4 Nov 1996 07:52:43 -0800 (PST) Received: (from judab@localhost) by netcom.netcom.com (8.6.13/Netcom) id HAA14385; Mon, 4 Nov 1996 07:52:43 -0800 Date: Mon, 4 Nov 1996 07:52:43 -0800 (PST) From: Juda Barnes Subject: FireWall by linux To: firewalls@GreatCircle.COM Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk hey ppl i read the mailing list for 3 mounts and i am think about put firewall in my home network , i can affoard my self only linux one computer is a Win95 secound is Linux and the last will be my firewall server can some one point me to a good document or a web right now i am reading the HOW-TO Firewall that come with the linux project i will be happy to get more info and URL's to a new resources Thanks in advice Juda Barnes From firewalls-owner Mon Nov 4 08:18:21 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA23975 for firewalls-outgoing; Mon, 4 Nov 1996 08:01:18 -0800 (PST) Received: from C930CONC.publicitas.com (mail.publicitas.com [193.73.102.141]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA23956 for ; Mon, 4 Nov 1996 08:01:05 -0800 (PST) Received: from c930smtp.publicitas.com (Administrator@localhost) by C930CONC.publicitas.com (1.0 (Berkeley 8.7) Build 340/Configuration 4) with SMTP id QAB00122; Mon, 04 Nov 1996 16:52:51 +0100 Received: from ccMail by c930smtp.publicitas.com (IMA Internet Exchange 2.02 Enterprise) id 27E11BD0; Mon, 4 Nov 96 16:54:37 +0100 Mime-Version: 1.0 Date: Mon, 4 Nov 1996 16:34:30 +0100 Message-ID: <27E11BD0.@consultas.ch> From: ddurand@consultas.ch (DURAND DIDIER) Subject: Re: To: FIREWALLS@GREATCIRCLE.COM, dehtpnmk@ibmmail.com Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi there, https is not on TCP port 80 like http. It is on TCP port 443. You have to allow this port through your firewall. Regards Didier DURAND Consultas SA - Groupe PUBLICITAS Avenue des Mousquines 4 CH-1005 Lausanne Switzerland Tel: +41-21-213-61-11 Direct: +41-21-213-61-26 Fax: +41-21-312-44-09 E-mail: ddurand@consultas.ch ========================================================================= ______________________________ Reply Separator _________________________________ Subject: Author: dehtpnmk@ibmmail.com at INTERNET Date: 4.11.96 04:17 From: Amadeus Forums AT MUCVM1 Organization: AMADEUS Global travel - Erding - DE Subject: FW-1 proxy and HTTPS Amadeus FORUMS for DAVID BLACK : private replies to: How can a i get HTTPS working through firewall-1, we are running 2.1 and received 'Netscape is unable to locate the server' Thanks, Dave Black System Programmer, Amadeus Global Travel, Munich, Germany osg023@mucvm1, dehtpz79@ibmmail.com, (49) 8122-43-5795 fax(3260) From firewalls-owner Mon Nov 4 08:37:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA24488 for firewalls-outgoing; Mon, 4 Nov 1996 08:07:15 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA24451 for ; Mon, 4 Nov 1996 08:07:02 -0800 (PST) Received: by mycroft.GreatCircle.COM (8.6.10/SMI-4.1/Brent-960123) id IAA11140; Mon, 4 Nov 1996 08:06:55 -0800 Received: from duct.mail.pipex.net(158.43.128.21) by mycroft via smap (V1.3mjr) id sma011138; Mon Nov 4 08:06:36 1996 Received: from zeufwext.zeuros.co.uk by duct.pipex.net with SMTP (PP); Mon, 4 Nov 1996 16:05:07 +0000 Received: by snow-white.zeuros.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBCA67.7ECFF220@snow-white.zeuros.co.uk>; Mon, 4 Nov 1996 15:47:34 -0000 Message-ID: From: Andrew Bays To: "'Ed Sawicki'" Cc: Firewall Support , "'firewalls@greatcircle.com'" Subject: RE: MIMESweeper Date: Mon, 4 Nov 1996 15:47:26 -0000 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Integralis in the UK. http://www.integralis.co.uk/ is their corporate page.http://www.mimesweeper.integralis.com is their MIMEsweeper product page >---------- >From: Ed Sawicki[SMTP:ed@alcpress.com] >Sent: 04 November 1996 15:26 >To: Andrew Bays >Subject: Re: MIMESweeper > >Who makes MIMESweeper? > >Ed Sawicki - author of the ALC Press books "NetWare Security", >"Optimizing NetWare" and "Networking Windows 95". >www.alcpress.com > >---------- >> From: Andrew Bays >> To: 'Lawrence Lerner' >> Cc: 'firewalls@greatcircle.com' >> Subject: RE: MIMESweeper >> Date: Monday, November 04, 1996 2:02 AM >> >> Lawrence, >> >> We have installed and configured MIIMEsweeper at a few sites now. The >> lag time is minimal for 95% of e-mail traffic. It really does fly >> through the system if the system is configured with enough memory and >> disk space. Obviously the larger the attachment for unravelling the >> longer it takes. This is marginal in terms of the overall delivery time >> of e-mail generally. >> >> As for configuration, the position of MIMEsweeper for the sites we have >> consulted in is directly behind the firewall in front of the SMTP >> gateway(s) for the corporation. For the most part the configuration is >> virus scanning, User authentication and automatic replies set for >> certain mail captured i.e. Virus detect, Unreadable data, User not >> authorised etc... >> >> Users will not see the delay unless of course their e-mail is >> quarantined or bounced. >> >> Andrew >> Zeuros Network Solutions >> >> >---------- >> >From: Lawrence Lerner[SMTP:lernerl@metamor.com] >> >Sent: 31 October 1996 13:09 >> >To: 'FW-MailingList' >> >Subject: MIMESweeper >> > >> >A few months ago there was heavy discussion on virus walls and e-mail >> >checkers. Is anybody currently using MIMESweeper? If so, what is the >> >configuration for the MIMESweeper box and what is your mail traffic >like? I >> >am trying to establish, how much lag time it will add to incoming an >outgoing >> >mail. >> > >> >Thanks! >> >/**********************************************************************/ >> >Lawrence Lerner 312.251.7975 >> >Metamor Technologies, Ltd. lernerl@metamor.com >> >One North Franklin >> >Chicago, IL 60606 >> > > From firewalls-owner Mon Nov 4 09:07:04 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA29173 for firewalls-outgoing; Mon, 4 Nov 1996 09:00:30 -0800 (PST) Received: from trem.cnt.org.br (desvio.cnt.org.br [200.19.123.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA28632 for ; Mon, 4 Nov 1996 08:55:37 -0800 (PST) Received: by trem.cnt.org.br (AIX 3.2/UCB 5.64/4.03) id AA10474; Mon, 4 Nov 1996 14:52:22 -0300 From: ormonde@trem.cnt.org.br (Rodrigo Ormonde) Message-Id: <9611041752.AA10474@trem.cnt.org.br> Subject: Re: Spoofing... How does it work. To: leon@networx.com.au (Leon O'Brien) Date: Mon, 4 Nov 1996 14:52:21 -0300 (GRNLNDST) Cc: firewalls@greatcircle.com In-Reply-To: from "Leon O'Brien" at Nov 4, 96 10:45:03 pm X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > As far as i know what happens is this... > > 1) The Attacker gains the IP of the trusted client. > 2) The Attacker the changes his IP address (the source address) to that of > the trusted client > 3) the Attacker then renders the Trusted Client inoperative, mainly a port, > using a SYN flood method. > Usually a port like the rexec would be best. > 4) Then the attacker sends a request for connection to that port on the > Target Server, this is all blind > because the packets that are sent back do not make it to its destination > (we've disabled the port). > 5) Because it is all blind the attacker must know the exact actions that > occur during this activity. Not only this. The attacker must discover what inicial sequence number the attacked host has chosen to establish the connection. Since this number has 2^32 possible values it's nearly impossible to guess it. This is what makes this kind of attack very difficult to be sucessfull. In some early implementations of TCP/IP for *nix (and for some X Terminals) the inicial sequence number wasn't a random number, but simply a number that was incremented by 1 on every connection. In this case it's trivial to guess what the next number will be. (the legendary attack from Kevin Mitnick to Shimomura's machine was based on this flaw) > Usually the attacker will send a command that will enable another method of > entry. > > As far as i know thats how its done.....but i have been known to be wrong > :-) > > Leon > M/D NetWorx Pty Ltd > leon@networx.com.au -- Rodrigo de La Rocque Ormonde e-mail: ormonde@cnt.org.br PGP Public key: finger ormonde@cnt.org.br From firewalls-owner Mon Nov 4 09:28:54 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA29191 for firewalls-outgoing; Mon, 4 Nov 1996 09:00:41 -0800 (PST) Received: from cet.cet.com (cet.cet.com [206.96.91.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA29171 for ; Mon, 4 Nov 1996 09:00:27 -0800 (PST) Received: from cet.cet.com (roberth@cet.cet.com [206.96.91.1]) by cet.cet.com (8.6.12/8.6.12) with SMTP id JAA19560; Mon, 4 Nov 1996 09:00:06 -0800 Date: Mon, 4 Nov 1996 09:00:05 -0800 (PST) From: Robert Hanson To: Greg.Donkin@roke.co.uk cc: Firewalls@GreatCircle.COM Subject: Re: Portscan by Netmeeting In-Reply-To: <9610048471.AA847121120@sage.roke.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk without a lot of thought... it occurs to me that if the scan started below port 1024 that you are being lied to... without testing it, i doubt that the programmers at microsoft would make "that blatant" of a boo boo... it would kind of be like me scanning your network to use a great new program called... "pickAmachineANDaPORTsmtp" to send this email to you.... ---> Robert H. Hanson Cutting Edge Communications, Inc. Otis Orchards, Wa. Regional Commercial Internet Service Provider (509) 927-9541 email: roberth@cet.com - http://www.cet.com/ On Mon, 4 Nov 1996 Greg.Donkin@roke.co.uk wrote: > > The other day i was looking at the logs from our Firewall-1 and saw a > portscan starting at port 1 all the way up to 65535. Of course i start > looking at it further & discover it's come from the *inside* of the wall. > Looks like one of the users has been playing around, so pausing only to > pick up the office baseball bat on the way out, i go to have a quiet word, > but when i talked to him he said it's part of the beta Netmeeting 2 from > our old chums Microsoft. I haven't looked at it myself but i'd take our > guy's word for it. He says it's a few lines of VBasic which looks for a > port to use. Seems to me this is, how shall i put it? Irresponsible? > Designed to piss off Firewall administrators? > > Anyone else come across this? Anyone from M$ care to comment? > > Greg > > Greg Donkin Email: Greg.Donkin@roke.co.uk > > Siemens Business Services at Roke Manor Research > > #include > From firewalls-owner Mon Nov 4 09:41:09 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA29768 for firewalls-outgoing; Mon, 4 Nov 1996 09:06:46 -0800 (PST) Received: from juneau.steldyn.com ([204.76.191.254]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA29740 for ; Mon, 4 Nov 1996 09:06:25 -0800 (PST) Received: by juneau.steldyn.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBCA38.0FAE6F90@juneau.steldyn.com>; Mon, 4 Nov 1996 10:08:01 -0700 Message-ID: From: Chris Pugrud To: "'Ron DuFresne'" Cc: Firewalls Mailing list Subject: Duplicate messages on Firewalls Date: Mon, 4 Nov 1996 10:07:59 -0700 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've seen duplicate messages float through this list anywhere from days to weeks after they have been sent (checking the sent time and date in the header). Chris >-----Original Message----- From: Ron DuFresne Sent: Saturday, November 02, 1996 10:14 AM To: W.C. Epperson Cc: Firewalls Mailing list Subject: Re: Firewalls vs Blocking Sites Am I the only one here getting dupes of postings to the list days after I've already gone through them? Is this a problem fron the mailing list side, or is my ISP screwing up again? Thanks, later, Ron DuFresne On Thu, 31 Oct 1996, W.C. Epperson wrote: > Wayne could of sed: > > -> By the way, I've already gotten calls from people who said they lost a lot > > -> of sleep over their PC being blocked. Knew they were doing the wrong > > -> thing. I think its working. (Of couse this is before we limited > > -> it to porno sites only). > > -> > > > > Actually, have you thought of the legal ramifications of all this? > > > > Since you have exerted control over access to sites, you have now assumed > > responsibility for the material that does get through. > > > > "It's not my fault judge, since this site wasn't blocked > > I thought it was officially approved" > > > > Wham! Multi-million dollar harrasment suit. > [snip] > > This conjecture is often made in discussions of location and/or content > filtering, but I have not seen any case law that would remotely support it. > (Caveat: I'm not a lawyer, but I'll play one on the golf course if the > strokes are right). I assume folks are analogizing/extrapolating on > decisions that providers have given up their right to a "common carrier" > defense and have become "publishers" when they begin to control content in > any fashion, but those have to do with liability for publishing libel, > obscenity, etc. That's a very different situation from that of an employer > who deploys a technical solution that partially implements an access policy > of which employees have been properly informed. If there are statutes or > case precedents that would support an employer's harrassment liability > for completing the policy implementation via monitoring and applying > sanctions, I'd like to know about them. > -- > W.C. Epperson "I have great faith in fools. > Senior SE Self-confidence, my friends call it." > Information Security Officer --Edgar Allan Poe-- > DBA Emeritus > Curmudgeon-for-Life > Virginia Dept. of Education > epperson@pen.k12.va.us > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. From firewalls-owner Mon Nov 4 10:12:24 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA01720 for firewalls-outgoing; Mon, 4 Nov 1996 09:28:11 -0800 (PST) Received: from nsco.network.com (nsco.network.com [129.191.1.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA01664 for ; Mon, 4 Nov 1996 09:27:49 -0800 (PST) Received: from mnbp.network.com (ushub.network.com) by nsco.network.com (4.1/1.34) id AA08023; Mon, 4 Nov 96 11:35:54 CST Received: by mnbp.network.com with Microsoft Mail id <327E27AB@mnbp.network.com>; Mon, 04 Nov 96 11:28:11 CST From: Craig McLellan To: firewalls Subject: CERT statistics Date: Mon, 04 Nov 96 11:27:00 CST Message-Id: <327E27AB@mnbp.network.com> X-Mailer: Microsoft Mail V3.0 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone know how I might get up to date CERT reporting statistics. Specifically I am looking for 1996 information. RGRDS....clm From firewalls-owner Mon Nov 4 10:19:47 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA03890 for firewalls-outgoing; Mon, 4 Nov 1996 09:53:26 -0800 (PST) Received: from onysd.wednet.edu (oemsunix.onysd.wednet.edu [164.116.34.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA03843 for ; Mon, 4 Nov 1996 09:53:05 -0800 (PST) Received: from ryan.onysd.wednet.edu by onysd.wednet.edu (SMI-8.6/SMI-SVR4) id JAA17402; Mon, 4 Nov 1996 09:58:32 -0800 Message-Id: <199611041758.JAA17402@onysd.wednet.edu> Reply-To: From: "Ryan Faussett" To: Subject: [Sort of OFF-TOPIC] Desktop Security Date: Mon, 4 Nov 1996 09:52:23 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I apologize for spamming the firewall list with this question. Could anyone please email me (directly to me) some good e-mail list addresses for desktop security. Mainly I constantly monitor and run several programs from a few servers on campus, which require me to be logged in as root. I'm looking for some good, proven utilites that will lock my screen after a certain interval, or upon certain key strokes. I'd be looking for BOTH macintosh and Windows 95. If anyone can help me, i'd appreciate it greatly and please respond directly to me to avoid further spamming of the firewalls list. Thank you, Ryan Faussett Ryan Faussett UNIX Systems Administrator Onalaska School District ___________________________________________________________________________ Ryan Faussett | Internet : ryanpf@onysd.wednet.edu Onalaska School District |----------------------------------- 540 Carlisle Avenue | Phone : (360) 978-4111 Onalaska, WA 98570-9654 | Fax : (360) 978-4185 ___________________________________________________________________________ From firewalls-owner Mon Nov 4 10:36:29 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA04317 for firewalls-outgoing; Mon, 4 Nov 1996 09:56:59 -0800 (PST) Received: from anthill.nsc.utah.edu (anthill.nsc.utah.edu [155.99.246.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id JAA03751 for ; Mon, 4 Nov 1996 09:52:24 -0800 (PST) Received: from telcom.utah.edu by anthill.nsc.utah.edu id KAA19978; Mon, 4 Nov 1996 10:51:42 -0700 (MST) Received: from EDU-UTAH-TELCOM/PMAILQ by telcom.utah.edu (Mercury 1.13); Mon, 4 Nov 96 10:51:38 -700 Received: from PMAILQ by EDU-UTAH-TELCOM (Mercury 1.13); Mon, 4 Nov 96 10:51:19 -700 Received: from www-netsys by telcom.utah.edu (Mercury 1.13); Mon, 4 Nov 96 10:51:13 -700 Message-ID: <327E2CC9.4B23@telcom.utah.edu> Date: Mon, 04 Nov 1996 10:50:01 -0700 From: Kyle Mallory Organization: University of Utah, Telecommunications X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Re: HOW DO I GET OFF THE LIST Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Do you have any other Email addresses that are being forwarded to your current address? I spend countless hours trying to get off a mailing list that I subscribed to from another e-mail address, and then had forwarded. My .02 worth.... -- ------------------------------------------------------------------------ Kyle Mallory | What would happen if a big asteroid hit the DNS Manager, Telcom | Earth? Judging from realistic simulations University of Utah | involving a sledge hammer and a common Voice: (801) 585-9867 | frog, we can assume it will be pretty bad. Pager: (801) 241-2183 | kmallory@telcom.utah.edu | -- Dave Barry ------------------------------------------------------------------------ From firewalls-owner Mon Nov 4 10:50:38 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA06765 for firewalls-outgoing; Mon, 4 Nov 1996 10:18:50 -0800 (PST) Received: from sol.via-net.com.br (sol.via-net.com.br [200.239.63.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA06758 for ; Mon, 4 Nov 1996 10:18:40 -0800 (PST) Received: from libra ([200.239.63.5]) by sol.via-net.com.br (post.office MTA v1.9.3 **** trial license expired ****) with SMTP id AAA216; Mon, 4 Nov 1996 16:18:52 -0200 Message-ID: <327E33CD.6BC@via-net.com.br> Date: Mon, 04 Nov 1996 16:19:57 -0200 From: cima@via-net.com.br (Fernando Cima) Reply-To: cima@via-net.com.br Organization: Via Internet Informatica X-Mailer: Mozilla 3.0 (WinNT; I) MIME-Version: 1.0 To: Rodrigo Ormonde CC: firewalls@greatcircle.com Subject: Re: Spoofing... How does it work. References: <9611041752.AA10474@trem.cnt.org.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Dear Ormonde, Rodrigo Ormonde wrote: > Not only this. The attacker must discover what inicial sequence number the > attacked host has chosen to establish the connection. Since this number has 2^32 > possible values it's nearly impossible to guess it. This is what makes this > kind of attack very difficult to be sucessfull. > In some early implementations of TCP/IP for *nix (and for some X Terminals) > the inicial sequence number wasn't a random number, but simply a number that > was incremented by 1 on every connection. In this case it's trivial to guess > what the next number will be. A nice description of this attack is in "SECURITY PROBLEMS IN THE TCP/IP PROTOCOL SUITE", by S.M. Bellovin. http://www.raptor.com/library/ipext.ps.Z Cheers, - Fernando Cima Via Internet Informatica From firewalls-owner Mon Nov 4 12:04:15 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA16192 for firewalls-outgoing; Mon, 4 Nov 1996 11:57:10 -0800 (PST) Received: from strange.qualcomm.com (strange.qualcomm.com [129.46.52.17]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA16174 for ; Mon, 4 Nov 1996 11:57:02 -0800 (PST) Received: from perry.qualcomm.com (perry.qualcomm.com [129.46.129.27]) by strange.qualcomm.com (8.7.5/1.3/8.7.2/1.12) with SMTP id LAA18528; Mon, 4 Nov 1996 11:55:54 -0800 (PST) Date: Mon, 4 Nov 1996 11:55:49 -0800 (PST) From: Christopher Seawood Reply-To: Christopher Seawood To: Juda Barnes cc: firewalls@GreatCircle.COM Subject: Re: FireWall by linux In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Also try reading the IP-Masquerading HowTo. It mainly covers connecting a local subnet to the Internet via one linux gateway, but it uses the ipfwadm tool to do so. It also covers some basic firewall commands and techniques. It's available at ftp://sunsite.unc.edu/pub/Linux/docs/HOWTO/mini/IP-Masquerade ----- Chris Seawood - Software Engineer / Unix Sysadmin http://www.qualcomm.com/~cseawood/ - Prince Fanatic / Linux Advocate Opinions stated are NOT an (un)official representation of QUALCOMM Incorporated From firewalls-owner Mon Nov 4 12:24:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA17129 for firewalls-outgoing; Mon, 4 Nov 1996 12:09:40 -0800 (PST) Received: from onysd.wednet.edu (oemsunix.onysd.wednet.edu [164.116.34.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id MAA17063 for ; Mon, 4 Nov 1996 12:09:13 -0800 (PST) Received: from ryan.onysd.wednet.edu by onysd.wednet.edu (SMI-8.6/SMI-SVR4) id MAA23903; Mon, 4 Nov 1996 12:14:19 -0800 Message-Id: <199611042014.MAA23903@onysd.wednet.edu> Reply-To: From: "Ryan Faussett" To: Subject: [Sort of OFF-TOPIC] Desktop Security Date: Mon, 4 Nov 1996 12:08:10 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I apologize for spamming the firewall list with this question. Could anyone please email me (directly to me) some good e-mail list addresses for desktop security. Mainly I constantly monitor and run several programs from a few servers on campus, which require me to be logged in as root. I'm looking for some good, proven utilites that will lock my screen after a certain interval, or upon certain key strokes. I'd be looking for BOTH macintosh and Windows 95. If anyone can help me, i'd appreciate it greatly and please respond directly to me to avoid further spamming of the firewalls list. Thank you, Ryan Faussett Ryan Faussett UNIX Systems Administrator Onalaska School District ___________________________________________________________________________ Ryan Faussett | Internet : ryanpf@onysd.wednet.edu Onalaska School District |----------------------------------- 540 Carlisle Avenue | Phone : (360) 978-4111 Onalaska, WA 98570-9654 | Fax : (360) 978-4185 ___________________________________________________________________________ From firewalls-owner Mon Nov 4 12:56:30 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA19809 for firewalls-outgoing; Mon, 4 Nov 1996 12:36:36 -0800 (PST) Received: from ISAUV0.METAMOR.COM (isauv0.METAMOR.COM [198.5.164.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id MAA19792 for ; Mon, 4 Nov 1996 12:36:25 -0800 (PST) Received: from lernerl.Metamor.com ([198.5.164.157]) by ISAUV0.METAMOR.COM with SMTP; Mon, 4 Nov 1996 14:36:24 -0600 (CST) Received: by lernerl.Metamor.com with Microsoft Mail id <01BBCA5C.A674E020@lernerl.Metamor.com>; Mon, 4 Nov 1996 14:29:56 -0600 Message-ID: <01BBCA5C.A674E020@lernerl.Metamor.com> From: Lawrence Lerner To: "firewalls@GreatCircle.COM" , "'tkyle@FastLane.NET'" Subject: RE: A good fire wall for NT Date: Mon, 4 Nov 1996 14:29:47 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Try Borderware Firewall Server 4.0. Software + Hardware should run under 15K. Hardware should be Intel Processor 65 MB RAM 2 GB Disk. Feel free to contact me directly if you have other questions. /**********************************************************************/ Lawrence Lerner 312.251.7975 Metamor Technologies, Ltd. lernerl@metamor.com One North Franklin Chicago, IL 60606 From firewalls-owner Mon Nov 4 14:10:57 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA24296 for firewalls-outgoing; Mon, 4 Nov 1996 13:17:28 -0800 (PST) Received: from relay-7.mail.demon.net (relay-7.mail.demon.net [194.217.242.9]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id NAA24287 for ; Mon, 4 Nov 1996 13:17:19 -0800 (PST) Received: from tracker.demon.co.uk ([158.152.150.126]) by relay-5.mail.demon.net id aa508816; 4 Nov 96 21:16 GMT From: Les Carleton To: josh@eyehand.com Cc: Firewalls@greatcircle.com Subject: Re: Instant Interenet Date: Mon, 04 Nov 1996 21:16:08 GMT Organization: The Doghouse Reply-To: les@tracker.demon.co.uk Message-ID: <32805ac4.248300@post.demon.co.uk> References: <327A45EE.70B0@eyehand.com> In-Reply-To: <327A45EE.70B0@eyehand.com> X-Mailer: Forte Agent .99f/32.299 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk There is a list of a range of these IPX to IP gateway machines on the Rotherwick Firewall Resource - http://www.zeuros.co.uk/firewall. ...Les... On Fri, 01 Nov 1996 10:48:14 -0800, you wrote: >I have a client that has asked me to do some research on security >solutions for an e-mmail server that will link up to their Novell LAN.=20 >I was wondering if anyone on this list knows anything about Instant >Internet and what they might think of it. > >Thanks, > >Josh Hugh Ermentrout >NorthCoast Interactive, Inc. From firewalls-owner Mon Nov 4 16:36:14 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA06490 for firewalls-outgoing; Mon, 4 Nov 1996 16:27:06 -0800 (PST) Received: from csc.com (explorer.csc.com [20.1.10.27]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id QAA06483 for ; Mon, 4 Nov 1996 16:26:58 -0800 (PST) Received: from sdfpc2.gsfc.nasa.gov by csc.com with smtp (Smail3.1.29.1 #1) id m0vKZM0-001Ac8C; Mon, 4 Nov 96 19:26 EST Message-ID: <327EACE9.BF2@csc.com> Date: Mon, 04 Nov 1996 18:56:41 -0800 From: Adam Safier Reply-To: asafier@csc.com Organization: Computer Sciences Corp. X-Mailer: Mozilla 3.0 (Win16; U) MIME-Version: 1.0 To: lists@reflections.mindspring.com CC: firewalls@greatcircle.com Subject: Re: SSH and proxy firewalls Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To my knowledge no one has bothered with a proxy. Note that with authentication at the firewall and Kerberos at the application server there is sort of a belts and suspenders effect and they can interfere with each other. The easiest or what I consider "standard" way of getting Kerberized applications through a firewall is to allow UDP traffic to your KDC on port 88 (or 750 if you are still on version 4). The firewall should maintain state information and allow a reply to the source port of the client. Once you have your tickets you open a TCP connection from the client to the destination server on an application specific port which is allowed to tunnel through the firewall. i.e. the firewall filter allows direct unauthenticated TCP traffic only to kerberized servers on specific kerberized application ports. You do authentication at the application using Kerberos, not at the firewall. Since the whole purpose of Kerberos is authentication use of s/key etc. is double authentication. The protocol itself does not take note of firewalls. Theortically you could Kerberize your Telnet proxy. There is a sample Kerberized telnet and ftp with the code you get from MIT. By making the firewall a "Kerberized server" you can use Kerberos authentication and encryption to reach the telnet prompt of the firewall. However, if you fully encrypt you data stream you will be putting a load on your firewall, especially if you then encrypt the internal link. A few encrypted session may not be a problem but hundreds of users may require real big iron. Again, I don't know of commercial firewall vendors who have done this. You would not use s/key since with kerberos you do not type a password passed over the link, although you could try to add s/key to authenticate your initial connection to the kerberos authentication server - there is a flag you can set. There is also a ietf draft to use public keys for "pre-authentication" to your Kerberos authentication server, but I don't know anything about it. If you must have s/key and kerberos you could set up separate ports - one for kerberized telnet and one for s/key or other telnet authentication. Finally, I think there is a "forward" flag in the kerberos packet. I don't know what it means for sure (It's been a long time...) but I think you could use your firewall as your kerberised application server but have the packet actually forwarded to another server for handling. Again, this is sheer speculation since I have never heard of anyone actually doing this or using this flag and obviously no firewall vendor I heard of has bothered with it. Adam From: Todd Graham Lewis > The problem, of course, is that whereas the TIS tn-gw allows you to > telnet to it and then specify your final destination, SSH and Kerberos > clients begin cryptographic negotiations with the destination host. I > imagine that Socks would be an answer, or I could hack the telnet gateway > to work with Linux's transparent proxy option. -- Adam Safier asafier@csc.com CSC-SED-Infosec (301) 794-1349 Technology Abuse: 1) Netscape Frames on a 14" screen. 2) Netscape 3.0 on a 386-33 w/ 8 Meg RAM. The above are my own opinions. I'm proud to live in a country where I'm free to express them! From firewalls-owner Mon Nov 4 18:36:29 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id SAA11594 for firewalls-outgoing; Mon, 4 Nov 1996 18:21:27 -0800 (PST) Received: from po.pacific.net.sg (po.pacific.net.sg [203.120.88.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id SAA11586 for ; Mon, 4 Nov 1996 18:21:20 -0800 (PST) From: soffyan@pacific.net.sg Received: from LOCALNAME ([203.120.77.42]) by po.pacific.net.sg (post.office MTA v2.0 0813 ID# 0-11140) with SMTP id AAA13917 for ; Tue, 5 Nov 1996 10:21:17 +0800 X-Sender: soffyan@pacific.net.sg X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: firewalls@greatcircle.com Subject: HOW DO I GET OUT FROM THIS LIST Date: Tue, 5 Nov 1996 10:21:17 +0800 Message-ID: <19961105022116.AAA13917@LOCALNAME> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I Have Benn Trying To Get Out From This List But Still Cannot. Can Someone Please Tell Me How. I Want To GET OUT FROM THIS LIST As Soon As Possible Thks Again!! Send Email 2: soffyan@pacific.net.sg From firewalls-owner Mon Nov 4 19:32:59 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA14893 for firewalls-outgoing; Mon, 4 Nov 1996 19:26:47 -0800 (PST) Received: from relay5.UU.NET (relay5.UU.NET [192.48.96.15]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id TAA14875 for ; Mon, 4 Nov 1996 19:26:39 -0800 (PST) Received: from gate1.dttus.com by relay5.UU.NET with SMTP (peer crosschecked as: gate1.dttus.com [205.160.40.75]) id QQbolp27226; Mon, 4 Nov 1996 22:26:39 -0500 (EST) Received: from cc1.dttus.com by gate1.dttus.com (5.x/SMI-SVR4) id AA24569; Mon, 4 Nov 1996 19:28:36 -0600 Received: from ccMail by cc1.dttus.com (SMTPLINK V2.11.01) id AA847155047; Mon, 04 Nov 96 14:56:21 CST Date: Mon, 04 Nov 96 14:56:21 CST From: "Ronald Hale" Message-Id: <9610048471.AA847155047@cc1.dttus.com> To: firewalls@greatcircle.com, "Maiwald, Eric" Subject: Re[2]: Can fiber optics be tapped Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Eric writes: I seem to recall hearing about devices that could detect a tap in fiber. They worked by sending light at frequencies slightly different than the primary channel. If the fiber were bent to tap the light, the other frequencies would attenuate a larger amount than the primary channel thus allowing a monitor to "see" the tap. The tool used to detect taps on fiber as well as on cables is a Time Domain Reflectometer known lovingly as a cable radar. Both send out a signal and look for signal loss over the length. When you first set up a path you run an TDR to identify connections which since the line is new have been planned and authorized. You can periodically run the TDR to compare the known with the unknown to identify illegal connections or breaks. Ron Hale Deloitte & Touche LLP From firewalls-owner Mon Nov 4 20:02:36 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA16241 for firewalls-outgoing; Mon, 4 Nov 1996 19:57:44 -0800 (PST) Received: from cs01.usafa.af.mil ([128.236.101.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id TAA16234 for ; Mon, 4 Nov 1996 19:57:37 -0800 (PST) Received: by cs01.usafa.af.mil; Mon, 4 Nov 96 20:57:32 MST Date: Mon, 4 Nov 96 20:57:32 MST Message-ID: X-Priority: 3 (Normal) To: From: "2LT Jeffery J. Lowder, 333-4615" Subject: re:Security Risks with Real Audio? X-Incognito-SN: 543 X-Incognito-Format: VERSION=2.01a ENCRYPTED=NO Sender: firewalls-owner@GreatCircle.COM Precedence: bulk One of the users in my organization would like to be able to use Real Audio. I'm wondering if one or more of you on the list would be willing to share your thoughts on the security risks of allowing real audio through a firewall. Thanks in advance, JEFFERY J. LOWDER, 2d Lt, USAF Chief, Network Security United States Air Force Academy Email: lowderjj.scs@usafa.af.mil Phone: COM: (719) 333-4615/6210 DSN: 333-4615/6210 WWW: http://www.usafa.af.mil/sc/security/ Disclaimer: This content in no way reflects the opinions, standards, or policy of the United States Air Force Academy or the United States government. From firewalls-owner Mon Nov 4 21:06:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id UAA19461 for firewalls-outgoing; Mon, 4 Nov 1996 20:50:22 -0800 (PST) Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id UAA19454 for ; Mon, 4 Nov 1996 20:50:16 -0800 (PST) Received: from rxk.India.Fluent.COM.India.Fluent.COM by relay2.UU.NET with SMTP (peer crosschecked as: [192.233.231.28]) id QQbolv00503; Mon, 4 Nov 1996 23:50:05 -0500 (EST) Received: by rxk.India.Fluent.COM (931110.SGI/930416.SGI.AUTO) for Firewalls@greatcircle.com id AA00611; Tue, 5 Nov 96 09:59:17 +0530 From: "Rajeev Kumar" Message-Id: <9611050959.ZM609@rxk.India.Fluent.COM> Date: Tue, 5 Nov 1996 09:59:16 +0000 X-Mailer: Z-Mail (3.1.0 22feb94 MediaMail) To: Firewalls@greatcircle.com Subject: Network Statistics Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi all: Can anybody suggest some freeware/product suite on collecting Network statistics like number of mails transacted, No of bytes transfer under TCP/UDP and so on. I would like to run that suite from my desktop (SGI/Indy) for all network of 10 other workstations, HUB and Router. Rajeev -- ######################################################################### Rajeev Kumar | Phone: +91-212-771923 Flow Consultants India | Fax : +91-212-771928 E-mail:rxk@india.fluent.com | Home Ph. No: +91-1332-71281 A-1 Tech. Park, M.I.D.C. | http://www.fluent.com Talwade, PUNE |---------------------------------------- INDIA |IF ANYTHING CAN GO WRONG, IT WILL ######################################################################### From firewalls-owner Mon Nov 4 21:47:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id VAA21049 for firewalls-outgoing; Mon, 4 Nov 1996 21:31:41 -0800 (PST) Received: from lexicon.ins.com (lexicon.ins.com [199.0.193.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id VAA21018 for ; Mon, 4 Nov 1996 21:31:29 -0800 (PST) Received: from ragans-compaq.dal.mobil.com (app115.applink.net [206.149.40.115]) by lexicon.ins.com (8.7.5/8.7.3) with SMTP id VAA07379; Mon, 4 Nov 1996 21:30:53 -0800 (PST) Message-Id: <3.0b33.32.19961104233805.0072ee14@lexicon.ins.com> X-Sender: ragan@lexicon.ins.com X-Mailer: Windows Eudora Pro Version 3.0b33 (32) Date: Mon, 04 Nov 1996 23:38:18 -0600 To: John Madincea <71333.2026@CompuServe.COM>, From: Charles Ragan Subject: Re: multicast question Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yep - it's for RIPv2. Charles At 10:51 PM 11/3/96 EST, John Madincea wrote: >Hi All, > >My firewalls have recently begun to receive UDP 520 broadcasts from internal >(secured) >routers. The destination for these broadcast are for IP address 224.0.0.9. I >beleive that >this address is used for some type of multicasting (RIP 1 or RIP 2) ? If anyone >knows >anything about this Id like to hear from you. > >Thanks, >John Madincea >71333.2026@compuserve.com > > > From firewalls-owner Mon Nov 4 22:52:51 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id WAA24256 for firewalls-outgoing; Mon, 4 Nov 1996 22:38:24 -0800 (PST) Received: from scanner.worldgate.com (scanner.worldgate.com [198.161.84.3]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id WAA24248 for ; Mon, 4 Nov 1996 22:38:18 -0800 (PST) Received: from znep.com (uucp@localhost) by scanner.worldgate.com (8.7.5/8.7.3) with UUCP id XAA17506 for firewalls@greatcircle.com; Mon, 4 Nov 1996 23:38:19 -0700 (MST) Received: from localhost (marcs@localhost) by alive.ampr.ab.ca (8.7.5/8.7.3) with SMTP id XAA17636 for ; Mon, 4 Nov 1996 23:37:45 -0700 (MST) Date: Mon, 4 Nov 1996 23:37:44 -0700 (MST) From: Marc Slemko X-Sender: marcs@alive.ampr.ab.ca To: firewalls@greatcircle.com Subject: packet filtering based on TCP sequence number Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone know of any packet filters available that can filter based on TCP sequence number? ie. do not let packets with a certain sequence number through. No, it isn't very useful in general but it sure would be nice to be able to filter TCP SYN denial of service attacks with random source IP and port but where the attacker is dumb enough to use the same sequence number all the time. From firewalls-owner Mon Nov 4 23:33:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA25762 for firewalls-outgoing; Mon, 4 Nov 1996 23:17:20 -0800 (PST) Received: from gatekeep.namsa.nato.int (gatekeep.namsa.nato.int [147.36.199.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id XAA25737 for ; Mon, 4 Nov 1996 23:17:09 -0800 (PST) Received: by gatekeep.namsa.nato.int with ESMTP (1.37.109.16/16.2) id AA074928179; Tue, 5 Nov 1996 08:16:20 +0100 Received: from mailhub@namsa.nato.int with ESMTP (1.37.109.16/16.2) id AA185578193; Tue, 5 Nov 1996 08:16:33 +0100 Message-Id: <327EE9D0.B4F@aows0.namsa.lu> Date: Tue, 05 Nov 1996 08:16:32 +0100 From: GUINET Thierry X-Mailer: Mozilla 2.0 (X11; I; HP-UX A.09.05 9000/735) Mime-Version: 1.0 To: Rodrigo Ormonde Cc: Firewalls@GreatCircle.com Subject: Re: Spoofing... How does it work. References: <9611041752.AA10474@trem.cnt.org.br> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Rodrigo Ormonde wrote: > Not only this. The attacker must discover what inicial sequence number the > attacked host has chosen to establish the connection. Since this number has 2^32 possible values it's nearly impossible to guess it. I beg your pardon, but although the *possibilities* are in a range of 2^32, by measuring the roundtriptime and sniffing the packets coming from your "victim" you should be able to guess the sequence number in a *reasonable* amount of time. ( And yes, I know this is an over simplified explanation :) Thierry -- Thierry Guinet Systems & Network programmer, Namsa Luxembourg T.Guinet@namsa.nato.int From firewalls-owner Tue Nov 5 01:37:15 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA02358 for firewalls-outgoing; Tue, 5 Nov 1996 01:22:51 -0800 (PST) Received: from duct.mail.pipex.net (duct.mail.pipex.net [158.43.128.21]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA02334 for ; Tue, 5 Nov 1996 01:22:40 -0800 (PST) Received: from zeufwext.zeuros.co.uk by duct.pipex.net with SMTP (PP); Tue, 5 Nov 1996 09:22:14 +0000 Received: by snow-white.zeuros.co.uk with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BBCAFA.B1C2F7C0@snow-white.zeuros.co.uk>; Tue, 5 Nov 1996 09:21:15 -0000 Message-ID: From: Andrew Bays To: "'Chris Liljenstolpe'" Cc: "'firewalls@greatcircle.com'" Subject: RE: MIMESweeper Date: Tue, 5 Nov 1996 09:21:09 -0000 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Integralis in the UK is the manufacturer. http://www.integralis.co.uk/ is their corporate page.http://www.mimesweeper.integralis.com is their MIMEsweeper product page >---------- >From: Chris Liljenstolpe[SMTP:cds@IO.COM] >Sent: 05 November 1996 10:30 >To: Andrew Bays >Subject: RE: MIMESweeper > >Greetings, > > Any pointers to MIMESweeper? > > -=Chris > >At 10:02 96-11-04 -0000, you scribed: >>Lawrence, >> >>We have installed and configured MIIMEsweeper at a few sites now. The >>lag time is minimal for 95% of e-mail traffic. It really does fly >>through the system if the system is configured with enough memory and >>disk space. Obviously the larger the attachment for unravelling the >>longer it takes. This is marginal in terms of the overall delivery time >>of e-mail generally. >> >>As for configuration, the position of MIMEsweeper for the sites we have >>consulted in is directly behind the firewall in front of the SMTP >>gateway(s) for the corporation. For the most part the configuration is >>virus scanning, User authentication and automatic replies set for >>certain mail captured i.e. Virus detect, Unreadable data, User not >>authorised etc... >> >>Users will not see the delay unless of course their e-mail is >>quarantined or bounced. >> >>Andrew >>Zeuros Network Solutions >> >>>---------- >>>From: Lawrence Lerner[SMTP:lernerl@metamor.com] >>>Sent: 31 October 1996 13:09 >>>To: 'FW-MailingList' >>>Subject: MIMESweeper >>> >>>A few months ago there was heavy discussion on virus walls and e-mail >>>checkers. Is anybody currently using MIMESweeper? If so, what is the >>>configuration for the MIMESweeper box and what is your mail traffic like? >>>I >>>am trying to establish, how much lag time it will add to incoming an >outgoing >>>mail. >>> >>>Thanks! >>>/**********************************************************************/ >>>Lawrence Lerner 312.251.7975 >>>Metamor Technologies, Ltd. lernerl@metamor.com >>>One North Franklin >>>Chicago, IL 60606 >>> >> >> >Thus end the quotation from the scroll > >-- >Chris Liljenstolpe - "The Engineer formerly known as Swanson" >Mr. Safety himself - Currently living with the penguins as >the Network Engineer at McMurdo Station, Antarctica >mailto:cds@io.com http://www.io.com/~cds/ >PGP Key 2047/37DDC209 E0 0F 16 97 33 16 F0 DD 41 B6 BC AF 20 31 AC FC > > From firewalls-owner Tue Nov 5 03:34:31 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id DAA08586 for firewalls-outgoing; Tue, 5 Nov 1996 03:17:21 -0800 (PST) Received: from sapa.inka.de (sapa.inka.de [193.197.84.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id DAA08571 for ; Tue, 5 Nov 1996 03:16:56 -0800 (PST) Received: from uu.inka.de (root@[193.197.84.8]) by sapa.inka.de with smtp (S3.1.29.1) id ; Tue, 5 Nov 96 12:16 MET Received: from lina (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Tue, 5 Nov 96 12:16 MET Received: by lina id m0vKjS7-0004ipC (Debian /\oo/\ Smail3.1.29.1 #29.37); Tue, 5 Nov 96 12:13 MET Message-Id: From: lists@lina.inka.de (Bernd Eckenfels) Subject: Re: Spoofing... How does it work. To: firewalls@greatcircle.com Date: Tue, 5 Nov 1996 12:13:55 +0100 (MET) In-Reply-To: <327EE9D0.B4F@aows0.namsa.lu> from "GUINET Thierry" at Nov 5, 96 08:16:32 am X-Mailer: ELM [version 2.4 PL25 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, > I beg your pardon, but although the *possibilities* are in a range of > 2^32, > by measuring the roundtriptime and sniffing the packets coming from your > "victim" you should be able to guess the sequence number in a > *reasonable* > amount of time. Umm... how can you guess the ISN by measuring the RTT? And of course you can't sniff the Packet from your victim (you dont need to measure anything if you can sniff the packet, since the ISN is written clear in it). If you can sniff the packet it was directed to you anyway. It is possible to sniff the Packet if you are on the same Lan or on the Upstream Link, but this is usually not the case for attackers. (The local LAN should be secured and the Upstream Links trusted, at least as long as you use insecure authentication which relies on the Source-IP). Greetings Bernd From firewalls-owner Tue Nov 5 04:17:43 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA09903 for firewalls-outgoing; Tue, 5 Nov 1996 04:11:58 -0800 (PST) Received: from trem.cnt.org.br (desvio.cnt.org.br [200.19.123.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA09887 for ; Tue, 5 Nov 1996 04:11:34 -0800 (PST) Received: by trem.cnt.org.br (AIX 3.2/UCB 5.64/4.03) id AA09942; Tue, 5 Nov 1996 10:09:23 -0300 From: ormonde@trem.cnt.org.br (Rodrigo Ormonde) Message-Id: <9611051309.AA09942@trem.cnt.org.br> Subject: Re: Spoofing... How does it work. To: thierry@namsa.nato.int (GUINET Thierry) Date: Tue, 5 Nov 1996 10:09:23 -0300 (GRNLNDST) Cc: firewalls@greatcircle.com In-Reply-To: <327EE9D0.B4F@aows0.namsa.lu> from "GUINET Thierry" at Nov 5, 96 08:16:32 am X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Rodrigo Ormonde wrote: > > > Not only this. The attacker must discover what inicial sequence number the > > attacked host has chosen to establish the connection. Since this number has 2^32 possible values it's nearly impossible to guess it. > > I beg your pardon, but although the *possibilities* are in a range of > 2^32, > by measuring the roundtriptime and sniffing the packets coming from your > "victim" you should be able to guess the sequence number in a > *reasonable* > amount of time. > ( And yes, I know this is an over simplified explanation :) Yes, your are right. The number of possible guesses for the next sequence number is much smaller than the 2^32. In fact, I didn't say it's impossible to implement this kind of attack, but is very difficult to do it in the "real world." Suppose you have an TCP implementation that increments the inicial sequence number n times per second, by a fixed amount. In this case you can measure the round trip time of one packet and guess (in a resonable way) what the next number will be. But if you have a "non-deterministic network" (the Internet), often there is a great variation of round trip time from one packet to another, and if n is a big number, a small difference of time is enough to produce a new sequence number. This is what makes this kind of attack very difficult. (but still possible :-) Best Regards. -- Rodrigo de La Rocque Ormonde Confederacao Nacional do Transporte e-mail: ormonde@cnt.org.br PGP Public key: finger ormonde@cnt.org.br "A unica certeza que voce pode ter ao tentar produzir um sistema a prova de idiotas e' que o mundo esta sempre produzindo idiotas maiores... :-) " From firewalls-owner Tue Nov 5 05:03:43 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA12571 for firewalls-outgoing; Tue, 5 Nov 1996 04:58:11 -0800 (PST) Received: from sun1.tcd.ie (sun1.tcd.ie [134.226.1.29]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id EAA12543 for ; Tue, 5 Nov 1996 04:57:54 -0800 (PST) Received: from kmeade.tcd.ie (ws005.james-hospital.tcd.ie [134.226.177.53]) by sun1.tcd.ie (8.7.1/8.6.10) with ESMTP id MAA10038 for ; Tue, 5 Nov 1996 12:57:44 GMT Message-Id: <199611051257.MAA10038@sun1.tcd.ie> From: "Ken Meade" To: Subject: Firewall selection! Date: Tue, 5 Nov 1996 12:55:11 -0000 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Many thanks for all the help you guys posted re: questions to vendors of Firewalls. Now I have it down to 2 products: TIS Firewall Toolkit TIS Gauntlet We found Firewall-1 to be the best product but the support needed a lot to be desired. Since this needs to be up and running at the end of November we can't look to another provider of Firewall-1 as to much research has been done to this point. Anyone any pros and cons for above firewalls and any bad/good experiences. Any suggestions as to why one and not the other. Many Thanks again, Ken M. From firewalls-owner Tue Nov 5 05:18:40 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA13204 for firewalls-outgoing; Tue, 5 Nov 1996 05:04:30 -0800 (PST) Received: from mercury.clearview.com.au (mercury.clearview.com.au [203.103.163.5]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id FAA13155 for ; Tue, 5 Nov 1996 05:04:04 -0800 (PST) Received: from Dragan.aone.net.au (d106-1.cpe.Melbourne.aone.net.au [203.12.184.106]) by mercury.clearview.com.au (8.7.5/8.7.3) with SMTP id AAA13953 for ; Wed, 6 Nov 1996 00:03:59 +1100 (EST) Message-ID: <327F48F0.3263@clearview.com.au> Date: Wed, 06 Nov 1996 00:02:25 +1000 From: Dragan Dimitrovici X-Mailer: Mozilla 3.0 (Win95; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Firewall Information for Theises Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, my name is Dragan and I am doing a theisis on Internet Security - Firewalls. Can anybody that has information about firewalls (eg how they work, how to set them up, why a firewall is needed, etc) could you please send me this information. Kind Regards Dragan Dimitrovici From firewalls-owner Tue Nov 5 05:39:31 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA14768 for firewalls-outgoing; Tue, 5 Nov 1996 05:30:30 -0800 (PST) Received: from sun1.tcd.ie (sun1.tcd.ie [134.226.1.29]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id FAA14759 for ; Tue, 5 Nov 1996 05:30:10 -0800 (PST) Received: from kmeade.tcd.ie (ws005.james-hospital.tcd.ie [134.226.177.53]) by sun1.tcd.ie (8.7.1/8.6.10) with ESMTP id NAA11773 for ; Tue, 5 Nov 1996 13:30:04 GMT Message-Id: <199611051330.NAA11773@sun1.tcd.ie> From: "Ken Meade" To: Subject: NCSA Certification Date: Tue, 5 Nov 1996 13:27:31 -0000 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone know if TIS firewall Toolkit has NCSA certification. The vendors claim it mother/sister product Gauntlet has which is okay, but does the Toolkit >???? Ken M. From firewalls-owner Tue Nov 5 05:48:05 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA15311 for firewalls-outgoing; Tue, 5 Nov 1996 05:38:39 -0800 (PST) Received: from sapa.inka.de (sapa.inka.de [193.197.84.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA15097 for ; Tue, 5 Nov 1996 05:35:17 -0800 (PST) Received: from uu.inka.de (root@[193.197.84.8]) by sapa.inka.de with smtp (S3.1.29.1) id ; Tue, 5 Nov 96 14:33 MET Received: from lina (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Tue, 5 Nov 96 14:33 MET Received: by lina id m0vKlUF-0004ipC (Debian /\oo/\ Smail3.1.29.1 #29.37); Tue, 5 Nov 96 14:24 MET Message-Id: From: lists@lina.inka.de (Bernd Eckenfels) Subject: Re: Spoofing... How does it work. To: thierry@namsa.nato.int (GUINET Thierry) Date: Tue, 5 Nov 1996 14:24:14 +0100 (MET) Cc: Firewalls@GreatCircle.COM In-Reply-To: <327F3E91.4CD0@aows0.namsa.lu> from "GUINET Thierry" at Nov 5, 96 02:18:09 pm X-Mailer: ELM [version 2.4 PL25 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, > (And yes, I still know my explanation is over simplified :-) Well, Systems with that easy ISN generating should be killed, anyway :) I prefer Linux with cryptografic strong ISN Generation. (md5 and fast timers and environmental noice collectiong). Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de -- ( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/ o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush* (O____O) If privacy is outlawed only Outlaws have privacy From firewalls-owner Tue Nov 5 06:33:15 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA19068 for firewalls-outgoing; Tue, 5 Nov 1996 06:17:12 -0800 (PST) Received: from gauntlet-1.trusted.com (gauntlet-1.trusted.com [204.254.155.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id GAA19060 for ; Tue, 5 Nov 1996 06:17:05 -0800 (PST) Received: by gauntlet-1.trusted.com; id JAA20124; Tue, 5 Nov 1996 09:23:59 -0500 Received: from dira.rv.tis.com(10.0.1.43) by gauntlet-1.trusted.com via smap (V3.1.1) id xma020120; Tue, 5 Nov 96 09:23:53 -0500 Received: from unit65.trusted.com (dyn189.trusted.com [10.0.1.189]) by dira.rv.tis.com (8.7.4/8.7.3) with SMTP id JAA10312; Tue, 5 Nov 1996 09:13:46 -0500 (EST) Message-Id: <2.2.32.19961105141622.006ef794@pop.trusted.com> X-Sender: avolio@pop.trusted.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 05 Nov 1996 09:16:22 -0500 To: "Ken Meade" , From: Frederick M Avolio Subject: Re: Firewall selection! Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I recommend that you check out the Gauntlet FAQ on the TIS web page for a comparison of the FWTK and Gauntlet. The FWTK is not a product (and no one sells it -- legally, anyway). http://www.tis.com/docs/products/gauntlet/gauntletfaq.html Fred At 12:55 PM 11/5/96 -0000, Ken Meade wrote: >Many thanks for all the help you guys posted re: questions to vendors of >Firewalls. >Now I have it down to 2 products: > > TIS Firewall Toolkit > TIS Gauntlet > >We found Firewall-1 to be the best product but the support needed a lot to >be desired. >Since this needs to be up and running at the end of November we can't look >to another provider of Firewall-1 as to much research has been done to this >point. > >Anyone any pros and cons for above firewalls and any bad/good experiences. >Any suggestions as to why one and not the other. > >Many Thanks again, >Ken M. > > From firewalls-owner Tue Nov 5 06:50:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA20151 for firewalls-outgoing; Tue, 5 Nov 1996 06:28:32 -0800 (PST) Received: from relay2.UU.NET (relay2.UU.NET [192.48.96.7]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA20075 for ; Tue, 5 Nov 1996 06:28:10 -0800 (PST) Received: from hnv.com by relay2.UU.NET with SMTP (peer crosschecked as: burn.hnv.com [198.137.222.2]) id QQbonh22611; Tue, 5 Nov 1996 09:28:04 -0500 (EST) Message-Id: Date: Tue, 5 Nov 96 08:28:02 CST From: jrs@hnv.com (Jeff R. Seul) To: firewalls@greatcircle.com Subject: Oracle Firewall strategy white paper Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've been doing some research about using sql*net to communicate with Oracle 7.2 (or later) databases on differing sides of a firewall. After reading some reports by Oracle and various firewall vendors, I've discovered that there exists an Oracle Firewall Strategy white paper that outlines support for a sql*net applications proxy, allowing sql*net traffic to pass through an otherwise blocked socket. The problem is that I've been unable to locate this white paper. Has anyone out there seen a document that seems to fit this description? Jeffrey Seul jrs@hnv.com From firewalls-owner Tue Nov 5 07:28:09 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA22478 for firewalls-outgoing; Tue, 5 Nov 1996 06:58:45 -0800 (PST) Received: from swissbank.swissbank.com (swissbank.swissbank.com [146.180.1.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id GAA22469 for ; Tue, 5 Nov 1996 06:58:35 -0800 (PST) Received: by swissbank.swissbank.com with UUCP (4.1/BK-1.9) id AA22466; Tue, 5 Nov 96 08:57:04 CST Received: from il.us.swissbank.com by keymaster.swissbank.com with SMTP (8.6.12/BK-1.12) id IAA15231; Tue, 5 Nov 1996 08:55:58 -0600 Received: from rowan.sbcoc.com by il.us.swissbank.com (4.1/SBCW oconnor v1.7 96/10/15) id AA11433; Tue, 5 Nov 96 08:56:44 CST Received: from ocachi_swk22.sbcoc.com by rowan.sbcoc.com (4.1/SMI-4.1) id AA28159; Tue, 5 Nov 96 08:56:43 CST Message-Id: <9611051456.AA28159@rowan.sbcoc.com> Subject: Re: Network Statistics To: rxk@rxk.india.fluent.com (Rajeev Kumar), firewalls@greatcircle.com Date: Tue, 5 Nov 96 8:56:40 CST In-Reply-To: <9611050959.ZM609@rxk.India.Fluent.COM>; from "Rajeev Kumar" at Nov 5, 96 9:59 am From: Bri X-Mailer: ELM [version 2.3 PL11] Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Can anybody suggest some freeware/product suite on collecting > Network statistics like > number of mails transacted grep sendmail /var/adm/SYSLOG | wc -l > No of bytes transfer under TCP/UDP and so on. netstat -i Honestly, if you're running a firewall through which all this traffic is passing, it should be keeping logs of all this activity. If it isn't, then most here would suggest you consider a different firewall. That doesn't necessarily mean that this info is being summarized, but a decent shell or perl script could be written to parse it out any way you'd like. If, instead, this traffic isn't going via a single machine, you're only going to be able to get specific information on a machine-by-machine basis, assuming such logs are kept. Sendmail can be configured to log everything to the syslog, but I don't think the sgi version did by default. (I compiled the real one so fast I never had a chance to see.) If the latter is the case, most likely your router can give you some overall information broken down by protocol (show interface on a Cisco) but might not give you a per-machine breakdown. Bri -- Brian Hatch, bri@ifokr.org "Strange that if you cut off part of a Systems and Security Engineer chromosome, you get a boy, and if you Onsight, Inc http://www.avue.com/ cut off part of a boy you get a girl." From firewalls-owner Tue Nov 5 07:57:05 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA23084 for firewalls-outgoing; Tue, 5 Nov 1996 07:08:36 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA23065 for ; Tue, 5 Nov 1996 07:08:22 -0800 (PST) Received: (qmail 27635 invoked from smtpd); 5 Nov 1996 15:08:14 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 5 Nov 1996 15:08:14 -0000 Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id JAA04698; Tue, 5 Nov 1996 09:08:13 -0600 Received: by sonic.nmti.com; id AA06706; Tue, 5 Nov 1996 09:08:04 -0600 From: peter@baileynm.com (Peter da Silva) Message-Id: <9611051508.AA06706@sonic.nmti.com.nmti.com> Subject: Re: NCSA Certification To: kmeade@tcd.ie (Ken Meade) Date: Tue, 5 Nov 1996 09:08:04 -0600 (CST) Cc: Firewalls@GreatCircle.COM In-Reply-To: <199611051330.NAA11773@sun1.tcd.ie> from "Ken Meade" at Nov 5, 96 01:27:31 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Does anyone know if TIS firewall Toolkit has NCSA certification. 1. No. 2. How could it? It's just a set of tools for building a firewall. 3. Why do you care? 4. There is no point 4. From firewalls-owner Tue Nov 5 08:03:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA24417 for firewalls-outgoing; Tue, 5 Nov 1996 07:34:47 -0800 (PST) Received: from scooby.nswses.navy.mil (scooby.nswses.navy.mil [137.24.10.19]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA24197 for ; Tue, 5 Nov 1996 07:32:19 -0800 (PST) From: Murray_Mia@SDMIS.NSWSES.NAVY.MIL Received: from SDMIS.NSWSES.NAVY.MIL by scooby.nswses.navy.mil with SMTP (1.37.109.16/16.2) id AA299827434; Tue, 5 Nov 1996 07:23:54 -0800 Received: from ccMail by SDMIS.NSWSES.NAVY.MIL (SMTPLINK V2.11 PreRelease 4) id AA847208028; Tue, 05 Nov 96 07:35:07 PST Date: Tue, 05 Nov 96 07:35:07 PST Message-Id: <9610058472.AA847208028@SDMIS.NSWSES.NAVY.MIL> To: firewalls@greatcircle.com Subject: Testing... Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Our mail server is experiencing intermittent inbound delivery problems. I am sending this message out as a test. Please reply if you receive this. Ellison_Suzi@sdmis.nswses.navy.mil has not received any email from firewalls since 10/30/96. She has asked that I send this test message. Thanks. Mia :) 619.553.6120 From firewalls-owner Tue Nov 5 08:05:49 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA20039 for firewalls-outgoing; Tue, 5 Nov 1996 06:27:45 -0800 (PST) Received: from relay5.UU.NET (relay5.UU.NET [192.48.96.15]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA19998 for ; Tue, 5 Nov 1996 06:27:30 -0800 (PST) Received: from gatekeep.namsa.nato.int by relay5.UU.NET with ESMTP (peer crosschecked as: gatekeep.namsa.nato.int [147.36.199.6]) id QQbonh01974; Tue, 5 Nov 1996 09:27:18 -0500 (EST) Received: by gatekeep.namsa.nato.int with ESMTP (1.37.109.16/16.2) id AA088979876; Tue, 5 Nov 1996 14:17:57 +0100 Received: from mailhub@namsa.nato.int with ESMTP (1.37.109.16/16.2) id AA231029890; Tue, 5 Nov 1996 14:18:10 +0100 Message-Id: <327F3E91.4CD0@aows0.namsa.lu> Date: Tue, 05 Nov 1996 14:18:09 +0100 From: GUINET Thierry X-Mailer: Mozilla 2.0 (X11; I; HP-UX A.09.05 9000/735) Mime-Version: 1.0 To: Bernd Eckenfels Cc: Firewalls@GreatCircle.COM Subject: Re: Spoofing... How does it work. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Bernd Eckenfels wrote: > > Hi, > > > I beg your pardon, but although the *possibilities* are in a range of > > 2^32, > > by measuring the roundtriptime and sniffing the packets coming from your > > "victim" you should be able to guess the sequence number in a > > *reasonable* > > amount of time. > > Umm... how can you guess the ISN by measuring the RTT? And of course you > can't sniff the Packet from your victim (you dont need to measure anything if > you can sniff the packet, since the ISN is written clear in it). > > If you can sniff the packet it was directed to you anyway. It is possible to > sniff the Packet if you are on the same Lan or on the Upstream Link, but > this is usually not the case for attackers. (The local LAN should be secured > and the Upstream Links trusted, at least as long as you use insecure > authentication which relies on the Source-IP). > > Greetings > Bernd Ok, as told before, this was an uttermost simplified explanation. In fact you don't even have to "snif" the packets. Just send a bunch of TCP packets to your 'victim' (SMTP, echo, daytime,chargen,... you name it) and you'll certainly find one that fit your needs. By this means, having all the ISNs and RTTs needed, and doing some calculation (knowing that the ISN is incremented by a constant amount once per second, and by half the amount each time a connection is initiated [Berkeley derived systems]), you'll be able to guess the sequence number of your victim. (And yes, I still know my explanation is over simplified :-) For the "in-depth" explanation please refer to: - A weakness in the 4.2 BSD Unix TCP/IP Software (R. Morris 1985) - Security problems in the TCP/IP protocol suite (S. Bellovin 1989) End of the thread... (on my side ;-) Cheers, Thierry -- Thierry Guinet Systems & Network programmer, Namsa Luxembourg T.Guinet@namsa.nato.int From firewalls-owner Tue Nov 5 08:18:12 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA24849 for firewalls-outgoing; Tue, 5 Nov 1996 07:42:01 -0800 (PST) Received: from GWSMTP.NU.COM (nu-mgtber-1.nu.com [159.108.29.33]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA24804; Tue, 5 Nov 1996 07:41:36 -0800 (PST) Received: from NU-Message_Server by GWSMTP.NU.COM with Novell_GroupWise; Tue, 05 Nov 1996 10:40:16 -0500 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Tue, 05 Nov 1996 10:39:35 -0500 From: "JEFFREY P. BALLACHINO" To: firewalls-digest@GreatCircle.COM, majordomo@GreatCircle.COM Subject: Firewall-1 exteranl.if file Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anyone have any information on FW-1's "/opt/SUNWfw/external.if" file? I have Firewall-1 Light Internet Security (v2.0) and after replacing a PTI SBS600 fddi board on my external interface with a Cisco fddi board, I have been receiving the following console error message: FW-1: too many internal hosts detected .... contact your Firewall-1 reseller. I edited the external.if file appropriately for the Cisco interface name. The interface name (fddi0) is the only thing in the file. Is this correct? Any suggestions would be appreciated. An explanation of how many hosts (internal,external) are supported by FW-1 Light would also help if anyone knows. jeff ballachino From firewalls-owner Tue Nov 5 09:19:29 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA23996 for firewalls-outgoing; Tue, 5 Nov 1996 07:28:04 -0800 (PST) Received: from wr.wstnres.com (WR.WSTNRES.COM [138.230.48.18]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA23985 for ; Tue, 5 Nov 1996 07:27:56 -0800 (PST) Received: from wr.wstnres.com (daemon@localhost) by wr.wstnres.com (8.7.2/8.7.2) with ESMTP id JAA27519 for ; Tue, 5 Nov 1996 09:30:11 -0600 (CST) Received: from cc.wstnres.com (cc.wstnres.com [138.230.208.2]) by wr.wstnres.com (8.7.2/8.7.2) with SMTP id JAA27511 for ; Tue, 5 Nov 1996 09:30:10 -0600 (CST) Received: from ccMail by cc.wstnres.com (SMTPLINK V2.11.01) id AA847214862; Tue, 05 Nov 96 09:26:24 CST Date: Tue, 05 Nov 96 09:26:24 CST From: "Dick Mosher" Message-Id: <9610058472.AA847214862@cc.wstnres.com> To: firewalls@GreatCircle.COM Subject: CERT Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >------------------------------ > >Date: Mon, 04 Nov 96 11:27:00 CST >From: Craig McLellan >Subject: CERT statistics > >Does anyone know how I might get up to date CERT reporting >statistics. > Specifically I am looking for 1996 information. > >RGRDS....clm > >------------------------------ Check ftp://info.cert.org/pub/cert_summaries/ Dick From firewalls-owner Tue Nov 5 09:21:28 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA21862 for firewalls-outgoing; Tue, 5 Nov 1996 06:47:31 -0800 (PST) Received: from cypress.cycon.com (cypress.CYCON.COM [204.5.16.32]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA21785 for ; Tue, 5 Nov 1996 06:47:08 -0800 (PST) Received: from localhost (carlson@localhost) by cypress.cycon.com (8.7.5/8.7.3) with SMTP id KAA09643; Tue, 5 Nov 1996 10:01:04 -0500 Date: Tue, 5 Nov 1996 10:01:02 -0500 (EST) From: Chris Carlson To: "2LT Jeffery J. Lowder, 333-4615" cc: Firewalls@GreatCircle.COM Subject: re:Security Risks with Real Audio? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 4 Nov 1996, 2LT Jeffery J. Lowder, 333-4615 wrote: > One of the users in my organization would like to be able to use Real > Audio. I'm wondering if one or more of you on the list would be willing > to share your thoughts on the security risks of allowing real audio > through a firewall. > It depends on your security policies. Normally, RealAudio uses UDP for its transmissions (well, TCP then UDP). And SOP for firewall admins is to block all UDP ports. So, there is a security risk in that you must open UDP ports for RealAudio to transmit. And UDP ports are a common avenue of exploitation by hackers, crackers, etc. There's a few ways you can overcome this: 1) Use RealAudio's TCP only service (but I heard it's not as good) 2) Use RealAudio's proxy for firewalls 3) Get a firewall that supports UDP-based RealAudio Note that RealAudio is only one of many emerging multimedia applications that use UDP and dynamically assigned channels to transmit data. Other cool apps (but a pain for firewalls) are: Vosaic, VDOLive, VXTreme, and even Microsoft's NetShow and NetMeeting, and Netscape's CoolTalk. ** plug - plug ** The next release of our firewall, the CYCON Labyrinth firewall, scheduled for January, 1997, will use "plug-in" technology to support secure multimedia transmissions. We're working with these vendors so we know where in their protocol stream to find the dynamic UDP ports they'll be using. This way, the CYCON Labyrinth firewall is able to dynamically open UDP ports for any expected replies of authorized connections. We'll be able to support the above mentioned multimedia technologies, and new technologies will be supported by downloading the plug-ins from our web page. The current version of the CYCON Labyrinth firewall supports native UDP-based RealAudio, even with full bi-directional network address translation (source and destination address rewriting). Visit our web site for more information (http://www.cycon.com). ** end plug - end plug ** Chris -- --------------------------------------------------------------------- Chris Carlson http://www.cycon.com CYCON Technologies info@cycon.com carlson@cycon.com (703) 256-1279 CYCON Labyrinth Firewall - Stateful Inspection & Address Translation --------------------------------------------------------------------- From firewalls-owner Tue Nov 5 09:33:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA28729 for firewalls-outgoing; Tue, 5 Nov 1996 08:45:08 -0800 (PST) Received: from cet.cet.com (cet.cet.com [206.96.91.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA28691 for ; Tue, 5 Nov 1996 08:44:50 -0800 (PST) Received: from cet.cet.com (roberth@cet.cet.com [206.96.91.1]) by cet.cet.com (8.6.12/8.6.12) with SMTP id IAA03948 for ; Tue, 5 Nov 1996 08:44:43 -0800 Date: Tue, 5 Nov 1996 08:44:43 -0800 (PST) From: Robert Hanson To: firewalls@greatcircle.com Subject: packet reassembly at destination Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk where does one look to find buffer size control for frag packet reassembly at destination for allow/deny based up on the packet size for routers like cisco or computers with unicies or other opsys like nt as operating systems or with integrated firewall packages in said opsys's tia ---> Robert H. Hanson Cutting Edge Communications, Inc. Otis Orchards, Wa. Regional Commercial Internet Service Provider (509) 927-9541 email: roberth@cet.com - http://www.cet.com/ From firewalls-owner Tue Nov 5 09:48:45 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA28879 for firewalls-outgoing; Tue, 5 Nov 1996 08:47:05 -0800 (PST) Received: from gauntlet-1.trusted.com (gauntlet-1.trusted.com [204.254.155.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA28845 for ; Tue, 5 Nov 1996 08:46:39 -0800 (PST) Received: by gauntlet-1.trusted.com; id LAA22277; Tue, 5 Nov 1996 11:53:29 -0500 Received: from dira.rv.tis.com(10.0.1.43) by gauntlet-1.trusted.com via smap (V3.1.1) id xma022268; Tue, 5 Nov 96 11:53:00 -0500 Received: from unit65.trusted.com (dyn189.trusted.com [10.0.1.189]) by dira.rv.tis.com (8.7.4/8.7.3) with SMTP id LAA16579; Tue, 5 Nov 1996 11:42:53 -0500 (EST) Message-Id: <2.2.32.19961105164528.006f1e8c@pop.trusted.com> X-Sender: avolio@pop.trusted.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 05 Nov 1996 11:45:28 -0500 To: "Ken Meade" , From: Frederick M Avolio Subject: Re: NCSA Certification Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The FWTK is not a commercial product. We do not intend to submit it for certification. It, alone, would not pass certification anyway. Kernel mods, etc. are needed to make it a complete firewall. Our web page has a comparison. (in http://www.tis.com/docs/products/gauntlet/gauntletfaq.html ) Fred At 01:27 PM 11/5/96 -0000, Ken Meade wrote: >Does anyone know if TIS firewall Toolkit has NCSA certification. The >vendors claim it mother/sister product Gauntlet has which is okay, but does >the Toolkit > >>???? > >Ken M. > > From firewalls-owner Tue Nov 5 10:16:14 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA28793 for firewalls-outgoing; Tue, 5 Nov 1996 08:46:06 -0800 (PST) Received: from reflections.mindspring.com (reflections.mindspring.com [204.180.142.192]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA28780 for ; Tue, 5 Nov 1996 08:45:46 -0800 (PST) Received: (from lists@localhost) by reflections.mindspring.com (8.7.1/8.7.1) id LAA04027; Tue, 5 Nov 1996 11:44:37 -0500 Date: Tue, 5 Nov 1996 11:44:36 -0500 (EST) From: Todd Graham Lewis To: Rajeev Kumar cc: Firewalls@GreatCircle.COM Subject: Re: Network Statistics In-Reply-To: <9611050959.ZM609@rxk.India.Fluent.COM> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 5 Nov 1996, Rajeev Kumar wrote: > Hi all: > Can anybody suggest some freeware/product suite on collecting Network > statistics like number of mails transacted, No of bytes transfer under > TCP/UDP and so on. If your machines have SNMP stacks (as all real machines should), then you could use SNMPerl and/or tkined to come up with a simple monitoring system. > I would like to run that suite from my desktop (SGI/Indy) for all > network of 10 other workstations, HUB and Router. The routers almost definitely should be snmp monitorable. As for the workstations, Digital Unix and AIX come with minimal SNMP stacks, and Linux comes with a very good derrivative of the CMU stack. There is one for FreeBSD also, done at UC-Davis. For other boxes, you'll probably have to buy them. Good luck. __ Todd Graham Lewis Linux! Core Engineering Mindspring Enterprises tlewis@mindspring.com (800) 719 4664, x2804 From firewalls-owner Tue Nov 5 10:20:04 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA01364 for firewalls-outgoing; Tue, 5 Nov 1996 09:11:01 -0800 (PST) Received: from lbl.gov (lbl.gov [128.3.254.23]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA01331 for ; Tue, 5 Nov 1996 09:10:45 -0800 (PST) Received: from voro.lbl.gov by lbl.gov (SMI-8.6/SMI-SVR4) id JAA29610; Tue, 5 Nov 1996 09:10:12 -0800 Received: from voro by voro.lbl.gov (SMI-8.6/SMI-SVR4) id JAA10206; Tue, 5 Nov 1996 09:10:15 -0800 Message-Id: <199611051710.JAA10206@voro.lbl.gov> To: jrs@hnv.com (Jeff R. Seul) cc: firewalls@greatcircle.com Subject: Re: Oracle Firewall strategy white paper In-reply-to: Your message of "Tue, 05 Nov 1996 08:28:02 CST." Date: Tue, 05 Nov 1996 09:10:15 -0800 From: Mark Dedlow Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > From: jrs@hnv.com (Jeff R. Seul) > > I've been doing some research about using sql*net to communicate > with Oracle 7.2 (or later) databases on differing sides of a > firewall. > > After reading some reports by Oracle and various firewall vendors, > I've discovered that there exists an Oracle Firewall Strategy white paper > that outlines support for a sql*net applications proxy, allowing > sql*net traffic to pass through an otherwise blocked socket. > > The problem is that I've been unable to locate this white paper. > > Has anyone out there seen a document that seems to fit this description? > > Jeffrey Seul > jrs@hnv.com There's Oracle White Paper "SQL*Net and Firewalls", October 1995. Part #C10451 Mark From firewalls-owner Tue Nov 5 10:21:59 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA01159 for firewalls-outgoing; Tue, 5 Nov 1996 09:08:42 -0800 (PST) Received: from fw2.firstdata.com (fw2.firstdata.com [204.254.78.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id JAA01126 for ; Tue, 5 Nov 1996 09:08:26 -0800 (PST) Received: by fw2.firstdata.com; id JAA04868; Tue, 5 Nov 1996 09:08:26 -0800 (PST) Received: from poppy.firstdata.com(10.1.3.34) by fw2.firstdata.com via smap (3.2) id xma004864; Tue, 5 Nov 96 09:08:23 -0800 Received: from gandalf.firstdata.com (dhcp034.firstdata.com [10.1.3.177]) by poppy.firstdata.com (8.8.2/8.7.3) with SMTP id JAA19927; Tue, 5 Nov 1996 09:08:18 -0800 (PST) Message-Id: <3.0.32.19961105090510.009ee0d4@popgw.firstdata.com> X-Sender: kketell@popgw.firstdata.com X-Mailer: Windows Eudora Pro Version 3.0 Demo (32) Date: Tue, 05 Nov 1996 09:08:17 -0800 To: "Ken Meade" From: Kent Ketell Subject: Re: Firewall selection! Cc: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 12:55 PM 11/5/96 -0000, Ken Meade wrote: >Many thanks for all the help you guys posted re: questions to vendors of >Firewalls. >Now I have it down to 2 products: > > TIS Firewall Toolkit > TIS Gauntlet > >We found Firewall-1 to be the best product but the support needed a lot to >be desired. >Since this needs to be up and running at the end of November we can't look >to another provider of Firewall-1 as to much research has been done to this >point. > >Anyone any pros and cons for above firewalls and any bad/good experiences. >Any suggestions as to why one and not the other. > Having used both FWTK and Gauntlet, I'd say "go with Gauntlet". Both come with source, so if you want to hack at it you can. Gauntlet has a bunch of really nice features that are not available in the FWTK; Transparent FTP and Telnet outbound. Real Audio proxy. POP Mail proxy. Better reporting. Remote configuration. VPNs. The list goes on... Just my $.02 -- All opinions either expressed or implied in the above noise are strictly my own. -Kent- From firewalls-owner Tue Nov 5 10:24:03 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA04111 for firewalls-outgoing; Tue, 5 Nov 1996 09:34:31 -0800 (PST) Received: from sapa.inka.de (sapa.inka.de [193.197.84.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA04040 for ; Tue, 5 Nov 1996 09:33:54 -0800 (PST) Received: from uu.inka.de (root@[193.197.84.8]) by sapa.inka.de with smtp (S3.1.29.1) id ; Tue, 5 Nov 96 18:27 MET Received: from lina (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Tue, 5 Nov 96 18:27 MET Received: by lina id m0vKpGy-0004ipC (Debian /\oo/\ Smail3.1.29.1 #29.37); Tue, 5 Nov 96 18:26 MET Message-Id: From: lists@lina.inka.de (Bernd Eckenfels) Subject: Re: Spoofing... How does it work. To: firewalls@greatcircle.com Date: Tue, 5 Nov 1996 18:26:46 +0100 (MET) In-Reply-To: from "Robert Hanson" at Nov 5, 96 08:27:45 am X-Mailer: ELM [version 2.4 PL25 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, > how is that implemented? faq? doc? Source :) ... /* * TCP initial sequence number picking. This uses the random number * generator to pick an initial secret value. This value is hashed * along with the TCP endpoint information to provide a unique * starting point for each pair of TCP endpoints. This defeats * attacks which rely on guessing the initial TCP sequence number. * This algorithm was suggested by Steve Bellovin. */ __u32 secure_tcp_sequence_number(__u32 saddr, __u32 daddr, __u16 sport, __u16 dport) ... Linux has a /dev/random, which access an special entropy pool in the kernel. Its a list of bytes which are greated by measuring interrupts, mouse and keyboard events and should be real random. This random data is used together with the socket data. Additionally it's using a 1MHz Clock (opposed to the recommended 250kHz from RFC793. I looked in the Source, Linux can be configured to use eighter SHA or MD4 Hashing of those values. Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de -- ( .. ) ecki@{lina.inka.de,linux.de} http://home.pages.de/~eckes/ o--o *plush* 2048/A2C51749 eckes@irc +4972573817 *plush* (O____O) If privacy is outlawed only Outlaws have privacy From firewalls-owner Tue Nov 5 13:45:44 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA23872 for firewalls-outgoing; Tue, 5 Nov 1996 12:56:54 -0800 (PST) Received: from actcom.co.il (actcom.co.il [192.114.47.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA23843 for ; Tue, 5 Nov 1996 12:56:26 -0800 (PST) Received: from localhost by actcom.co.il with SMTP (8.7.6/actcom-0.1) id WAA26696; Tue, 5 Nov 1996 22:57:12 +0200 (EET) (rfc931-sender: hayam@localhost) Date: Tue, 5 Nov 1996 22:57:12 +0200 (EET) From: Avraham Hayam To: Craig McLellan cc: firewalls Subject: Re: CERT statistics In-Reply-To: <327E27AB@mnbp.network.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Send you request to CERT. Avraham Hayam On Mon, 4 Nov 1996, Craig McLellan wrote: > > Does anyone know how I might get up to date CERT reporting statistics. > Specifically I am looking for 1996 information. > > RGRDS....clm > From firewalls-owner Tue Nov 5 13:52:33 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA10085 for firewalls-outgoing; Tue, 5 Nov 1996 10:55:46 -0800 (PST) Received: from ns.rc.on.ca ([207.176.151.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA10075 for ; Tue, 5 Nov 1996 10:55:36 -0800 (PST) Received: by ns with IMAIL 2.0 id <01BBCB20.CAC12C30@ns>; Tue, 5 Nov 1996 13:53:58 -0500 Message-ID: <2191B2309F33D0118F7000A02458D19C000000005CF9@ns> From: Russ To: "'Firewalls Mailing List'" Subject: NT Service programmer wanted Date: Tue, 5 Nov 1996 13:53:56 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I would like to speak to any NT Service programmers who might be interested in developing a product idea I have. The product would address a need in the security community. If you've written an NT Service (not something that "could" be run by Srvany.exe), and can show me an example of what you've written (executable, not source code), I'd be interested in talking to you. Knowledge of NT's security APIs is a definite asset, but my emphasis is on solid Service programming technique. * All interested parties will be asked to sign a non-disclosure agreement personally, so if you are currently employed by a company as an NT programmer, you are not likely to be a candidate. I am prepared to compensate the person for a proto-type, although the amount would definitely not be realistic for the work involved, what I'm looking for is a partner to take my idea and translate it into code. I offer you my knowledge of potential customers, market need, usability, feature implementation, and systems analysis. * If you own a software company and are interested in entering the NT Security market, this product would probably be a good starting point. * Cheers, Russ R.C. Consulting, Inc. - NT/Internet Security Consulting mailto:Russ.Cooper@RC.on.ca <-- *note the new address* From firewalls-owner Tue Nov 5 15:30:27 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA01154 for firewalls-outgoing; Tue, 5 Nov 1996 14:27:37 -0800 (PST) Received: from tanger.etak.com (tanger.etak.com [198.6.248.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA01122 for ; Tue, 5 Nov 1996 14:27:16 -0800 (PST) Received: from etak.com by tanger.etak.com (8.7.2/Gateway-2.0) id OAA09335; Tue, 5 Nov 1996 14:24:59 -0800 (PST) Received: from victoria.etak.sw by etak.com (8.7.2/Mailhub-2.1) id OAA19188; Tue, 5 Nov 1996 14:26:41 -0800 (PST) Date: Tue, 5 Nov 1996 14:26:41 -0800 (PST) From: richard.perez@etak.com (Richard Perez) Message-Id: <199611052226.OAA19188@etak.com> To: firewalls@greatcircle.com Subject: firewall product comments Cc: perez@etak.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Product users, I was looking for firewalls on the NCSA web page and saw privatenet from NEC and was wondering if anyone on the list has an opinion on whether this is a good firewall? We don't have a lot of money to spend so the $4000 price looks attractive to us. Thanks, Rich From firewalls-owner Tue Nov 5 16:00:12 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA04195 for firewalls-outgoing; Tue, 5 Nov 1996 15:16:16 -0800 (PST) Received: from m-net.arbornet.org (dns.arbornet.org [206.84.193.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id PAA04187 for ; Tue, 5 Nov 1996 15:16:01 -0800 (PST) Received: from localhost (bbgun@localhost) by m-net.arbornet.org (8.8.2/8.7.3) with SMTP id SAA04270 for ; Tue, 5 Nov 1996 18:18:06 -0500 (EST) Date: Tue, 5 Nov 1996 18:18:06 -0500 (EST) From: brad bumshed To: firewalls@greatcircle.com Subject: NCSA Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I would like more info on NCSA like address to write or site to access. thanks. brad From firewalls-owner Tue Nov 5 16:26:13 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA07873 for firewalls-outgoing; Tue, 5 Nov 1996 16:05:58 -0800 (PST) Received: from dfw-ix12.ix.netcom.com (dfw-ix12.ix.netcom.com [206.214.98.12]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id QAA07811 for ; Tue, 5 Nov 1996 16:05:31 -0800 (PST) Received: from tbudar.ix.netcom.com (lbx-ca10-09.ix.netcom.com [204.31.251.137]) by dfw-ix12.ix.netcom.com (8.6.13/8.6.12) with SMTP id QAA25566 for ; Tue, 5 Nov 1996 16:05:31 -0800 Message-ID: <327FD5F5.4D89@ix.netcom.com> Date: Tue, 05 Nov 1996 16:04:05 -0800 From: Tom Budar X-Mailer: Mozilla 3.0 (Win95; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Removal from the list Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk What is the email address and command string to drop off of this list? Thanks. Tom Budar From firewalls-owner Tue Nov 5 16:43:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA01027 for firewalls-outgoing; Tue, 5 Nov 1996 14:25:28 -0800 (PST) Received: from sunmail.vtx.net (mail.vtx.ch [194.51.92.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA00975 for ; Tue, 5 Nov 1996 14:24:50 -0800 (PST) Received: from tla03 ([194.191.78.3]) by sunmail.vtx.net (Netscape Mail Server v1.1) with SMTP id AAA9342; Tue, 5 Nov 1996 23:23:04 +0200 Message-ID: <327F9302.7B5B@tla.ch> Date: Tue, 05 Nov 1996 20:18:26 +0100 From: Christian ALT X-Mailer: Mozilla 2.01Gold (WinNT; I) MIME-Version: 1.0 To: Ken Kempster , firewalls@greatcircle.com CC: Bruno Raoult , Brian B Mitchell Subject: Re: Reuters 3000 Issues References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Ken Kempster wrote: > > On Tue, 5 Nov 1996, Bruno Raoult wrote: > > > Hi, > > > > On 1 Nov 1996, Brian B Mitchell wrote: > > > Hi Everyone, > > > (Bruno, we have had this discussion) > > > > > > Products > > > 1. Reuter 3000 Fixed Income Requires UDP Port 256/257 and port 31010 over tcp > > > 2. Reuters Newyear 2000 Requires UDP Port 7091 > > > 3. Reuters Business Breifing Uses only TCP port 9451 over tcp > > > 4. Reuter Web (see Reuter Mail) > > > 5. Reuter Mail Requires UDP 1024-65535 > > > 6. Reuter 3000 Equities Uses only TCP port 5100 > > > 7. Reuter Broker Research Uses Netbios Encapsulated with TCP > > > General > > > 8. Any product requiring Reuter Login (Fixed Income, Web, Mail,) must use UDP > > > Port 256/257 used for authentication > > > 9. All products require UDP/53(DNS) & UDP/520 (RIP) > > Where are you getting this UDP info from? I have been told > that the only UDP traffic is from the NewsYear 2000 service > and the initial logins. > > This info. comes from the head of Reuters Marketing. > > > > > > > > Ok. Looking at this list, you are surely not intested in TCP traffic. > > I think it is a problem, as the address translation system cannot permit > > to know which is the real Reuters host sending packets. > > > > > In the Reuter documents there is further reference to Reuters Treasury 3000, > > > Reuters Securities 3000 and Reuters Messaging Products. Does anyone have > > > knowledge of these ?. > > I think that: > > Reuters security 3000 = Security 2000 (triarch) + Reuters Mail + > > Reuters 3000 Equities > > Reuters Treasury 3000 = Treasury 2000 (?) + Reuters Mail + > > Reuters 3000 Fixed Income > > > > I do not know about messaging products. > > > > >I am trying to establish how much concern there currently is, within the Market > > >Data User community surrounding this suite of products. > > > > > >Reuters, needless to say, have a very bullish approach, in that they say that > > >market demand will overide the security concerns. For those of us charged with > > >securing our networks, I certainly feel that this should not be the approach to > > >take however, pressure from the business and the business users will surely > > >grow. > > > > > >In order to address this issue, and to push back on Reuters, I would appreciate > > >any comments or input you may have surrounding these issues. Furthermore, as > > >the increased need for TCP/IP connectivity grows, this is only the tip of the > > >iceberg. Guaranteed, Telerate, Knight Ridder, Bloomberg will follow suite very > > >soon. > > > > > > > Bye. > > > > > > \|||/ > > (. .) > > +-------------ooO-(_)-Ooo------------------------------------------------+ > > | Bruno RAOULT - Chess, tonight? | > > | | > > | Tel. (33-1) 42.13.45.19 Fax: (33-1) 42.13.69.66 | > > | Kobby. (33-1) 51.01.20.71 e-mail: br@ota.societe-generale.fr | > > +------------------------------------------------------------------------+ > > || || > > ooO Ooo > > > > > > > > ---------------------------- > Ken Kempster > Republic National Bank > kempster@monarch.rnb.com > ---------------------------- I thought that this discussion was interesting to many people on the list, and do forward it. If we go further in the Reuters services, you will see that they use Address translation for their network. That is to say that the session server is connected to your network with an address belonging to your network. The real server that yoou will connect to are on a network type 172.16.x.y.The session server is performing a routing function. For load balancing purposes they are unable to tell you what is the ip address used by the servers.Then I had to allow the complet class 172.16.0.0 be routed through our network for the corresponding services. That is to say that I could not apply any restriction on the source address. After a certain time of use we should be able to restrict those addresses to the one we see in use. -- Christian ALT E-mail: calt@tla.ch Telecom and Logistics Associates phone & fax : +41 22 328 14 88 10, Rue des Savoises, CH-1205 Geneva http://www.tla.ch From firewalls-owner Tue Nov 5 17:04:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA08658 for firewalls-outgoing; Tue, 5 Nov 1996 16:18:51 -0800 (PST) Received: from manukau.govt.nz ([202.14.82.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id QAA08583 for ; Tue, 5 Nov 1996 16:17:50 -0800 (PST) Received: by kotuku.manukau.govt.nz id <35715>; Wed, 6 Nov 1996 13:56:50 +1300 From: mthomps1@kiwitech.co.nz (Matthew Thompson) To: firewalls@GreatCircle.COM Newsgroups: microsoft.public.catapult.beta,comp.security.firewalls Subject: MS Proxy server bugs Date: Wed, 6 Nov 1996 13:14:50 +1300 Message-Id: <96Nov6.135650nzdt.35715@kotuku.manukau.govt.nz> X-Mailer: Forte Free Agent 1.1/32.230 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've found some problems with MS Proxy Server, wondering if anyone knows any fixes: Problem 1: Using user authentication with the (beta3 and release) catapult PROXY service (not RWS), when a user authenticates to the proxy, first time it prompts for a username/password pair. When that user closes the browser and another user logs in on the same PC, and gets prompted for and supplies a different username/password pair, However Cataput still uses the name of the first (theoretically logged out) user, both in the active sessions display and the log files. This has implications of course, as you can now not rely on the fact that catapult logs correctly reflect the traffic/usage/sites visited by a user are correct. A user can easily use a PC, log off, then another user comes along, logs in and all their traffic ends up logged against the first user. This has implications if you are (1) trying to account traffic to users (2) trying to prove violations of usage (ie www.playboy.com) We've tested with netscape2.0, netscape 2.01, ie3.01 so are sure it's not a browser problem. Problem 2: When a user's NT password is changed, and becomes immediately invalid as an NT login, Catapult still allows use of that password for up to 1/2 an hour. (our cataput server is in a separate domain which trusts the main account domain). Problem 3: When a browser connects to the Catapult PROXY service (not RWS), though the client is doing passive FTP, the Catapult server chooses to fetch the file using normal mode FTP, which means it fails going out through a firewall which will not let through normal mode ftp transfers. (where the browser on it's own would succeed) Any known fix for this, a way to force Catapult PROXY service to use passive mode FTP? ------------------------------------------------------------ Kiwitech Marine Solutions Ltd. RaceTech, SailTech, PowerTech, Marine Software & Hardware. Web: http://www.kiwitech.co.nz, Email: mthomps1@kiwitech.co.nz Phone: 64-9-307-0819 Fax:64-9-307-6685 Mobile:64-21-998-600 PO Box 5909, Wellesley Street, Auckland, New Zealand From firewalls-owner Tue Nov 5 17:22:00 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA09686 for firewalls-outgoing; Tue, 5 Nov 1996 16:32:23 -0800 (PST) Received: from archimedes.inoc.sj.nec.com (archimedes.inoc.sj.nec.com [131.241.31.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id QAA09359 for ; Tue, 5 Nov 1996 16:31:13 -0800 (PST) Received: by inoc.sj.nec.com (8.7.3/YDL1.7-930126.17) id QAA16710(archimedes.inoc.sj.nec.com); Tue, 5 Nov 1996 16:32:32 -0800 (PST) Received: by sj.nec.com (8.7.3/YDL1.7-940623.1) id QAA12725(netkeeper.sj.nec.com); Tue, 5 Nov 1996 16:32:31 -0800 (PST) Received: (from smtp@localhost) by firenode2.ibu.sj.nec.com (8.7.5/8.7.3) id QAA02034; Tue, 5 Nov 1996 16:27:44 -0800 (PST) Received: from vegas.ibu.sj.nec.com (vegas.ibu.sj.nec.com [131.241.70.2]) by firenode2.ibu.sj.nec.com id rfQAA01991; Tue Nov 5 16:24:16 1996 Received: by vegas.ibu.sj.nec.com (8.6.9/YDL1.9-9507101400) id QAA16684(vegas.ibu.sj.nec.com); Tue, 5 Nov 1996 16:26:12 -0800 From: sazah@ibu.sj.nec.com (Sunny Azah) Message-Id: <199611060026.QAA16684@vegas.ibu.sj.nec.com> Subject: Re: firewall product comments To: richard.perez@etak.com (Richard Perez) Date: Tue, 5 Nov 1996 16:26:12 -0800 (PST) Cc: firewalls@GreatCircle.COM, perez@etak.com In-Reply-To: <199611052226.OAA19188@etak.com> from "Richard Perez" at Nov 5, 96 02:26:41 pm X-Mailer: ELM [version 2.4 PL23beta] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Richard, What would you like to know? Please feel free to call or e-mail any questions you might have at the address shown below. > > Product users, > > I was looking for firewalls on the NCSA web page and saw > privatenet from NEC and was wondering if anyone on the list > has an opinion on whether this is a good firewall? > > We don't have a lot of money to spend so the $4000 price > looks attractive to us. > > Thanks, > Rich > -- Regards, -------------------------------------------------------------------------- Sunny Azah - sazah@ibu.sj.nec.com Internet Business Unit, Home of the PrivateNet NEC Technologies, Inc. 110 Rio Robles San Jose, CA 95134 Tel:(408) 433-2161 FAX:(408) 433-1230 http://www.privatenet.nec.com -------------------------------------------------------------------------- From firewalls-owner Tue Nov 5 17:34:55 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA02701 for firewalls-outgoing; Tue, 5 Nov 1996 14:57:43 -0800 (PST) Received: from citecuh.citec.qld.gov.au (citecuh.citec.qld.gov.au [203.5.10.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA02682 for ; Tue, 5 Nov 1996 14:57:27 -0800 (PST) Received: (from mail@localhost) by citecuh.citec.qld.gov.au (8.7.6/8.7.3) id IAA06946; Wed, 6 Nov 1996 08:57:21 +1000 (EST) Received: from guru.citec.qld.gov.au(147.132.20.47) by citecuh.citec.qld.gov.au via smap (V1.3) id /mail/incoming/sma006844; Wed Nov 6 08:56:09 1996 Received: (from sgcccdc@localhost) by guru.citec.qld.gov.au (8.6.12/8.6.12) id IAA00916; Wed, 6 Nov 1996 08:56:11 +1000 From: Colin Campbell Message-Id: <199611052256.IAA00916@guru.citec.qld.gov.au> Subject: Re: Firewall selection! To: kmeade@tcd.ie (Ken Meade) Date: Wed, 6 Nov 1996 08:56:10 +1000 (EST) Cc: firewalls@greatcircle.com In-Reply-To: <199611051257.MAA10038@sun1.tcd.ie> from "Ken Meade" at Nov 5, 96 12:55:11 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My mailer thinks Ken Meade said: > > Many thanks for all the help you guys posted re: questions to vendors of > Firewalls. > Now I have it down to 2 products: You have it slightly wrong here. The toolkit is not, in the true sense, a product. To compare the two, it's like buying a house: With the toolkit you get a pile of prefabricated wall frames and roof trusses and are expected to assemble it yourself. The instructions are very basic but there are lots of neighbours who can help you if you get stuck. If the roof leaks you can try and fix it yourself. Maybe your neighbours can help, too. Depends if their roof is leaking too. Otherwise you can move straight into the pre-built, customised to your requirements Gauntlet model. Every now and then the people from TIS will come over and give your house a makeover. Maybe they'll just paint it, maybe they'll make the walls thicker (particularly the firewalls :-). Sometimes they'll even add a room or two. Take your pick. Colin From firewalls-owner Tue Nov 5 17:59:15 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA15344 for firewalls-outgoing; Tue, 5 Nov 1996 17:38:28 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id RAA15321 for ; Tue, 5 Nov 1996 17:38:05 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.7.3/8.6.5) with SMTP id UAA01874 for ; Tue, 5 Nov 1996 20:38:07 -0500 (EST) Message-Id: <199611060138.UAA01874@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@greatcircle.com Date: Tue, 5 Nov 1996 20:37:48 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Spoofing - how does it work? X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk There's a complete description (but not a "how to") on http://www.clark.net/pub/mjr/pubs/attck/index.htm It also describes splicing, FTP bouncing, etc, etc. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From firewalls-owner Tue Nov 5 19:33:50 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA20463 for firewalls-outgoing; Tue, 5 Nov 1996 19:15:08 -0800 (PST) Received: from hcsnet1.hcsaust.com.au (hcsnet1.hcsaust.com.au [150.173.243.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id TAA20453; Tue, 5 Nov 1996 19:14:45 -0800 (PST) Received: (from mail@localhost) by hcsnet1.hcsaust.com.au (8.6.12/8.6.9) id NAA28645; Wed, 6 Nov 1996 13:14:28 +1100 Received: from admin.hcsaust.com.au(150.173.254.28) by hcsnet1.hcsaust.com.au via smap (V1.3) id sma028641; Wed Nov 6 13:14:22 1996 Received: from support.Hcsaust.com.au (support.hcsaust.com.au [150.173.253.61]) by admin.hcsaust.com.au (8.6.12/8.6.9) with SMTP id NAA24015; Wed, 6 Nov 1996 13:16:08 +1100 Posted-Date: Wed, 6 Nov 1996 13:16:08 +1100 Organization: HCS Australia X-HCS-Address: 680 Blackburn Road, Clayton VIC 3168, Australia X-HCS-Phone-Fax: Phone: + 61 3 9541-7500, Fax: + 61 3 9543-3396 Date: Wed, 6 Nov 1996 14:11:58 +1100 (EST) From: Matthew Curtain To: Firewalls@GreatCircle.COM cc: firewalls-digest@GreatCircle.COM Subject: Re: Firewalls-Digest V5 #602 In-Reply-To: <199611042058.MAA22388@miles.greatcircle.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi Im looking for a TACACS Server for Linux that will enable me to Authenticate users connecting via Cisco routers. Thanks in Advance Matt Matthew Curtain (Systems Engineer) matthewc@hcsaust.com.au HCS Australia Ph: 61 3 95417500 680 Blackburn Rd Fax: 61 3 95442258 Clayton Victoria 3168 Australia From firewalls-owner Tue Nov 5 21:04:11 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id UAA22992 for firewalls-outgoing; Tue, 5 Nov 1996 20:43:50 -0800 (PST) Received: from archimedes.inoc.sj.nec.com (archimedes.inoc.sj.nec.com [131.241.31.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id UAA22982 for ; Tue, 5 Nov 1996 20:43:37 -0800 (PST) Received: by inoc.sj.nec.com (8.7.3/YDL1.7-930126.17) id UAA00193(archimedes.inoc.sj.nec.com); Tue, 5 Nov 1996 20:45:08 -0800 (PST) Received: by nec-gw.nec.com (8.7.3/YDL1.7-911107.16) id UAA17715(nec-gw.nec.com); Tue, 5 Nov 1996 20:32:26 -0800 (PST) Received: (from smtp@localhost) by firenode2.ibu.sj.nec.com (8.7.5/8.7.3) id UAA03497; Tue, 5 Nov 1996 20:27:59 -0800 (PST) Received: from vegas.ibu.sj.nec.com (vegas.ibu.sj.nec.com [131.241.70.2]) by firenode2.ibu.sj.nec.com id rfUAA03448; Tue Nov 5 20:09:33 1996 Received: by vegas.ibu.sj.nec.com (8.6.9/YDL1.9-9507101400) id NAA07133(vegas.ibu.sj.nec.com); Mon, 4 Nov 1996 13:42:42 -0800 From: sazah@ibu.sj.nec.com (Sunny Azah) Message-Id: <199611042142.NAA07133@vegas.ibu.sj.nec.com> Subject: RE: Remote admin. on FW's To: genel@inforamp.net, genelee@vnet.ibm.com Date: Mon, 4 Nov 1996 13:42:42 -0800 (PST) Cc: kmeade@tcd.ie, Firewalls@GreatCircle.COM X-Mailer: ELM [version 2.4 PL23beta] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > From genel@inforamp.net Sat Nov 2 12:59:24 1996 > Message-ID: <01BBC8D5.EF021160@ts21-06.tor.iSTAR.ca> > From: Gene Lee > To: "kmeade@tcd.ie" , "'Sunny Azah'" > Cc: "Firewalls@GreatCircle.COM" > Subject: RE: Remote admin. on FW's > Date: Sat, 2 Nov 1996 15:52:54 -0500 > On Tuesday, October 29, 1996 1:29 PM, Sunny Azah[SMTP:sazah@ibu.sj.nec.com] wrote: > >Encryption based upon DES or 3-DES is sufficiently strong. > >The real questions are: > > > > 1) How good are the keys and how well are they created, > > protected, and managed? > > > > 2) How strong is the authentication and how well does it > > resist cracking and replay attacks? > > > > 3) Can it be spoofed (e.g. man in the middle attack)? > > > > 4) Is the risk associated with remote management worth > > the convenience? > > Also add in: > > 5) How secure is the remote management client? X11 attacks on a remote management GUI will defeat the strongest encryption. Good point. Howevever, the problem encompasses more than just X Windows security, but the total security of the administrative machine. There are a number of other potential weak points (e.g. NFS, poor passwords, crackable network services [.e.g. sendmail]). So, I agree with your point, but I would expand it to cover the total security of the administrative machine. > > -- > > Gene Lee > > genel@inforamp.net > > genelee@vnet.ibm.com -- Regards, -------------------------------------------------------------------------- Sunny Azah - sazah@ibu.sj.nec.com Internet Business Unit, Home of the PrivateNet NEC Technologies, Inc. 110 Rio Robles San Jose, CA 95134 Tel:(408) 433-2161 FAX:(408) 433-1230 http://www.privatenet.nec.com -------------------------------------------------------------------------- From firewalls-owner Tue Nov 5 23:51:40 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA06301 for firewalls-outgoing; Tue, 5 Nov 1996 23:32:44 -0800 (PST) Received: from mimos.my (mimos.my [192.228.128.18]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id XAA06176 for ; Tue, 5 Nov 1996 23:31:50 -0800 (PST) Received: from ms.mimos.my (ms.mimos.my [192.228.129.33]) by mimos.my (8.6.12/8.6.12) with SMTP id PAA23255 for ; Wed, 6 Nov 1996 15:31:44 +0800 Received: from teck.mimos.my by ms.mimos.my (5.64/7.0) id AA05890; Wed, 6 Nov 96 15:31:43 +0800 Message-Id: <9611060731.AA05890@ms.mimos.my> Comments: Authenticated sender is From: "Lee Hooi Teck" Organization: MIMOS To: firewalls@GREATCIRCLE.COM Date: Wed, 6 Nov 1996 15:35:42 +8000 Subject: Secure email package Reply-To: teck@mimos.MY X-Mailer: Pegasus Mail for Windows (v2.23) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi everybody, I'm looking for MUA that has either pgp or PEM build in. Can anyone or any party who have developed or known any of these software packages, pls email to me. Your help is very much appreciated. cheers, teck Lee Hooi Teck Research Manager Internet Technology MIMOS Malaysian Institute of Microelectronic Systems Malaysia From firewalls-owner Wed Nov 6 00:03:31 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA05300 for firewalls-outgoing; Tue, 5 Nov 1996 23:26:18 -0800 (PST) Received: from elaine35.Stanford.EDU (elaine35.Stanford.EDU [36.211.0.14]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id XAA05263 for ; Tue, 5 Nov 1996 23:25:57 -0800 (PST) Received: (from jkoum@localhost) by elaine35.Stanford.EDU (8.7.6/8.7.3) id XAA09632; Tue, 5 Nov 1996 23:25:44 -0800 (PST) Date: Tue, 5 Nov 1996 23:25:44 -0800 (PST) From: Jan Koum To: Colin Campbell cc: Ken Meade , firewalls@GreatCircle.COM Subject: Re: Firewall selection! In-Reply-To: <199611052256.IAA00916@guru.citec.qld.gov.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Colin Campbell wrote: > You have it slightly wrong here. The toolkit is not, in the true sense, a > product. To compare the two, it's like buying a house: > > With the toolkit you get a pile of prefabricated wall frames > and roof trusses and are expected to assemble it yourself. The > instructions are very basic but there are lots of neighbours > who can help you if you get stuck. If the roof leaks you can > try and fix it yourself. Maybe your neighbours can help, too. > Depends if their roof is leaking too. > > Otherwise you can move straight into the pre-built, customised > to your requirements Gauntlet model. Every now and then the > people from TIS will come over and give your house a makeover. > Maybe they'll just paint it, maybe they'll make the walls > thicker (particularly the firewalls :-). Sometimes they'll even > add a room or two. > > Take your pick. > > Colin > Following your analogy: I don't trust any one with keys to my house. Even those who built it. I better build one on my own and know all "ins and outs" in case of fire or other natural disasters. Also, what if it rains and roof leaks and people from TIS are not around? You better know where to look for that leak, or else it will be a lot of water... ;-) Take your pick. -- Yan From firewalls-owner Wed Nov 6 01:49:25 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA18002 for firewalls-outgoing; Wed, 6 Nov 1996 01:33:03 -0800 (PST) Received: from europa.lif.icnet.uk (europa.lif.icnet.uk [143.65.1.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA17919 for ; Wed, 6 Nov 1996 01:32:22 -0800 (PST) From: harley@icrf.icnet.uk Message-Id: <199611060932.BAA17919@miles.greatcircle.com> Received: by europa.lif.icnet.uk; Wed, 6 Nov 1996 09:27:44 GMT Subject: re: NCSA To: firewalls@greatcircle.com Date: Wed, 6 Nov 1996 09:27:44 +0000 (GMT) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > I would like more info on NCSA like address to write or site to > access. thanks. > brad > http://www.ncsa.com/ (would you believe?) -- David Harley \ | / alt.comp.virus FAQ D.Harley@icrf.icnet.uk \ | / & Anti-Virus Web Page Support & Security Analyst \ | / Folk London On-Line gig-list Imperial Cancer Research Fund ____\|/____ http://webworlds.co.uk/dharley/ From firewalls-owner Wed Nov 6 02:51:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id CAA20099 for firewalls-outgoing; Wed, 6 Nov 1996 02:36:53 -0800 (PST) Received: from smtpgate.saa-cons.co.uk (haddock.demon.co.uk [158.152.16.191]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id CAA20088 for ; Wed, 6 Nov 1996 02:36:38 -0800 (PST) Received: by smtpgate.saa-cons.co.uk (8.6.8.1/1.3-eef) id KAA18516; Wed, 6 Nov 1996 10:40:21 GMT Received: from haddock.saa-cons.co.uk(193.132.156.161) by amnesiac via smap (V1.3) id sma018514; Wed Nov 6 10:40:16 1996 Received: from localhost by haddock.saa-cons.co.uk (AIX 3.2/UCB 5.64/5.00) id AA30528; Wed, 6 Nov 1996 10:40:15 GMT Date: Wed, 6 Nov 1996 10:40:15 +0000 (GMT) From: Dave Roberts To: Firewalls Mailing List Subject: Hardening SunOS 4.1.4 Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Can someone point me in the right direction for a list of things to check for SunOS 4.1.4. I've searched archives, and the web and not turned up anything. I am configuring a number of hosts to be connected to the net for various tasks (ftpd, httpd, nntpd, smapd etc), and whilst I know somethings to fix, I defintately wouldn't know them all. Something like a list of permissions to be changed, patches to apply, files to remove etc. etc. TIA - Dave. Dave Roberts | "Surfing the Internet" is a sad term for sad people. Unix Systems Admin | Get a board, find a beach, surf some REAL waves and SAA Consultants Ltd | get a *real* life. Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=- From firewalls-owner Wed Nov 6 03:02:40 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA18018 for firewalls-outgoing; Wed, 6 Nov 1996 01:33:28 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA17968 for ; Wed, 6 Nov 1996 01:32:43 -0800 (PST) Received: by mycroft.GreatCircle.COM (8.6.10/SMI-4.1/Brent-960123) id BAA22616; Wed, 6 Nov 1996 01:32:37 -0800 Received: from unknown(194.73.98.253) by mycroft via smap (V1.3mjr) id sma022602; Wed Nov 6 01:31:34 1996 Received: by orac.newdur.ac.uk (951211.SGI.8.6.12.PATCH1042/951211.SGI.AUTO) for id JAA29628; Wed, 6 Nov 1996 09:22:43 GMT Message-Id: <199611060922.JAA29628@orac.newdur.ac.uk> Received: from derek.newdur.ac.uk(194.73.99.50) by orac via smap (3.1) id xma029623; Wed, 6 Nov 96 09:22:38 GMT Comments: Authenticated sender is From: "Derek Hutchinson" Organization: New College Durham To: firewalls@greatcircle.com Date: Wed, 6 Nov 1996 09:26:17 +0000 Subject: plug gateways in TIS Gauntlet Reply-to: derek.hutchinson@newdur.ac.uk X-mailer: Pegasus Mail for Windows (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, We have a TIS Gauntlet firewall running on an SGI Challenge. Following the instructions with the firewall I can create plug gateways to allow trusted hosts access through the firewall. Normally this works well, but I have tried to create a plug gateway to allow management of a Cisco CB900 ISDN router on the other side of the firewall using Cisco's connection manager. I created the plug gateway as normal, but the software cannot register the router. I have checked the port addresses with Cisco and they are 1500 and 1501 and the IP addresses are correct. Has anyone come across this before, or does anyone have any suggestions? The relevant lines from netperm-table are plug-gw: port 1501 194.73.99.50 -plug-to 194.73.98.252 -port 1501 plug-gw: port 1501 194.73.98.252 -plug-to 194.73.99.50 -port 1501 plug-gw: port 1500 194.73.99.50 -plug-to 194.73.98.252 -port 1500 plug-gw: port 1500 194.73.98.252 -plug-to 194.73.99.50 -port 1500 194.73.98.252 is the router and 194.73.99.50 is the management station. TIA Derek Hutchinson Operations Manager New College Durham tele 0191 3754000 fax 0191 3754222 From firewalls-owner Wed Nov 6 03:19:04 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id CAA20233 for firewalls-outgoing; Wed, 6 Nov 1996 02:40:18 -0800 (PST) Received: from diablo.ppp.de (diablo.ppp.de [193.141.101.34]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id CAA20212 for ; Wed, 6 Nov 1996 02:39:27 -0800 (PST) Received: from wmdhh by diablo.ppp.de with uucp (Smail3.1.28.1 #1) id m0vL5Ns-000Qq8C; Wed, 6 Nov 96 11:39 MET Received: from rs3.wmd.de by wmdhh with smtp (Smail3.1.26.7 #3) id m0vL5cr-0003wlC; Wed, 6 Nov 96 11:54 CET Received: by rs3.wmd.de (AIX 3.2/UCB 5.64/4.03.01) id AA23221; Wed, 6 Nov 1996 11:25:21 +0100 From: pauck@rs3.wmd.de (Marco Pauck) Message-Id: <9611061025.AA23221@rs3.wmd.de> Subject: Re: Oracle Firewall strategy white paper To: jrs@hnv.com (Jeff R. Seul) Date: Wed, 6 Nov 1996 11:25:19 +0100 (MEZ) Cc: firewalls@GreatCircle.COM, bruening@wmd.de In-Reply-To: from "Jeff R. Seul" at Nov 5, 96 08:28:02 am Reply-To: pauck@wmd.de X-Mailer: ELM [version 2.4 PL20] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > I've been doing some research about using sql*net to communicate > with Oracle 7.2 (or later) databases on differing sides of a > firewall. > > After reading some reports by Oracle and various firewall vendors, > I've discovered that there exists an Oracle Firewall Strategy white paper > that outlines support for a sql*net applications proxy, allowing > sql*net traffic to pass through an otherwise blocked socket. > > The problem is that I've been unable to locate this white paper. > > Has anyone out there seen a document that seems to fit this description? Once upon a time, Oracle had their white papers on their web server and the requested URL was http://www.oracle.com/odp/public/library/cr/pdf/22428.pdf However, their new 'improved' site has obviously dropped this kind of information. At least I haven't found it and their search engine doesn't know anything about "firewall" and "white paper". You may even search for "unix" or "sql" and will always get a single match "Oracle Trial Products" with a score of 20%. No, I will not try ... ;-) Marco Pauck -- Marco Pauck - WMD GmbH Hamburg, Germany - http://www.wmd.de/~pauck/ e-mail: pauck@wmd.de, phone: +49-40-58958-120, fax: +49-40-58958-199 You are on your own words. From firewalls-owner Wed Nov 6 03:34:11 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id DAA21008 for firewalls-outgoing; Wed, 6 Nov 1996 03:08:07 -0800 (PST) Received: from lightning.mgl.ca (lightning.mgl.ca [199.246.132.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id DAA21000 for ; Wed, 6 Nov 1996 03:07:56 -0800 (PST) Received: from maelstrom.mgl.ca (maelstrom.mgl.ca [199.246.132.8]) by lightning.mgl.ca (8.7.3/8.6.12) with ESMTP id GAA00299; Wed, 6 Nov 1996 06:07:16 -0500 Received: (from geiler@localhost) by maelstrom.mgl.ca (8.7.6/8.7.3) id GAA15628; Wed, 6 Nov 1996 06:07:09 -0500 Date: Wed, 6 Nov 1996 06:07:08 -0500 (EST) From: Eric Geiler To: Jan Koum cc: Colin Campbell , Ken Meade , firewalls@GreatCircle.COM Subject: Re: Firewall selection! In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 5 Nov 1996, Jan Koum wrote: > On Wed, 6 Nov 1996, Colin Campbell wrote: > > > You have it slightly wrong here. The toolkit is not, in the true sense, a > > product. To compare the two, it's like buying a house: > > > > With the toolkit you get a pile of prefabricated wall frames > > and roof trusses and are expected to assemble it yourself. The > > instructions are very basic but there are lots of neighbours > > who can help you if you get stuck. If the roof leaks you can > > try and fix it yourself. Maybe your neighbours can help, too. > > Depends if their roof is leaking too. > > > > Otherwise you can move straight into the pre-built, customised > > to your requirements Gauntlet model. Every now and then the > > people from TIS will come over and give your house a makeover. > > Maybe they'll just paint it, maybe they'll make the walls > > thicker (particularly the firewalls :-). Sometimes they'll even > > add a room or two. > > > > Take your pick. > > > > Colin > > > Following your analogy: > > I don't trust any one with keys to my house. Even those who built > it. I better build one on my own and know all "ins and outs" in case of > fire or other natural disasters. Also, what if it rains and roof leaks and > people from TIS are not around? You better know where to look for that > leak, or else it will be a lot of water... ;-) > Take your pick. > -- Yan > Cute ananlogy. I would seriously think about builting your own firewall, that way as Yan said if it rain's you can find the leak before it pours. Also it may take a FEW more hours but the feeling you get after your done. -- Eric Geiler geiler@mgl.ca From firewalls-owner Wed Nov 6 04:03:19 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id DAA22575 for firewalls-outgoing; Wed, 6 Nov 1996 03:54:51 -0800 (PST) Received: from seismo.CSS.GOV (seismo.CSS.GOV [140.162.1.25]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id DAA22537 for ; Wed, 6 Nov 1996 03:54:32 -0800 (PST) Received: from talos.CSS.GOV by seismo.CSS.GOV (4.1/SMI-4.1) id AA11016; Wed, 6 Nov 96 06:54:33 EST Received: by talos.CSS.GOV (SMI-8.6/SMI-SVR4) id GAA08100; Wed, 6 Nov 1996 06:54:31 -0500 Date: Wed, 6 Nov 1996 06:54:31 -0500 From: mark@seismo.CSS.GOV (Mark Le Vea) Message-Id: <199611061154.GAA08100@talos.CSS.GOV> To: jrs@hnv.com, dedlow@voro.lbl.gov Subject: Re: Oracle Firewall strategy white paper Cc: firewalls@greatcircle.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Md5: x1x7CH4xugJWmvq8/v8Hbw== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk http://www.wmd.de/~pauck/misc/oracle_and_firewalls.html From firewalls-owner Wed Nov 6 04:19:20 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA23235 for firewalls-outgoing; Wed, 6 Nov 1996 04:09:41 -0800 (PST) Received: from mwunix.mitre.org (mwunix.mitre.org [128.29.154.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA23210 for ; Wed, 6 Nov 1996 04:09:21 -0800 (PST) From: karndt@smiley.mitre.org Received: from smiley.sit (smiley.mitre.org [128.29.140.20]) by mwunix.mitre.org (8.6.10/8.6.4) with SMTP id HAA28507; Wed, 6 Nov 1996 07:09:16 -0500 Received: from [128.29.140.115] (karndt-mac) by smiley.sit (4.1/SMI-4.1) id AA14335; Wed, 6 Nov 96 07:06:52 EST Message-Id: <9611061206.AA14335@smiley.sit> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 6 Nov 1996 07:15:44 -0400 To: Dave Roberts Subject: Re: Hardening SunOS 4.1.4 Cc: Firewalls Mailing List Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The AUSCERT has a good checklist, which you can access at the following URL: ftp://ftp.auscert.org.au/pub/auscert/papers/unix_security_checklist Another source is the following URL: ftp://ftp.hawaii.edu/pub/security/docs/how.to.improve.security.on.SunOS.4.1.3 Hope this helps. Kate >Can someone point me in the right direction for a list of things to check >for SunOS 4.1.4. I've searched archives, and the web and not turned up >anything. > >I am configuring a number of hosts to be connected to the net for various >tasks (ftpd, httpd, nntpd, smapd etc), and whilst I know somethings to >fix, I defintately wouldn't know them all. > >Something like a list of permissions to be changed, patches to apply, >files to remove etc. etc. > >TIA - Dave. > >Dave Roberts | "Surfing the Internet" is a sad term for sad people. >Unix Systems Admin | Get a board, find a beach, surf some REAL waves and >SAA Consultants Ltd | get a *real* life. >Plymouth, U.K. | -=[For PGP Key, send mail with subject of "get pgp"]=- Kate Arndt Lead Engineer, Network Security Engineering E-mail: karndt@mitre.org Phone: (703) 883-6821, FAX: (703) 883-1397 Hayes Building, Room H2168 The MITRE Corporation 1820 Dolley Madison Boulevard McLean, VA 22102-3481 From firewalls-owner Wed Nov 6 04:39:04 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA23436 for firewalls-outgoing; Wed, 6 Nov 1996 04:16:08 -0800 (PST) Received: from edelweb.fr (edelweb.fr [193.51.12.16]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id EAA23411 for ; Wed, 6 Nov 1996 04:15:47 -0800 (PST) Received: from champagne.edelweb.fr (champagne.edelweb.fr [193.51.14.161]) by edelweb.fr (8.7.5/8.6.9) with ESMTP id NAA20275; Wed, 6 Nov 1996 13:12:07 +0100 (MET) Received: from localhost (touvet@localhost) by champagne.edelweb.fr (8.6.10/8.6.6) with SMTP id NAA04998; Wed, 6 Nov 1996 13:12:07 +0100 Message-Id: <199611061212.NAA04998@champagne.edelweb.fr> To: derek.hutchinson@newdur.ac.uk Cc: firewalls@greatcircle.com Subject: Re: plug gateways in TIS Gauntlet In-reply-to: <199611060922.JAA29628@orac.newdur.ac.uk> Mime-Version: 1.0 Content-Type: text/plain; charset="ISO-8859-1" Content-Transfer-Encoding: 8bit Date: Wed, 06 Nov 1996 13:12:06 +0100 From: Jean-Christophe Touvet Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Following the instructions with the firewall I can create plug > gateways to allow trusted hosts access through the firewall. Normally > this works well, but I have tried to create a plug gateway to allow > management of a Cisco CB900 ISDN router on the other side of the > firewall using Cisco's connection manager. Just an idea: have you tried to set the "force_source_address" option on your plug ? Maybe it's required by CISCO management protocol. Hope it'll help, -JCT- From firewalls-owner Wed Nov 6 05:35:17 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA24318 for firewalls-outgoing; Wed, 6 Nov 1996 04:37:37 -0800 (PST) Received: from ereapp.erenj.com (ereapp.ERENJ.COM [159.70.31.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id EAA24228 for ; Wed, 6 Nov 1996 04:37:02 -0800 (PST) Received: (from smap@localhost) by ereapp.erenj.com (8.7.4/8.7.3) id IAA27640; Wed, 6 Nov 1996 08:36:30 -0400 Received: from eredns.erenj.com(159.70.1.252) by ereapp.erenj.com via smap (V1.3) id sma027638; Wed Nov 6 07:36:02 1996 Received: from stargate.erenj.com (stargate.erenj.com [159.70.1.8]) by eredns.erenj.com (8.7.4/8.7.3) with SMTP id IAA00365; Wed, 6 Nov 1996 08:36:01 -0400 Received: from stargate.erenj.com by stargate.erenj.com; (5.65v3.2/1.1.8.2/12Feb96-1009AM/bdboyle@erenj.com) id AA07128; Wed, 6 Nov 1996 07:36:00 -0500 Message-Id: <32808630.41C6@erenj.com> Date: Wed, 06 Nov 1996 07:36:00 -0500 From: "Bryan D. Boyle" Organization: Exxon Research and Engineering Co. X-Mailer: Mozilla 3.0 (X11; I; OSF1 V4.0 alpha) Mime-Version: 1.0 To: Tom Budar Cc: firewalls@GreatCircle.COM Subject: Re: Removal from the list References: <327FD5F5.4D89@ix.netcom.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Tom Budar wrote: > > What is the email address and command string to drop off of this list? > Thanks. > Tom Budar mail a message to majordomo@greatcircle.com in the mail message, enter the phrase: unsubscribe firewalls and you will be history. -- Bryan D. Boyle | EMAIL: bdboyle@erenj.com 908-730-3338 #include | http://www.access.digex.net/~bdboyle/index.html "They that can give up liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania From firewalls-owner Wed Nov 6 05:51:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA26890 for firewalls-outgoing; Wed, 6 Nov 1996 05:04:01 -0800 (PST) Received: from csc.com (explorer.csc.com [20.1.10.27]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA26821 for ; Wed, 6 Nov 1996 05:03:26 -0800 (PST) Received: from tc24617 by csc.com with smtp (Smail3.1.29.1 #1) id m0vL7db-001Ag2C; Wed, 6 Nov 96 08:03 EST Message-ID: <32808C1E.1F0F@csc.com> Date: Wed, 06 Nov 1996 08:01:18 -0500 From: Joe Loiacono Organization: Computer Sciences Corporation X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) MIME-Version: 1.0 To: brad bumshed CC: firewalls@greatcircle.com Subject: Re: NCSA References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk NCSA maintains a collection of detailed information on major firewalls. Apparently vendors were asked to fill in a common 19 section form. It's a very helpful source for firewall comparison analyses. http://www.ncsa.com/fpfs/ provides an index into the forms. Joe brad bumshed wrote: > > I would like more info on NCSA like address to write or site to > access. thanks. > brad -- In theory, theory and practice are the same; In practice they're not! From firewalls-owner Wed Nov 6 06:03:43 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA27670 for firewalls-outgoing; Wed, 6 Nov 1996 05:10:22 -0800 (PST) Received: from axe.intercall.com (axe.intercall.com [206.98.168.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id FAA27628 for ; Wed, 6 Nov 1996 05:09:52 -0800 (PST) Received: from geoff (ts8-162.intercall.com [207.77.26.162]) by axe.intercall.com (8.7.4/8.6.9) with SMTP id IAA25212; Wed, 6 Nov 1996 08:07:30 -0500 (EST) Date: Wed, 6 Nov 1996 08:07:30 -0500 (EST) Message-Id: <199611061307.IAA25212@axe.intercall.com> X-Sender: geoff@intercall.com X-Mailer: Windows Eudora Version 1.4.5 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: pauck@wmd.de, jrs@hnv.com (Jeff R. Seul) From: geoff@innov8cs.com (Geoff Crawford) Subject: Re: Oracle Firewall strategy white paper Cc: firewalls@GreatCircle.COM, bruening@wmd.de Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 11:25 AM 11/6/96 +0100, pauck@wmd.de wrote: >Once upon a time, Oracle had their white papers on their web server and >the requested URL was > > http://www.oracle.com/odp/public/library/cr/pdf/22428.pdf > >However, their new 'improved' site has obviously dropped this kind of >information. At least I haven't found it and their search engine >doesn't know anything about "firewall" and "white paper". You may even >search for "unix" or "sql" and will always get a single match "Oracle >Trial Products" with a score of 20%. It's moved to: http://tiburon.us.oracle.com/odp/public/library/cr/html/cr_white.html >No, I will not try ... ;-) I don't blame you. ====================================================================== Geoff Crawford Phone: (201) 627 - 0307 Innovative Client Servers FAX: (201) 627 - 0634 24 Dogwood Drive Email: geoff@innov8cs.com Denville NJ 07834 Web: http://www.innov8cs.com From firewalls-owner Wed Nov 6 06:32:21 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA27820 for firewalls-outgoing; Wed, 6 Nov 1996 05:13:33 -0800 (PST) Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA27782 for ; Wed, 6 Nov 1996 05:12:57 -0800 (PST) Received: from clonvick-pc.cisco.com ([171.68.41.81]) by diablo.cisco.com (8.6.10/CISCO.SERVER.1.1) with SMTP id FAA05876; Wed, 6 Nov 1996 05:12:35 -0800 Message-Id: <2.2.32.19961106150451.00705bb8@diablo.cisco.com> X-Sender: clonvick@diablo.cisco.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 06 Nov 1996 07:04:51 -0800 To: harley@icrf.icnet.uk, firewalls@GreatCircle.COM From: Chris Lonvick Subject: re: NCSA Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Well..., that's the most likely one for this newsgroup. But let's don't forget the other NCSAs out there. http://www.ncsa.com is the National Computer Security Association http://www.ncsa.edu is the National Center for Supercomputing Applications http://www.ncsa.org is the Nebraska Council of School Administrators Oh, darn! I'm sure that I've now ruined some planned joke where someone would post that NCSA has been hacked... and take a look at the 'org' URL. Chris Lonvick Cisco Sytems Consulting Engineering Houston, TX, USA +1-713-778-5663 At 09:27 AM 11/6/96 +0000, harley@icrf.icnet.uk wrote: >> >> I would like more info on NCSA like address to write or site to >> access. thanks. >> brad >> > > http://www.ncsa.com/ > >(would you believe?) > >-- >David Harley \ | / alt.comp.virus FAQ >D.Harley@icrf.icnet.uk \ | / & Anti-Virus Web Page >Support & Security Analyst \ | / Folk London On-Line gig-list >Imperial Cancer Research Fund ____\|/____ http://webworlds.co.uk/dharley/ > > > From firewalls-owner Wed Nov 6 06:36:05 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA27294 for firewalls-outgoing; Wed, 6 Nov 1996 05:06:34 -0800 (PST) Received: from hq15.pcmail.ingr.com (hq15.pcmail.ingr.com [129.135.251.243]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA27231; Wed, 6 Nov 1996 05:06:03 -0800 (PST) Received: by hq15.pcmail.ingr.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.57) id <01BBCBB0.F7952550@hq15.pcmail.ingr.com>; Wed, 6 Nov 1996 07:06:01 -0600 Message-ID: From: "Jarmon, Don R" To: "'Russ.Cooper.RC.on.ca@GreatCircle.COM'" , "'rbc@lava.net'" Cc: "'firewalls@GreatCircle.COM'" Subject: RE: PPTP setup Date: Wed, 6 Nov 1996 07:05:21 -0600 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.57 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Thanks for all who responded to this query. FYI: The PPTP Client uses TCP Port 1723 to communicated with the server. Still having problems with authenication for remote client. >---------- >From: rbc@lava.net[SMTP:rbc@lava.net] >Sent: Thursday, October 31, 1996 3:49 PM >To: Russ.Cooper.RC.on.ca@GreatCircle.COM >Cc: Jarmon, Don R; firewalls@GreatCircle.COM >Subject: RE: PPTP setup > > From: Russ > Date: Fri, 1 Nov 1996 01:12:13 -0500 > MIME-Version: 1.0 > X-Mailer: Internet Mail Connector (Beta) (4.5.1280.0) > Content-Type: text/plain > Content-Transfer-Encoding: quoted-printable > Sender: firewalls-owner@GreatCircle.COM > Precedence: bulk > > Don Jarmon asked... > >I was planning to add a Dual NIC NTS4.0 server to a DMZ. One > >NIC configured to support PPTP and the other NIC connected > >to the Intranet. I was wondering 'bout what type of access is > >needed on the boundry router to support Remote PPTP enabled > >Internet Clients. > >According to the internet draft the PNS, (PPTP Network Server) >receives an incoming TCP call on port 5678. If that is true then the >DMZ external router would need to allow an incoming TCP call on port >5678 of the pptp server. > >In a cisco, that would look something like this: > >! pptp incoming to PNS >access-list 100 permit tcp 0.0.0.0 255.255.255.255 XXX.XXX.XXX.XXX 0.0.0.0 eq >5678 > >(where XXX.XXX.XXX.XXX is the PNS server IP address) > >This access list could be refered to in the external interface setup >with a "ip access-group 100 in". You might need to have additional >filter entries if you filter outbound packets from your DMZ router's >internal interface. > >I haven't tried this but it seems reasonable, > > --Bruce > >-- >Robert B. Carleton + rbc@lava.net + http://www.lava.net/~rbc > From firewalls-owner Wed Nov 6 07:05:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA04120 for firewalls-outgoing; Wed, 6 Nov 1996 06:47:39 -0800 (PST) Received: from gauntlet-1.trusted.com (gauntlet-1.trusted.com [204.254.155.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id GAA04109 for ; Wed, 6 Nov 1996 06:47:29 -0800 (PST) Received: by gauntlet-1.trusted.com; id JAA03866; Wed, 6 Nov 1996 09:54:30 -0500 Received: from dira.rv.tis.com(10.0.1.43) by gauntlet-1.trusted.com via smap (V3.1.1) id xma003856; Wed, 6 Nov 96 09:54:14 -0500 Received: from unit65.trusted.com (dyn189.trusted.com [10.0.1.189]) by dira.rv.tis.com (8.7.4/8.7.3) with SMTP id JAA22917; Wed, 6 Nov 1996 09:43:59 -0500 (EST) Message-Id: <2.2.32.19961106144635.006ffb90@pop.trusted.com> X-Sender: avolio@pop.trusted.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 06 Nov 1996 09:46:35 -0500 To: Jan Koum , Colin Campbell From: Frederick M Avolio Subject: Re: Firewall selection! Cc: Ken Meade , firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Following your analogy: > > I don't trust any one with keys to my house. Even those who built >it. I better build one on my own and know all "ins and outs" in case of >fire or other natural disasters. Also, what if it rains and roof leaks and >people from TIS are not around? You better know where to look for that >leak, or else it will be a lot of water... ;-) > Take your pick. TIS does not require access -- as everything else (based on our design model) it is up the the customer what to use and not to. You get source code with either, so you should be able to find the "leaks" yourselve if you want to. Fred From firewalls-owner Wed Nov 6 07:20:27 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA29368 for firewalls-outgoing; Wed, 6 Nov 1996 05:39:59 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA29356 for ; Wed, 6 Nov 1996 05:39:33 -0800 (PST) Received: (qmail 2383 invoked from smtpd); 6 Nov 1996 13:39:04 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 6 Nov 1996 13:39:04 -0000 Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id HAA14852; Wed, 6 Nov 1996 07:39:03 -0600 Received: by sonic.nmti.com; id AA12111; Wed, 6 Nov 1996 07:38:54 -0600 From: peter@baileynm.com (Peter da Silva) Message-Id: <9611061338.AA12111@sonic.nmti.com.nmti.com> Subject: Re: Remote admin. on FW's To: sazah@ibu.sj.nec.com (Sunny Azah) Date: Wed, 6 Nov 1996 07:38:54 -0600 (CST) Cc: genel@inforamp.net, genelee@vnet.ibm.com, kmeade@tcd.ie, Firewalls@GreatCircle.COM In-Reply-To: <199611042142.NAA07133@vegas.ibu.sj.nec.com> from "Sunny Azah" at Nov 4, 96 01:42:42 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > 5) How secure is the remote management client? X11 attacks on a remote > > management GUI will defeat the strongest encryption. > Good point. Howevever, the problem encompasses more than > just X Windows security, but the total security of the administrative > machine. Or if it's a Windows or NT box, there's virus based attacks, attacks on any local webserver, attacks through the registry, and so on. Your admin box needs to be as secure as your firewall. From firewalls-owner Wed Nov 6 07:35:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA29482 for firewalls-outgoing; Wed, 6 Nov 1996 05:41:52 -0800 (PST) Received: from ttmcgate.ttf.com ([199.172.234.66]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id FAA29465 for ; Wed, 6 Nov 1996 05:41:29 -0800 (PST) Received: from ttmcgate ([199.172.234.129]) by ttmcgate.ttf.com (post.office MTA v2.0 0813 ID# 0-0U10) with SMTP id AAA3479; Wed, 6 Nov 1996 09:42:01 -0400 Message-ID: <328095A8.40BB@ttf.com> Date: Wed, 06 Nov 1996 09:42:00 -0400 From: "Fletcher B. Cocquyt" Organization: TTMC X-Mailer: Mozilla 3.01b1Gold (X11; I; SunOS 5.5 sun4m) MIME-Version: 1.0 To: Firewall Mailing list , Sun Managers Mailing list CC: fletch@ttf.com Subject: RFC: Post.Office as sendmail replacement Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm currently evaluating the Post.Office 2.0 product from www.software.com as a replacement for sendmail on our internet email server. So far I am quite impressed with the product's features: - runs as non-priviledged user (they claim you could run it right on your firewall) - uses a slick WWW interface for everything (no messing with the sendmail.cf) - is an official Solaris certified product - I can create POP mail accounts so users don't need a UNIX account to receive email. - its pretty cheap - < $1000 for 100 user license. If anyone has a firsthand opinion on the product, I'd like to hear it. Will summarize the responses, Thanks, -- -------------------------------------------------------------- Fletcher B. Cocquyt SysAdmin Hamilton, Bermuda fletch@ttf.com Trout Trading (441) 299-2900 x259 -------------------------------------------------------------- PS: Is there a website that offers a service to attack your firewall and send you an email report of the results? From firewalls-owner Wed Nov 6 07:47:47 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA06192 for firewalls-outgoing; Wed, 6 Nov 1996 07:34:12 -0800 (PST) Received: from ereapp.erenj.com (ereapp.ERENJ.COM [159.70.31.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA06149 for ; Wed, 6 Nov 1996 07:33:37 -0800 (PST) Received: (from smap@localhost) by ereapp.erenj.com (8.7.4/8.7.3) id LAA04203 for ; Wed, 6 Nov 1996 11:33:37 -0400 Received: from eredns.erenj.com(159.70.1.252) by ereapp.erenj.com via smap (V1.3) id sma004180; Wed Nov 6 10:33:16 1996 Received: from clmail1.erenj.com (clmail1.erenj.com [159.70.1.22]) by eredns.erenj.com (8.7.4/8.7.3) with ESMTP id LAA01451 for ; Wed, 6 Nov 1996 11:33:15 -0400 Received: from tiger ([159.129.116.3]) by clmail1.erenj.com (post.office MTA v1.9.3 ID# 0-11437) with SMTP id AAA189 for ; Wed, 6 Nov 1996 10:15:19 -0500 Message-ID: <3280AF6C.59E2B600@erenj.com> Date: Wed, 06 Nov 1996 09:31:56 -0600 From: Andy Howard Organization: Exxon Computing Services X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 4.1.4 sun4c) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Re: Removal from the list References: <327FD5F5.4D89@ix.netcom.com> <32808630.41C6@erenj.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Bryan D. Boyle wrote: > > Tom Budar wrote: > > > > What is the email address and command string to drop off of this list? > > Thanks. > > Tom Budar > > mail a message to majordomo@greatcircle.com > in the mail message, enter the phrase: > > unsubscribe firewalls > > and you will be history. > Andy commented: Dontcha wonder why people don't keep the notification when first signing up for the list that describes how to unsubscribe? (^8 - Andy Howard 713-656-4396 achowar@erenj.com "Think hard! Think Fast! Think Often! But Think!" The contents of this note are my opinion and should be treated only as that. From firewalls-owner Wed Nov 6 08:03:57 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA06968 for firewalls-outgoing; Wed, 6 Nov 1996 07:49:08 -0800 (PST) Received: from ping1.ping.be (ping1.ping.be [193.74.114.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA06961 for ; Wed, 6 Nov 1996 07:48:56 -0800 (PST) Received: from pcpc (dialup23.charleroi.eunet.be [193.75.130.23]) by ping1.ping.be (8.7.5/8.7.3) with SMTP id RAA14295 for ; Wed, 6 Nov 1996 17:48:55 +0200 (GMT+0200) Date: Wed, 6 Nov 1996 17:48:55 +0200 (GMT+0200) Message-Id: <199611061548.RAA14295@ping1.ping.be> X-Sender: pin02222@pophost.ping.be (Unverified) X-Mailer: Windows Eudora Light Version 1.5.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: firewalls@greatcircle.com From: Philippe Cayphas Subject: Proxy X.400 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, Does someone know the existence of a X.400 proxy to be put on a firewall? Regards. Philippe __ Ph. Cayphas Rue Pastur, 133 6180 Courcelles Belgium +32 71 46 21 17 From firewalls-owner Wed Nov 6 08:52:45 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA09121 for firewalls-outgoing; Wed, 6 Nov 1996 08:21:18 -0800 (PST) Received: from wugate.wustl.edu (wugate.wustl.edu [128.252.120.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA09114 for ; Wed, 6 Nov 1996 08:21:12 -0800 (PST) Received: (from jairao@localhost) by wugate.wustl.edu (8.7.5/8.7.3) id KAA21697; Wed, 6 Nov 1996 10:20:39 -0600 Date: Wed, 6 Nov 1996 10:20:39 -0600 From: Jai Rao Message-Id: <199611061620.KAA21697@wugate.wustl.edu> To: Murray_Mia@SDMIS.NSWSES.NAVY.MIL, firewalls@GreatCircle.COM Subject: Re: Testing... Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yes I received the mail. From firewalls-owner Wed Nov 6 09:16:55 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA11853 for firewalls-outgoing; Wed, 6 Nov 1996 08:54:09 -0800 (PST) Received: from hp01.vak12ed.edu (hp01.vak12ed.edu [141.104.150.251]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA11815 for ; Wed, 6 Nov 1996 08:53:49 -0800 (PST) Message-Id: <199611061653.IAA11815@miles.greatcircle.com> Received: by hp01.vak12ed.edu (1.37.109.20/16.2) id AA095859253; Wed, 6 Nov 1996 11:54:13 -0500 From: "W.C. Epperson" Subject: Re: Firewall selection! To: firewalls@greatcircle.com Date: Wed, 06 Nov 1996 11:54:13 EST In-Reply-To: ; from "Eric Geiler" at Nov 6, 96 6:07 am Reply-To: epperson@vak12ed.edu X-Mailer: Elm [revision: 109.18] Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Yan and Colin have been saying: [snip] > > > You have it slightly wrong here. The toolkit is not, in the true sense, a > > > product. To compare the two, it's like buying a house: > > > > > > With the toolkit you get a pile of prefabricated wall frames [snip] > > > > > > Otherwise you can move straight into the pre-built, customised > > > to your requirements Gauntlet model. Every now and then the > > > people from TIS will come over and give your house a makeover. [snip] > > > > > Following your analogy: > > > > I don't trust any one with keys to my house. Even those who built > > it. I better build one on my own and know all "ins and outs" in case of > > fire or other natural disasters. Also, what if it rains and roof leaks and > > people from TIS are not around? You better know where to look for that > > leak, or else it will be a lot of water... ;-) [snip] Well, I don't give keys to folks just because they're working on my house: I meet them there, let them in, and oversee their activity. The roof can leak whether I put it on or someone else does: you either watch for leaks or use water detectors. If you know what you're doing, fine, build it yourself, if not, you're apt to find a chimney flue wrapped around your ears. If contracting out, make sure you use a reputable contractor with references, bonded, etc. Now, if I could only buy a SYN Flood Insurance Policy, this analogy would really be crankin'.... -- W.C. Epperson "I have great faith in fools. Senior SE Self-confidence, my friends call it." Information Security Officer --Edgar Allan Poe-- DBA Emeritus Curmudgeon-for-Life Virginia Dept. of Education epperson@pen.k12.va.us From firewalls-owner Wed Nov 6 09:19:55 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA09952 for firewalls-outgoing; Wed, 6 Nov 1996 08:30:20 -0800 (PST) Received: from ns1.ntshop.com ([207.91.166.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id IAA09943 for ; Wed, 6 Nov 1996 08:30:01 -0800 (PST) Received: from beast.ntshop.net ([207.91.166.3]) by ns1.ntshop.com (post.office MTA v2.0 0813 ID# 153-13296) with ESMTP id AAA119 for ; Wed, 6 Nov 1996 10:35:40 -0600 From: "Mark Joseph Edwards" To: Subject: NT Security Date: Wed, 6 Nov 1996 10:29:58 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-ID: <19961106163540588.AAA119@beast.ntshop.net> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Anyone know of any good NT security sites on the net besides SomarSoft ? Mark Joseph Edwards email: mark@ntshop.net netmeeting: phone.ntshop.net From firewalls-owner Wed Nov 6 10:12:25 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA15936 for firewalls-outgoing; Wed, 6 Nov 1996 09:53:20 -0800 (PST) Received: from fw2.firstdata.com (fw2.firstdata.com [204.254.78.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id JAA15916 for ; Wed, 6 Nov 1996 09:53:05 -0800 (PST) Received: by fw2.firstdata.com; id JAA23564; Wed, 6 Nov 1996 09:53:08 -0800 (PST) Received: from poppy.firstdata.com(10.1.3.34) by fw2.firstdata.com via smap (3.2) id xma023547; Wed, 6 Nov 96 09:52:40 -0800 Received: from gandalf.firstdata.com (dhcp034.firstdata.com [10.1.3.177]) by poppy.firstdata.com (8.8.2/8.7.3) with SMTP id JAA12175; Wed, 6 Nov 1996 09:52:37 -0800 (PST) Message-Id: <3.0.32.19961106094611.00777628@popgw.firstdata.com> X-Sender: kketell@popgw.firstdata.com X-Mailer: Windows Eudora Pro Version 3.0 Demo (32) Date: Wed, 06 Nov 1996 09:52:38 -0800 To: Eric Geiler From: Kent Ketell Subject: Re: Firewall selection! Cc: Jan Koum , Colin Campbell , Ken Meade , firewalls@GreatCircle.COM Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 06:07 AM 11/6/96 -0500, Eric Geiler wrote: > > > > >On Tue, 5 Nov 1996, Jan Koum wrote: > >> On Wed, 6 Nov 1996, Colin Campbell wrote: >> >> > You have it slightly wrong here. The toolkit is not, in the true sense, a >> > product. To compare the two, it's like buying a house: >> > >> > With the toolkit you get a pile of prefabricated wall frames >> > and roof trusses and are expected to assemble it yourself. The >> > instructions are very basic but there are lots of neighbours >> > who can help you if you get stuck. If the roof leaks you can >> > try and fix it yourself. Maybe your neighbours can help, too. >> > Depends if their roof is leaking too. >> > >> > Otherwise you can move straight into the pre-built, customised >> > to your requirements Gauntlet model. Every now and then the >> > people from TIS will come over and give your house a makeover. >> > Maybe they'll just paint it, maybe they'll make the walls >> > thicker (particularly the firewalls :-). Sometimes they'll even >> > add a room or two. >> > >> > Take your pick. >> > >> > Colin >> > >> Following your analogy: >> >> I don't trust any one with keys to my house. Even those who built >> it. I better build one on my own and know all "ins and outs" in case of >> fire or other natural disasters. Also, what if it rains and roof leaks and >> people from TIS are not around? You better know where to look for that >> leak, or else it will be a lot of water... ;-) >> Take your pick. >> -- Yan >> > > >Cute ananlogy. I would seriously think about builting your own firewall, >that way as Yan said if it rain's you can find the leak before it pours. >Also it may take a FEW more hours but the feeling you get after your done. > >-- >Eric Geiler >geiler@mgl.ca > > You all seem to be forgetting that the source is provided with the Gauntlet, so you can have both a supported product AND the keys to the kingdom if you decide to go it on your own. -- All opinions either expressed or implied in the above noise are strictly my own. -Kent- From firewalls-owner Wed Nov 6 10:31:00 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA17260 for firewalls-outgoing; Wed, 6 Nov 1996 10:11:50 -0800 (PST) Received: from deepeddy.DeepEddy.Com (DeepEddy.Com [192.12.3.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA17085 for ; Wed, 6 Nov 1996 10:08:25 -0800 (PST) Received: from deepeddy.DeepEddy.Com (localhost [127.0.0.1]) by deepeddy.DeepEddy.Com (8.7.3/8.7.2) with ESMTP id MAA27392; Wed, 6 Nov 1996 12:06:44 -0600 (CST) Message-Id: <199611061806.MAA27392@deepeddy.DeepEddy.Com> X-Mailer: exmh version 1.6.9 8/22/96 To: teck@mimos.MY Cc: firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com Subject: Re: Secure email package In-Reply-To: Your message of "Wed, 06 Nov 1996 15:35:42." <9611060731.AA05890@ms.mimos.my> X-Url: http://www.DeepEddy.Com/~cwg Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1248753061P"; micalg=pgp-md5; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Wed, 06 Nov 1996 12:06:42 -0600 From: Chris Garrigues Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --==_Exmh_-1248753061P Content-Type: text/plain; charset=us-ascii > I'm looking for MUA that has either pgp or PEM build in. Can anyone > or any party who have developed or known any of these software > packages, pls email to me. exmh has quite good pgp support although the latest pgp patches haven't been integrated into the source tree yet so you'll have to do a little work to get it fully up to snuff. You'll find it somewhere on the sun site with the tk/tcl stuff. Chris -- Chris Garrigues O- cwg@DeepEddy.Com Deep Eddy Internet Consulting +1 512 432 4046 609 Deep Eddy Avenue Austin, TX 78703-4513 http://www.DeepEddy.Com/~cwg/ --==_Exmh_-1248753061P Content-Type: application/pgp-signature -----BEGIN PGP MESSAGE----- Version: 2.6.2 iQB1AwUBMoDTrJaQnaaFII2dAQFSbQMAucwmu4LKzpw3iVYiHUo7ksnimAc/kto/ 5nEkjaSwHtmNlui3sWDhbK4q3JXcLrw67oIkLsgnx6ymJCxxbUFftYxE3jNN6FAH SN/WPsdEp4O1mMXv3NGZltLllHGp/WDc =5uzh -----END PGP MESSAGE----- --==_Exmh_-1248753061P-- From firewalls-owner Wed Nov 6 10:50:03 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA18560 for firewalls-outgoing; Wed, 6 Nov 1996 10:38:08 -0800 (PST) Received: from snd10.med.navy.mil ([192.108.14.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id KAA18553 for ; Wed, 6 Nov 1996 10:37:54 -0800 (PST) Received: from [159.71.39.242] by snd10.med.navy.mil with SMTP (5.65/1.2-eef) id AA00525; Wed, 6 Nov 96 10:32:01 -0800 Message-Id: <2.2.32.19961106183501.00683334@192.108.14.10> X-Sender: snd1trz@192.108.14.10 X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 06 Nov 1996 10:35:01 -0800 To: firewalls@greatcircle.com From: "Todd R. Zimmerman" Subject: Re: plug gateways in TIS Gauntlet Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Are you sure you want to be giving the specifics of your netperm-table to this mailing list. No telling who may be listening... > >The relevant lines from netperm-table are > >plug-gw: port 1501 194.73.99.50 -plug-to 194.73.98.252 -port 1501 >plug-gw: port 1501 194.73.98.252 -plug-to 194.73.99.50 -port 1501 >plug-gw: port 1500 194.73.99.50 -plug-to 194.73.98.252 -port 1500 >plug-gw: port 1500 194.73.98.252 -plug-to 194.73.99.50 -port 1500 > >194.73.98.252 is the router and 194.73.99.50 is the management >station. > >TIA > > > > >Derek Hutchinson >Operations Manager >New College Durham > >tele 0191 3754000 >fax 0191 3754222 > _/_/_/_/ _/_/_/_/ _/_/_/_/ Todd R. Zimmerman _/ _/ _/ _/ Network Manager / Computer Specialist _/ _/_/_/_/ _/ Naval Medical Center, San Diego _/ _/ _/ _/ (619)532-9314 Pager 979-2195 _/ _/ _/ _/_/_/_/ snd1trz@snd10.med.navy.mil ** Disclaimer: The views expressed here do not reflect the ** ** official policy or position of DoD or the U.S. Government. ** From firewalls-owner Wed Nov 6 11:19:36 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA18035 for firewalls-outgoing; Wed, 6 Nov 1996 10:25:52 -0800 (PST) Received: from zeus (zeus.cc.pcc.edu [192.220.1.109]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA17994 for ; Wed, 6 Nov 1996 10:25:33 -0800 (PST) Received: from orion.cc.pcc.edu by zeus with SMTP (1.39.111.2/16.2) id AA039634770; Wed, 6 Nov 1996 10:26:10 -0800 Received: from [192.220.2.50] by orion.cc.pcc.edu with SMTP (1.37.109.8/16.2) id AA00305; Wed, 6 Nov 1996 10:20:58 -0800 Message-Id: <2.2.32.19961106182600.006a5b14@orion.pcc.edu> X-Sender: jvalluzz@orion.pcc.edu X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 06 Nov 1996 10:26:00 -0800 To: pauck@wmd.de, firewalls@GreatCircle.COM From: Jim Valluzzi Subject: Re: Oracle Firewall strategy white paper Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The current URL is http://tiburon.us.oracle.com/odp/public/library/cr/html/cr_white.html. At 11:25 AM 11/6/96 +0100, you wrote: >> I've been doing some research about using sql*net to communicate >> with Oracle 7.2 (or later) databases on differing sides of a >> firewall. >> >> After reading some reports by Oracle and various firewall vendors, >> I've discovered that there exists an Oracle Firewall Strategy white paper >> that outlines support for a sql*net applications proxy, allowing >> sql*net traffic to pass through an otherwise blocked socket. >> >> The problem is that I've been unable to locate this white paper. >> >> Has anyone out there seen a document that seems to fit this description? > >Once upon a time, Oracle had their white papers on their web server and >the requested URL was > > http://www.oracle.com/odp/public/library/cr/pdf/22428.pdf > >However, their new 'improved' site has obviously dropped this kind of >information. At least I haven't found it and their search engine >doesn't know anything about "firewall" and "white paper". You may even >search for "unix" or "sql" and will always get a single match "Oracle >Trial Products" with a score of 20%. No, I will not try ... ;-) > > Marco Pauck >-- >Marco Pauck - WMD GmbH Hamburg, Germany - http://www.wmd.de/~pauck/ >e-mail: pauck@wmd.de, phone: +49-40-58958-120, fax: +49-40-58958-199 > You are on your own words. > > ****************************************************************************** Jim Valluzzi, Network Analyst Information Technology Services [503] 977-4713 Portland Community College P. O. Box 19000 Portland, OR. 97280-0990 U.S.A. ****************************************************************************** From firewalls-owner Wed Nov 6 11:29:55 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA20449 for firewalls-outgoing; Wed, 6 Nov 1996 11:12:06 -0800 (PST) Received: from smtp-relay-1.Adobe.COM (smtp-relay-1.adobe.com [192.150.11.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA20431 for ; Wed, 6 Nov 1996 11:11:54 -0800 (PST) Received: by smtp-relay-1.Adobe.COM (8.7.5) with ESMTP id LAA20889; Wed, 6 Nov 1996 11:11:15 -0800 (PST) Received: by inner-relay-1.Adobe.COM (8.7.5) with ESMTP id LAA23122; Wed, 6 Nov 1996 11:11:36 -0800 (PST) Received: by mail-345.corp.Adobe.COM (8.7.5) with ESMTP id LAA27026; Wed, 6 Nov 1996 11:12:12 -0800 (PST) Received: by stimpy (8.6.12) with ESMTP id LAA13216; Wed, 6 Nov 1996 11:12:48 -0800 Message-Id: <199611061912.LAA13216@stimpy> To: Firewalls@GreatCircle.COM Subject: access to internal web servers through the firewall Date: Wed, 06 Nov 1996 11:12:47 -0800 From: John Hammond Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a web server inside of my company that people outside the company need access to. For several reasons it is not a good idea to put the machine directly in the firewall. There are also good reasons not to put it outside the firewall and replicate the internal machine to it. And I'm not inclined to pass the requests directly. I was wondering if I could use a cache server like Harvest to do this. The html is generated on the fly from a database depending on who accesses the page. Is using a cache server for this a reasonable approach? Has anyone had a similar problem or done this before? Any input will be greatly appreciated. John -------- -- Welcome to the firewalls-digest mailing list! Please save this message for future reference. Thank you. If you ever want to remove yourself from this mailing list, you can send mail to with the following command in the body of your email message: unsubscribe firewalls-digest jhammond@Adobe.COM Here's the general information for the list you've subscribed to, in case you don't already have it: Description =========== This list is for discussions of Internet "firewall" security systems and related issues. It is an outgrowth of the Firewalls BOF session at the Third UNIX Security Symposium in Baltimore on September 15, 1992. This is the digestified version of the list. Digests are sent daily (assuming there were any messages to the list that day) or whenever the current digest grows beyond 40k bytes. The undigestified version of the list is "Firewalls@GreatCircle.COM". To subscribe to Firewalls, send "subscribe firewalls" in the body of a message (not on the "Subject:" line) to "Majordomo@GreatCircle.COM". Frequently Asked Questions ========================== A "Frequently Asked Questions" (FAQ) document (written by Marcus Ranum, mjr@tis.com) is available via anonymous FTP from host FTP.GreatCircle.COM, file pub/firewalls/FAQ, or from Majordomo by sending the command "get firewalls FAQ" in the body of an email message (not on the "Subject:" line) to address "Majordomo@GreatCircle.COM", or via URL ftp://ftp.greatcircle.com/pub/firewalls/FAQ Policies ======== Code for cracking programs (programs designed to help break into another system) should not be posted to the Firewalls mailing list. You can subscribe a local redistribution list or a gateway to a local newsgroup, as long as whatever you do is local to your site. This restriction makes it much easier for me to track down mailer problems. I'm very aggressive when it comes to bounced email. If email to you starts bouncing, I'll probably drop you from the list fairly quickly; you'll have to resubscribe when you get the problem fixed, and retrieve the archives to find out what you missed. Archives ======== All digests are archived. The archives are available via Majordomo using the "get" command (send "help" in the body of a message to "Majordomo@GreatCircle.COM" for more info), or via anonymous FTP from host FTP.GreatCircle.COM in directory "pub/firewalls/digest", or via URL ftp://ftp.greatcircle.com/pub/firewalls/digest/ The digests are broken down by volume and number, and are stored in files named "vNN.nMMM", where "NN" is the volume number, and "MMM" is the issue number. The copy of the digests available by anonymous FTP is updated every night at 2am local time (0900 GMT in the summer, 1000 GMT in the winter). WAIS Access =========== The Firewalls-Digest archive is available by WAIS on host WAIS.GreatCircle.COM, at port 210, under the database name "firewalls-digest". The WAIS archive is updated nightly. The FAQ document is also avialable by WAIS on host WAIS.GreatCircle.COM, at port 210, under thedatabase name "firewalls-faq". For Further Information ======================= Michael C. Berch Postmaster and list manager, Great Circle Associates mcb@greatcircle.com -------- From firewalls-owner Wed Nov 6 11:49:42 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA21323 for firewalls-outgoing; Wed, 6 Nov 1996 11:28:19 -0800 (PST) Received: from gk-blue.unicc.org (gk-red.unicc.org [192.91.247.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA21305 for ; Wed, 6 Nov 1996 11:28:08 -0800 (PST) From: admin@unicc.org Received: by gk-blue.unicc.org; (5.65v3.2/1.3/10May95) id AA14438; Wed, 6 Nov 1996 20:29:10 +0100 Received: by gh-old.unicc.org (5.65/jsb-190694); id AA28418; Wed, 6 Nov 1996 20:28:19 +0100 Message-Id: <9611061928.AA28418@gh-old.unicc.org> To: firewalls@greatcircle.com Subject: POP3 proxy Date: Wed, 06 Nov 96 20:28:13 +0100 X-Mts: smtp Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hallo! Does anybody know about a POP3 proxy? What is especially interesting for me is to allow the outgoing POP traffic so that our users can check their mail on remote POP servers, outside our firewall. I know I can do it with a generic gateway, but it only allows many to one, i.e. many clients to one server. I'd like to implement many to many. The packet filtering is something I'd like to avoid as I'd have to open all the ports > 1023 for incoming (server's) traffic with ack bit set. Any help will be greately appreciated!!!! Lili, UNICC, Geneva From firewalls-owner Wed Nov 6 12:07:14 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA22736 for firewalls-outgoing; Wed, 6 Nov 1996 11:51:23 -0800 (PST) Received: from sapa.inka.de (sapa.inka.de [193.197.84.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA22671 for ; Wed, 6 Nov 1996 11:50:29 -0800 (PST) Received: from uu.inka.de (root@[193.197.84.8]) by sapa.inka.de with smtp (S3.1.29.1) id ; Wed, 6 Nov 96 20:49 MET Received: from lina (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Wed, 6 Nov 96 20:49 MET Received: by lina id m0vLDxt-0004ipC (Debian /\oo/\ Smail3.1.29.1 #29.37); Wed, 6 Nov 96 20:48 MET Message-Id: From: lists@lina.inka.de (Bernd Eckenfels) Subject: Re: Secure email package To: cwg@DeepEddy.Com (Chris Garrigues) Date: Wed, 6 Nov 1996 20:48:44 +0100 (MET) Cc: teck@mimos.MY, firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com In-Reply-To: <199611061806.MAA27392@deepeddy.DeepEddy.Com> from "Chris Garrigues" at Nov 6, 96 12:06:42 pm X-Mailer: ELM [version 2.4 PL25 PGP2] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, > > I'm looking for MUA that has either pgp or PEM build in. Can anyone > > or any party who have developed or known any of these software > > packages, pls email to me. Which OS you are talking about? Anyway, there is a sendail with PGP Support, and there is good PGP support build into Elm 2.4 PL25 for Unix. Greetings Bernd From firewalls-owner Wed Nov 6 12:50:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA24713 for firewalls-outgoing; Wed, 6 Nov 1996 12:22:59 -0800 (PST) Received: from ns1.ntshop.com ([207.91.166.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA24690 for ; Wed, 6 Nov 1996 12:22:41 -0800 (PST) Received: from beast.ntshop.net ([207.91.166.3]) by ns1.ntshop.com (post.office MTA v2.0 0813 ID# 153-13296) with ESMTP id AAA177 for ; Wed, 6 Nov 1996 14:28:14 -0600 From: "Mark Joseph Edwards" To: Subject: NT Question Date: Wed, 6 Nov 1996 14:22:29 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Message-ID: <19961106202814483.AAA177@beast.ntshop.net> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Anyone know of any good NT security sites on the net besides SomarSoft ? Mark Joseph Edwards email: mark@ntshop.net netmeeting: phone.ntshop.net From firewalls-owner Wed Nov 6 12:54:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA25869 for firewalls-outgoing; Wed, 6 Nov 1996 12:36:06 -0800 (PST) Received: from scruz.net (nic.scruz.net [165.227.1.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA25858 for ; Wed, 6 Nov 1996 12:35:54 -0800 (PST) Received: from adaq.adaq.com by scruz.net (8.7.3/1.34) id MAA27808; Wed, 6 Nov 1996 12:35:17 -0800 (PST) Received: from engg2 by adaq.adaq.com id aa01965; 6 Nov 96 12:20 PST Received: from engg3.mobinfo.com by engg2.adaq.com (4.1/SMI-4.1) id AA11425; Wed, 6 Nov 96 12:35:58 PST Received: from engg3 by engg3.mobinfo.com (SMI-8.6/SMI-SVR4) id MAA18829; Wed, 6 Nov 1996 12:36:30 -0800 Message-Id: <3280F6CD.6463@engg2.mobinfo.com> Date: Wed, 06 Nov 1996 12:36:29 -0800 From: Friedrich Fahnert Organization: Mobile Information Systems Inc. X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) Mime-Version: 1.0 To: Chris Garrigues Cc: teck@mimos.my, firewalls@greatcircle.com, cwg@deepeddy.deepeddy.com Subject: Re: Secure email package References: <199611061806.MAA27392@deepeddy.DeepEddy.Com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A good option here are vm-mail, and mailcrypt, which when used with emacs provide a really convinient way of using PGP with email. -- \-------------------------------\ \ \ __ \ F Fahnert \ | \ > -------------------- >------| \ ______ / / --- \_____/**|_|_\____ | /fritz@mobinfo.com / \_______ --------- __>-} /-------------------------------/ / \_____|_____/ | * | {O} From firewalls-owner Wed Nov 6 13:05:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA26183 for firewalls-outgoing; Wed, 6 Nov 1996 12:40:06 -0800 (PST) Received: from lab58_12.ims.advantis.com (pony-express.ims.advantis.com [192.231.11.167]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id MAA26156 for ; Wed, 6 Nov 1996 12:39:44 -0800 (PST) Received: (from hfarkas@localhost) by lab58_12.ims.advantis.com (8.6.9/95.10.11) id PAA21710; Wed, 6 Nov 1996 15:38:25 -0500 Received: from d5664655.ims.advantis.com(164.120.51.69) by lab58_12.ims.advantis.com via smap (V1.3) id sma021708; Wed Nov 6 15:38:16 1996 Received: by gandalf.ims.advantis.com (AIX 3.2/UCB 5.64/950921) id AA26935; Wed, 6 Nov 1996 15:46:19 -0500 Date: Wed, 6 Nov 1996 15:46:19 -0500 (EST) From: "Henry W. Farkas" To: Bernd Eckenfels Cc: Chris Garrigues , teck@mimos.MY, firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com Subject: Re: Secure email package In-Reply-To: Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Bernd Eckenfels wrote: > ... there is a sendail with PGP Support, > and there is good PGP support build into Elm 2.4 PL25 for Unix. There's also BAP, Bryce's Auto PGP, which integrates nicely with both pine and elm, and it consists of two scripts; the code can be reviewed for weaknesses. =========================================================================== "We must all turn our backs upon the horrors of the past. We must look to the future. We cannot afford to drag forward, across the years that are to come, the hatreds and revenges which have sprung from the injuries of the past." - Winston Churchill - http://newstand.ims.advantis.com/henry PGP fingerprint AA D0 F5 44 C1 8C 11 52 - B3 80 34 1C CE 38 EC 53 From firewalls-owner Wed Nov 6 14:03:29 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA00581 for firewalls-outgoing; Wed, 6 Nov 1996 13:50:03 -0800 (PST) Received: from relay2.smtp.psi.net (relay2.smtp.psi.net [38.8.188.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id NAA00574 for ; Wed, 6 Nov 1996 13:49:48 -0800 (PST) From: Darren.Hamilton@merisel.com Received: from inet.merisel.com by relay2.smtp.psi.net (8.6.12/SMI-5.4-PSI) id QAA09779; Wed, 6 Nov 1996 16:49:48 -0500 Received: from ccMail by inet.merisel.com (IMA Internet Exchange 2.02 Enterprise) id 281073E1; Wed, 6 Nov 96 13:46:38 -0800 Mime-Version: 1.0 Date: Wed, 6 Nov 1996 16:41:23 -0800 Message-ID: <281073E1.1413@merisel.com> Subject: Firewall for NT on Alpha To: firewalls@GREATCIRCLE.COM Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk = To All, I'm trying to source an NT firewall for the = Digital Alpha platform. Suggestions? Much appreciated, =B6dj = From firewalls-owner Wed Nov 6 14:19:44 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA01644 for firewalls-outgoing; Wed, 6 Nov 1996 14:09:25 -0800 (PST) Received: from citecuh.citec.qld.gov.au (citecuh.citec.qld.gov.au [203.5.10.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA01626 for ; Wed, 6 Nov 1996 14:09:12 -0800 (PST) Received: (from mail@localhost) by citecuh.citec.qld.gov.au (8.7.6/8.7.3) id IAA15728; Thu, 7 Nov 1996 08:09:10 +1000 (EST) Received: from guru.citec.qld.gov.au(147.132.20.47) by citecuh.citec.qld.gov.au via smap (V1.3) id /mail/incoming/sma015714; Thu Nov 7 08:08:40 1996 Received: (from sgcccdc@localhost) by guru.citec.qld.gov.au (8.6.12/8.6.12) id IAA01483; Thu, 7 Nov 1996 08:09:41 +1000 From: Colin Campbell Message-Id: <199611062209.IAA01483@guru.citec.qld.gov.au> Subject: Re: Firewall selection! To: jkoum@leland.Stanford.EDU (Jan Koum) Date: Thu, 7 Nov 1996 08:09:41 +1000 (EST) Cc: firewalls@greatcircle.com In-Reply-To: from "Jan Koum" at Nov 5, 96 11:25:44 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My mailer thinks Jan Koum said: > > On Wed, 6 Nov 1996, Colin Campbell wrote: > [my garbage deleted] > > > > Colin > > > Following your analogy: > > I don't trust any one with keys to my house. Even those who built > it. I better build one on my own and know all "ins and outs" in case of > fire or other natural disasters. Also, what if it rains and roof leaks and > people from TIS are not around? You better know where to look for that > leak, or else it will be a lot of water... ;-) > Take your pick. It all depends whether you are a master craftsman who has studied building practices or someone who doesn't know a left-handed claw hammer from a right-handed one. Besides, the people from TIS don't have the keys to your house, you do. Since you insist on "building your own", have you written a firewall package or are you using another, one that perhaps someone else has the keys to? Taking my pick and my shovel and both my hammers :-) Colin From firewalls-owner Wed Nov 6 14:33:00 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA02231 for firewalls-outgoing; Wed, 6 Nov 1996 14:24:17 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA02213 for ; Wed, 6 Nov 1996 14:24:02 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.7.3/8.6.5) with SMTP id RAA24592 for ; Wed, 6 Nov 1996 17:24:02 -0500 (EST) Message-Id: <199611062224.RAA24592@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@greatcircle.com Date: Wed, 6 Nov 1996 17:23:51 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: NCSA Certified firewall toolkit X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Does anyone know if TIS firewall Toolkit has NCSA certification. The >vendors claim it mother/sister product Gauntlet has which is okay, but >does the Toolkit No, because nobody'd bother to pay the NCSA membership fees and testing fees that are necessary for the "certification." NCSA "certification" is a product marketing device, not a technical milestone. As far as I am concerned the main significant conclusion one can draw from the fact that a firewall was NCSA certified is that the vendor gave NCSA a lot of money. Any firewall vendors that want to pay me $15,000, I'll certify your firewall too. :-P Heck, I'll do it for only $10,000. See http://www.clark.net/pub/mjr/pubs/fwtest/index.htm for details. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From firewalls-owner Wed Nov 6 14:43:23 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA00572 for firewalls-outgoing; Wed, 6 Nov 1996 13:49:40 -0800 (PST) Received: from mm1 (mm1.sprynet.com [165.121.1.50]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id NAA00545 for ; Wed, 6 Nov 1996 13:49:12 -0800 (PST) Received: from stoico ([204.146.159.62]) by mm1.sprynet.com with SMTP id <148102-26069>; Wed, 6 Nov 1996 13:42:12 -0800 Message-Id: <3.0.32.19961106164311.00932390@hqmail.metlife.com> X-Sender: mstoico%hqmail.metlife.com@hqmail.metlife.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 06 Nov 1996 16:43:13 -0500 To: firewalls@Greatcircle.com From: Mike Stoico Subject: smap for NT? Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Is there a version of smap (or similiar product) that will run on NT? ========================================================================= Mike Stoico, I/S Security Consultant * Phone: (518)285-2567 MetLife * Fax: (518)285-2542 500 Jordan Rd * E-Mail: mstoico@metlife.com Troy, NY 12180 * URL: www.metlife.com ========================================================================= The opinions expressed here are my own and may not be those of my employer. ========================================================================= From firewalls-owner Wed Nov 6 14:47:55 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA02382 for firewalls-outgoing; Wed, 6 Nov 1996 14:28:39 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA02374 for ; Wed, 6 Nov 1996 14:28:25 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.7.3/8.6.5) with SMTP id RAA25944 for ; Wed, 6 Nov 1996 17:28:23 -0500 (EST) Message-Id: <199611062228.RAA25944@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@greatcircle.com Date: Wed, 6 Nov 1996 17:28:11 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: NCSA certification for FWTK X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Frederick M Avolio writes: >The FWTK is not a commercial product. We do not intend to submit it >for certification. It, alone, would not pass certification anyway. >Kernel mods, etc. are needed to make it a complete firewall. Oh, bull. The toolkit could pass NCSA certification with flying colors. The hardest part about passing the certification is coughing up the money for the NCSA membership and the testing. Do most vendors that are certified pay for the certification from thier marketing budget or from their R&D budget, enquiring minds want to know. My cat could build a firewall that would pass NCSA certification. He's too busy looking cute right now, though. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From firewalls-owner Wed Nov 6 15:00:40 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA00804 for firewalls-outgoing; Wed, 6 Nov 1996 13:55:04 -0800 (PST) Received: from gatekeeper.strydr.com (gatekeeper.strydr.com [199.217.201.253]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id NAA00796 for ; Wed, 6 Nov 1996 13:54:54 -0800 (PST) Received: (from root@localhost) by gatekeeper.strydr.com (8.8.2/8.8.2) id PAA01292 for ; Wed, 6 Nov 1996 15:54:52 -0600 (CST) Received: from gollum.strydr.com(198.134.134.2) by gatekeeper.strydr.com via smap (V1.3) id sma001290; Wed Nov 6 15:54:33 1996 Received: (from ds3721@localhost) by gollum.strydr.com (8.8.2/8.8.2) id VAA06450 for firewalls@greatcircle.com; Wed, 6 Nov 1996 21:54:58 GMT From: Dave Schnardthorst Message-Id: <199611062154.VAA06450@gollum.strydr.com> Subject: NT Data Replication Problems To: firewalls@greatcircle.com Date: Wed, 6 Nov 1996 15:54:57 -0600 (CST) X-Mailer: ELM [version 2.4 PL23] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I need some assistance in doing NT Data Replication through a firewall. I have been told that Port 507 must be opened. I have also been told that this port requires TCP/IP only. I have setup a Plug-GW on this port to go between the two machines. We are running Firewall Toolkit. I have not been successful in getting this to work. The machines are acting like the do not see each other Any help would be greatly appreciated. -- ============================================================================ David Schnardthorst, Systems/Network Eng. * Phone: (314)838-6839 Stryder Communications, Inc. * Fax: (314)838-8527 869 St. Francois * E-Mail: ds3721@strydr.com Florissant, MO 63031 * URL: http://www.strydr.com ============================================================================ From firewalls-owner Wed Nov 6 15:20:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA03913 for firewalls-outgoing; Wed, 6 Nov 1996 14:57:17 -0800 (PST) Received: from reflections.mindspring.com (reflections.mindspring.com [204.180.142.192]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA03892 for ; Wed, 6 Nov 1996 14:57:02 -0800 (PST) Received: (from lists@localhost) by reflections.mindspring.com (8.7.1/8.7.1) id RAA08331; Wed, 6 Nov 1996 17:57:29 -0500 Date: Wed, 6 Nov 1996 17:57:29 -0500 (EST) From: Todd Graham Lewis To: Darren.Hamilton@merisel.com cc: firewalls@GreatCircle.COM Subject: Re: Firewall for NT on Alpha In-Reply-To: <281073E1.1413@merisel.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996 Darren.Hamilton@merisel.com wrote: > I'm trying to source an NT firewall for the > Digital Alpha platform. Suggestions? Run Linux on it. There are many fine firewall products for NT out there. I'm sure if you called some vendors, they would have some options for you. __ Todd Graham Lewis Linux! Core Engineering Mindspring Enterprises tlewis@mindspring.com (800) 719 4664, x2804 From firewalls-owner Wed Nov 6 15:34:07 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA03686 for firewalls-outgoing; Wed, 6 Nov 1996 14:53:23 -0800 (PST) Received: from iron.octet.com (iron.octet.com [204.141.97.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA03679 for ; Wed, 6 Nov 1996 14:53:10 -0800 (PST) Received: from localhost (runnerfx@localhost) by iron.octet.com (8.7.5/8.7.3) with SMTP id RAA24644; Wed, 6 Nov 1996 17:51:45 -0500 (EST) Date: Wed, 6 Nov 1996 17:51:45 -0500 (EST) From: Wearen Life To: Andy Howard cc: firewalls@GreatCircle.COM Subject: Re: Removal from the list In-Reply-To: <3280AF6C.59E2B600@erenj.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have tried the below method and it has not worked! On Wed, 6 Nov 1996, Andy Howard wrote: > > Bryan D. Boyle wrote: > > > > Tom Budar wrote: > > > > > > What is the email address and command string to drop off of this list? > > > Thanks. > > > Tom Budar > > > > mail a message to majordomo@greatcircle.com > > in the mail message, enter the phrase: > > > > unsubscribe firewalls > > > > and you will be history. > > > > Andy commented: > > Dontcha wonder why people don't keep the notification when first signing > up for the list that describes how to unsubscribe? (^8 > > - > Andy Howard 713-656-4396 > achowar@erenj.com > "Think hard! Think Fast! Think Often! But Think!" > The contents of this note are my opinion and should > be treated only as that. > From firewalls-owner Wed Nov 6 15:48:08 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id OAA01795 for firewalls-outgoing; Wed, 6 Nov 1996 14:13:03 -0800 (PST) Received: from baldy.worldbit.com (baldy.worldbit.com [199.4.115.35]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id OAA01788 for ; Wed, 6 Nov 1996 14:12:53 -0800 (PST) Received: from localhost (blast@localhost) by baldy.worldbit.com (8.7.5/8.7.3) with SMTP id OAA09545; Wed, 6 Nov 1996 14:11:21 -0800 (PST) Date: Wed, 6 Nov 1996 14:11:21 -0800 (PST) From: Blast To: admin@unicc.org cc: firewalls@GreatCircle.COM Subject: Re: POP3 proxy In-Reply-To: <9611061928.AA28418@gh-old.unicc.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996 admin@unicc.org wrote: > Does anybody know about a POP3 proxy? What is especially interesting for me is > to allow the outgoing POP traffic so that our users can check their mail on > remote POP servers, outside our firewall. I know I can do it with a generic > gateway, but it only allows many to one, i.e. many clients to one server. I'd > like to implement many to many. The packet filtering is something I'd like to > avoid as I'd have to open all the ports > 1023 for incoming (server's) traffic with ack bit set. We have one that works like the -gw apps in the Firewall Toolkit. We will be releasing a beta in a few days. I will post the URL as soon as it is up for grabs. It is called pop-gw and the author is my partner in crime Jeremy Cooper. --blast +--------------------------------------------------------------------+ \ Tim Keanini | "The limits of my language, / / aka blast | are the limits of my world." \ \ | --Ludwig Wittgenstein / \ +================================================/ |Key fingerprint = 7B 68 88 41 A8 74 AB EC F0 37 98 4C 37 F7 40 D6 | / PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.html \ \ / +--------------------------------------------------------------------+ From firewalls-owner Wed Nov 6 16:03:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA07464 for firewalls-outgoing; Wed, 6 Nov 1996 15:52:06 -0800 (PST) Received: from post.abacus.at (post.abacus.at [193.203.32.32]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id PAA07421 for ; Wed, 6 Nov 1996 15:51:43 -0800 (PST) Received: from a-004.abacus.at by post.abacus.at (NTMail 3.02.07) with ESMTP id va007093 for ; Thu, 7 Nov 1996 00:51:29 +0100 Received: by a-004.abacus.at with Microsoft Mail id <01BBCC45.C658AAD0@a-004.abacus.at>; Thu, 7 Nov 1996 00:51:13 +0100 Message-ID: <01BBCC45.C658AAD0@a-004.abacus.at> From: Markus Peter SCHAUFLER To: "firewalls@greatcircle.com" Subject: Site Security Policy Date: Thu, 7 Nov 1996 00:50:27 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk To everyone I am student at Derby, doing my final year project on Security in Networks. After studying the DoD Site Security Handbook I want now compare this theoretical approach with the work done out in the field. If someone is able to give me a Security Policy Handbook (can be out of date), I would be very glad and it would bring me a big step near my plan for this year. Thanks Markus Schaufler SMTP: van-mark@abacus.at From firewalls-owner Wed Nov 6 16:33:12 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id PAA07302 for firewalls-outgoing; Wed, 6 Nov 1996 15:49:40 -0800 (PST) Received: from mimos.my (mimos.my [192.228.128.18]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id PAA07235 for ; Wed, 6 Nov 1996 15:49:15 -0800 (PST) Received: from ms.mimos.my (ms.mimos.my [192.228.129.33]) by mimos.my (8.6.12/8.6.12) with SMTP id HAA07953; Thu, 7 Nov 1996 07:48:58 +0800 Received: from teck.mimos.my by ms.mimos.my (5.64/7.0) id AA18543; Thu, 7 Nov 96 07:48:57 +0800 Message-Id: <9611062348.AA18543@ms.mimos.my> Comments: Authenticated sender is From: "Lee Hooi Teck" Organization: MIMOS To: lists@lina.inka.de (Bernd Eckenfels) Date: Thu, 7 Nov 1996 07:52:54 +8000 Subject: Re: Secure email package Reply-To: teck@mimos.MY Cc: firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com X-Mailer: Pegasus Mail for Windows (v2.23) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > > I'm looking for MUA that has either pgp or PEM build in. Can anyone > > > or any party who have developed or known any of these software > > > packages, pls email to me. > > Which OS you are talking about? Anyway, there is a sendail with PGP Support, > and there is good PGP support build into Elm 2.4 PL25 for Unix. > > Greetings > Bernd > I'm looking for both UNIX and Window version. To my observation, only computer science people and some of the engineers use UNIX platform but most of the people especially the administrative staffs use WIndow platform such as window 3.11, window 95. So my requirement is to gather existing products that can provide secure messages among people using different OS. cheers, teck From firewalls-owner Wed Nov 6 17:06:31 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id QAA17745 for firewalls-outgoing; Wed, 6 Nov 1996 16:44:00 -0800 (PST) Received: from ns1.ntshop.com ([207.91.166.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id QAA17240 for ; Wed, 6 Nov 1996 16:42:45 -0800 (PST) Received: from beast.ntshop.net ([207.91.166.3]) by ns1.ntshop.com (post.office MTA v2.0 0813 ID# 153-13296) with ESMTP id AAA162 for ; Wed, 6 Nov 1996 18:48:29 -0600 From: "Mark Joseph Edwards" To: Subject: Re: Firewall for NT on Alpha Date: Wed, 6 Nov 1996 18:42:40 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=Default Content-Transfer-Encoding: 7bit Message-ID: <19961107004828855.AAA162@beast.ntshop.net> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Darren - Three suggestions: Microsoft Proxy Server (catapult), Digital's New Firewall, and Raptor Eagle -- you may also want to look at Ascend routers. check these sites out: www.microsoft.com/backoffice www.altavista.digital.com www.raptor.com Keep in mind that securing your network isn't done with "a product" alone. It's done with a process of diligence and perserverence -- securing a network never ends. Better security implementations consist of several products working together -- such as a proxy and a packet filtering router, for example. Also keep in mind that most network intrusions happen to networks that were already "secure" and simply weren't monitored closely enough. Mark Joseph Edwards Netropolis Technology Group - NTg email: mark@ntshop.net netmeeting: phone.ntshop.net http://www.ntshop.net ---------- From: Todd Graham Lewis To: Darren.Hamilton@merisel.com Cc: firewalls@GreatCircle.COM Subject: Re: Firewall for NT on Alpha Date: Wednesday, November 06, 1996 4:57 PM On Wed, 6 Nov 1996 Darren.Hamilton@merisel.com wrote: > I'm trying to source an NT firewall for the > Digital Alpha platform. Suggestions? Run Linux on it. There are many fine firewall products for NT out there. I'm sure if you called some vendors, they would have some options for you. __ Todd Graham Lewis Linux! Core Engineering Mindspring Enterprises tlewis@mindspring.com (800) 719 4664, x2804 From firewalls-owner Wed Nov 6 17:17:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA20300 for firewalls-outgoing; Wed, 6 Nov 1996 17:06:02 -0800 (PST) Received: from surfwall.surfsoft.com (surfwall.surfsoft.com [165.227.30.250]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id RAA20293 for ; Wed, 6 Nov 1996 17:05:49 -0800 (PST) Received: by surfwall.surfsoft.com; id RAA00709; Wed, 6 Nov 1996 17:11:11 -0800 Received: from surfdog-nts.surfsoft.com(165.227.30.3) by surfwall.surfsoft.com via smap (V3.1.1) id xma000705; Wed, 6 Nov 96 17:10:42 -0800 Received: from surfsup by surfdog-nts (5.x/SMI-SVR4) id AA19695; Wed, 6 Nov 1996 17:05:28 -0800 Date: Wed, 6 Nov 1996 17:05:33 -0800 (PST) From: Kevin Lynn X-Sender: klynn@surfsup To: Firewalls@GreatCircle.COM Subject: Appletalk In-Reply-To: <199611062251.OAA03630@miles.greatcircle.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hopefully this is a simple question. Does anyone here know anything about running Appletalk through a TIS gauntlet firewall? Kevin From firewalls-owner Wed Nov 6 17:33:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id RAA20989 for firewalls-outgoing; Wed, 6 Nov 1996 17:21:06 -0800 (PST) Received: from lucinda.digigami.com (lucinda.digigami.com [199.106.62.125]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id RAA20938 for ; Wed, 6 Nov 1996 17:20:46 -0800 (PST) Received: from route66 (otterley@route66.digigami.com [199.106.62.6]) by lucinda.digigami.com (8.8.2/8.7.3) with SMTP id RAA21372; Wed, 6 Nov 1996 17:20:39 -0800 (PST) Message-Id: <3.0b34.32.19961106172038.009cb590@popmail> X-Sender: otterley@popmail X-Mailer: Windows Eudora Pro Version 3.0b34 (32) Date: Wed, 06 Nov 1996 17:20:39 -0800 To: admin@unicc.org, firewalls@GreatCircle.COM From: "Michael S. Fischer" Subject: Re: POP3 proxy Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 08:28 PM 11/6/96 +0100, admin@unicc.org wrote: >Does anybody know about a POP3 proxy? What is especially interesting for me is >to allow the outgoing POP traffic so that our users can check their mail on >remote POP servers, outside our firewall. I know I can do it with a generic >gateway, but it only allows many to one, i.e. many clients to one server. I'd >like to implement many to many. The packet filtering is something I'd like to >avoid as I'd have to open all the ports > 1023 for incoming (server's) traffic with ack bit set. I'm using plug-gw (part of the TIS FWTK) to do this. Just plug port 110 on your firewall to the address and port you have your POP server configured on. From firewalls-owner Wed Nov 6 18:17:58 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id SAA24130 for firewalls-outgoing; Wed, 6 Nov 1996 18:11:21 -0800 (PST) Received: from qs.secapl.com (QS.secapl.com [192.131.69.9]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id SAA24107 for ; Wed, 6 Nov 1996 18:10:55 -0800 (PST) Received: from Cookie.secapl.com (Cookie.secapl.com [192.108.247.19]) by qs.secapl.com (8.6.12/8.6.12) with SMTP id TAA53118; Wed, 6 Nov 1996 19:57:01 -0600 Received: from Fozzie.secapl.com by Cookie.secapl.com (AIX 3.2/UCB 5.64/4.03) id AA93398; Wed, 6 Nov 1996 20:10:18 -0600 Received: from localhost by fozzie.secapl.com (AIX 4.1/UCB 5.64/4.03) id AA71770; Wed, 6 Nov 1996 21:09:18 -0500 Date: Wed, 6 Nov 1996 21:09:15 -0500 (EST) From: Tony Iannotti To: "Michael S. Fischer" Cc: admin@unicc.org, firewalls@GreatCircle.COM Subject: Re: POP3 proxy In-Reply-To: <3.0b34.32.19961106172038.009cb590@popmail> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Michael S. Fischer wrote: > > but it only allows many to one, i.e. many clients to one server. I'd > > like to implement many to many. The packet filtering is something I'd > > I'm using plug-gw (part of the TIS FWTK) to do this. Just plug port 110 > on your firewall to the address and port you have your POP server ... on I think they are looking for something that will pass the POP request on to another arbitrary server, not one that they have set up themselves. From firewalls-owner Wed Nov 6 18:35:21 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id SAA23969 for firewalls-outgoing; Wed, 6 Nov 1996 18:08:23 -0800 (PST) Received: from qs.secapl.com (QS.secapl.com [192.131.69.9]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id SAA23962 for ; Wed, 6 Nov 1996 18:08:13 -0800 (PST) Received: from Cookie.secapl.com (Cookie.secapl.com [192.108.247.19]) by qs.secapl.com (8.6.12/8.6.12) with SMTP id TAA142258; Wed, 6 Nov 1996 19:53:28 -0600 Received: from Fozzie.secapl.com by Cookie.secapl.com (AIX 3.2/UCB 5.64/4.03) id AA93310; Wed, 6 Nov 1996 20:06:45 -0600 Received: from localhost by fozzie.secapl.com (AIX 4.1/UCB 5.64/4.03) id AA71752; Wed, 6 Nov 1996 21:05:45 -0500 Date: Wed, 6 Nov 1996 21:05:40 -0500 (EST) From: Tony Iannotti To: Lee Hooi Teck Cc: Bernd Eckenfels , firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com Subject: Re: Secure email package In-Reply-To: <9611062348.AA18543@ms.mimos.my> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- On Thu, 7 Nov 1996, Lee Hooi Teck wrote: > I'm looking for both UNIX and Window version. To my observation, only > computer science people and some of the engineers use UNIX platform > but most of the people especially the administrative staffs use > WIndow platform such as window 3.11, window 95. > > So my requirement is to gather existing products that can provide > secure messages among people using different OS. Not sure this is firewalls, but for those two platforms you might check out pine. No Mac version, but with the UNIX version you can configure it with filters or shell scripts, and there are half a dozen or more pgp integrators for the DOS/Windows lifestyle. Windows pine is faux, though. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMoFD4KPu8jBP0vEJAQE5BAP/eYABAtVq07q20dgWRinMeODwZVpQ9bq6 kjMAGH0kHMgCV//8X+ZEiGuCR0MZi2O4xL4pmpGrZ7M0uL0eZUNPn1UNeofETtU1 V9zE555Ql7ndg0zJhTLrT7p7ylmb2EXzLFzHiTVccTyrVNeiUFWKBLMeElZlOu9J igQN1871ZjI= =cm46 -----END PGP SIGNATURE----- _________________________________________________________________________ Tony Iannotti "Sed quis custodiet ipsos custodes?" Security APL tony@secapl.com -Juvenal 101 Hudson Street 201/332-2020 Jersey City, NJ 07302 From firewalls-owner Wed Nov 6 19:04:13 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id SAA26063 for firewalls-outgoing; Wed, 6 Nov 1996 18:59:04 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id SAA26056 for ; Wed, 6 Nov 1996 18:58:53 -0800 (PST) Received: (adam@localhost) by homeport.org (8.6.9/8.6.9) id VAA09287; Wed, 6 Nov 1996 21:54:43 -0500 From: Adam Shostack Message-Id: <199611070254.VAA09287@homeport.org> Subject: Re: POP3 proxy To: tony@fozzie.secapl.com (Tony Iannotti) Date: Wed, 6 Nov 1996 21:54:43 -0500 (EST) Cc: otterley@digigami.com, admin@unicc.org, firewalls@GreatCircle.COM In-Reply-To: from "Tony Iannotti" at Nov 6, 96 09:09:15 pm X-Mailer: ELM [version 2.4 PL24 ME8b] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Tony Iannotti wrote: | On Wed, 6 Nov 1996, Michael S. Fischer wrote: | | > > but it only allows many to one, i.e. many clients to one server. I'd | > > like to implement many to many. The packet filtering is something I'd | > | > I'm using plug-gw (part of the TIS FWTK) to do this. Just plug port 110 | > on your firewall to the address and port you have your POP server ... on | | I think they are looking for something that will pass the POP request | on to another arbitrary server, not one that they have set up themselves. A pop proxy should also do a better job of managing brute force attacks than plug can. Also consider requiring apop or kerberos authentication to the proxy, and then translate that into a uname/password combination if thats all your internal machine requires/supports. Encrypting & authenticating this link is a very good idea, on top of apop. Kerberized mail, if I remember correctly, will be encrypted on the wire. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From firewalls-owner Wed Nov 6 19:19:46 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA26379 for firewalls-outgoing; Wed, 6 Nov 1996 19:06:26 -0800 (PST) Received: from qs.secapl.com (QS.secapl.com [192.131.69.9]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id TAA26372 for ; Wed, 6 Nov 1996 19:06:13 -0800 (PST) Received: from Cookie.secapl.com (Cookie.secapl.com [192.108.247.19]) by qs.secapl.com (8.6.12/8.6.12) with SMTP id UAA40822; Wed, 6 Nov 1996 20:51:51 -0600 Received: from Fozzie.secapl.com by Cookie.secapl.com (AIX 3.2/UCB 5.64/4.03) id AA139339; Wed, 6 Nov 1996 21:05:08 -0600 Received: from localhost by fozzie.secapl.com (AIX 4.1/UCB 5.64/4.03) id AA99098; Wed, 6 Nov 1996 22:04:08 -0500 Date: Wed, 6 Nov 1996 22:04:05 -0500 (EST) From: Tony Iannotti To: Adam Shostack Cc: otterley@digigami.com, admin@unicc.org, firewalls@GreatCircle.COM Subject: Re: POP3 proxy In-Reply-To: <199611070254.VAA09287@homeport.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Adam Shostack wrote: > A pop proxy should also do a better job of managing brute > force attacks than plug can. I had not thought of incoming POP yet, but of course the other end would also want such protection. I have some POP servers on the inside that I cannot touch while on the net, would be nice to be able to get to them from anywhere. > Also consider requiring apop or kerberos authentication to the > proxy, and then translate that into a uname/password combination if > thats all your internal machine requires/supports. I think the newest qpop does apop, and IMHO should be required. > Encrypting & authenticating this link is a very good idea, on > top of apop. Kerberized mail, if I remember correctly, will be > encrypted on the wire. I thought kerberos only did authentication, not session encryption? From firewalls-owner Wed Nov 6 19:34:28 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA26187 for firewalls-outgoing; Wed, 6 Nov 1996 19:01:21 -0800 (PST) Received: from clothes.peg.apc.org (www.peg.apc.org [192.131.13.10]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id TAA26179 for ; Wed, 6 Nov 1996 19:01:07 -0800 (PST) Received: from tetsuo.peg.apc.org (tetsuo.peg.apc.org [203.22.137.165]) by clothes.peg.apc.org (8.7.5/8.7.3) with SMTP id MAA20938; Thu, 7 Nov 1996 12:59:34 +1000 (EST) Message-Id: <199611070259.MAA20938@clothes.peg.apc.org> X-Sender: adamb@pop.peg.apc.org X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 07 Nov 1996 12:59:11 +1000 To: teck@mimos.MY, lists@lina.inka.de (Bernd Eckenfels) From: Adam Burns Subject: Re: Secure email package Cc: firewalls@GreatCircle.COM, cwg@deepeddy.DeepEddy.Com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Not strictly firewalls, but I hope most find some interest in this: At 07:52 AM 11/7/96 +8000, Lee Hooi Teck wrote: >> >> Which OS you are talking about? Anyway, there is a sendail with PGP Support, >> and there is good PGP support build into Elm 2.4 PL25 for Unix. >> >> Greetings >> Bernd >> >I'm looking for both UNIX and Window version. To my observation, only >computer science people and some of the engineers use UNIX platform >but most of the people especially the administrative staffs use >WIndow platform such as window 3.11, window 95. > >So my requirement is to gather existing products that can provide >secure messages among people using different OS. For the Win95/3.11 enviroment, there are many tools, ranging from EMSAPI modules for mailers that support it (Eudora v3, etc), to "cut and paste" style tools that can be used to encrypt/decrypt PGP encoded messages and check signatures, etc. Note that all of these interfaces do *not* replicate the encryption code in any way but rather just interface between your mail client (or MUA) and your already installed version of PGP. Here are a just a few references for such tools (I'm sure there are many more: PGP "plug ins" for apps: ------------------------ EPPI (Eudora PGP Plug In) http://www.prism.gatech.edu/~gt6525c/eppi/ PgpEudra (PGPshell Eudora) http://www.xs4all.nl/~comerwel/pgpeudra/pgpeudra.html PGP "cut and paste" applications -------------------------------- Private Idaho (PGP & NYM) http://www.eskimo.com/~joelm Mollusc http://www.compulink.co.uk/~net-services/pgp Hope this helps, Adam. -NetStorm----------------------------------[adamb@netstorm.net.au] adam burns central++vortex 21a caxton st. vox: +61 7 32175314 petrie terrace 4000 australia mobile: 0419 645169 ------------------------------------------------------------------ storming the reality network into a state of suspended disbelief From firewalls-owner Wed Nov 6 20:04:08 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA29024 for firewalls-outgoing; Wed, 6 Nov 1996 19:55:13 -0800 (PST) Received: from relay.hp.com (relay.hp.com [15.255.152.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id TAA29017 for ; Wed, 6 Nov 1996 19:55:03 -0800 (PST) Received: from hpwcsdm.mayfield.hp.com by relay.hp.com with ESMTP (1.37.109.16/15.5+ECS 3.3) id AA185018906; Wed, 6 Nov 1996 19:55:06 -0800 Received: from rush.nsr.hp.com by hpwcsdm.mayfield.hp.com with SMTP (1.37.109.16/15.5+ECS 3.4 Openmail) id AA274228905; Wed, 6 Nov 1996 19:55:05 -0800 Date: Wed, 6 Nov 1996 19:53:45 -0800 (PST) From: Kevin Steves To: Frederick M Avolio Cc: Firewalls@GreatCircle.COM Subject: Re: NCSA Certification In-Reply-To: <2.2.32.19961105164528.006f1e8c@pop.trusted.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 5 Nov 1996, Frederick M Avolio wrote: > The FWTK is not a commercial product. We do not intend to submit it for > certification. It, alone, would not pass certification anyway. Kernel mods, > etc. are needed to make it a complete firewall. Can you expand on what kernel mods etc. are required for fwtk to pass? I'm particularly interested in why kernel mods would be required. Also, can someone provide a pointer to the NCSA firewall certification criteria and process? I spent some time browsing their web site a while ago and didn't find the answer. From firewalls-owner Wed Nov 6 20:19:09 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id UAA29643 for firewalls-outgoing; Wed, 6 Nov 1996 20:05:32 -0800 (PST) Received: from challenger.atc.fhda.edu (challenger.atc.fhda.edu [153.18.32.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id UAA29636 for ; Wed, 6 Nov 1996 20:05:19 -0800 (PST) Received: from localhost (manek@localhost) by challenger.atc.fhda.edu (8.8.0/8.7.3) with SMTP id UAA03148; Wed, 6 Nov 1996 20:05:19 -0800 (PST) Date: Wed, 6 Nov 1996 20:05:18 -0800 (PST) From: Sameer R Manek To: "Henry W. Farkas" cc: firewalls@GreatCircle.COM Subject: Re: Secure email package In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Henry W. Farkas wrote: > There's also BAP, Bryce's Auto PGP, which integrates nicely with both > pine and elm, and it consists of two scripts; the code can be reviewed > for weaknesses. > By any chance you wouldn't have the url/ftp site for more info on his scripts? -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Sameer Manek manek@challenger.atc.fhda.edu "A mind once streched by a new idea never regains its original dimentions" -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- From firewalls-owner Wed Nov 6 20:34:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id TAA29102 for firewalls-outgoing; Wed, 6 Nov 1996 19:57:39 -0800 (PST) Received: from lucinda.digigami.com (lucinda.digigami.com [199.106.62.125]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id TAA29093 for ; Wed, 6 Nov 1996 19:57:27 -0800 (PST) Received: from route66 (otterley@route66.digigami.com [199.106.62.6]) by lucinda.digigami.com (8.8.2/8.7.3) with SMTP id TAA25424 for ; Wed, 6 Nov 1996 19:57:30 -0800 (PST) Message-Id: <3.0b34.32.19961106195730.009c6380@popmail> X-Sender: otterley@popmail X-Mailer: Windows Eudora Pro Version 3.0b34 (32) Date: Wed, 06 Nov 1996 19:57:30 -0800 To: firewalls@GreatCircle.COM From: "Michael S. Fischer" Subject: Re: POP3 proxy Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 09:09 PM 11/6/96 -0500, you wrote: >On Wed, 6 Nov 1996, Michael S. Fischer wrote: > >> > but it only allows many to one, i.e. many clients to one server. I'd >> > like to implement many to many. The packet filtering is something I'd >> >> I'm using plug-gw (part of the TIS FWTK) to do this. Just plug port 110 >> on your firewall to the address and port you have your POP server ... on > > I think they are looking for something that will pass the POP request >on to another arbitrary server, not one that they have set up themselves. Why not use a standard Telnet proxy server then? I know of no POP clients that actually have built-in proxy server support; but most have login scripts capability that should work just fine with a standard telnet proxy. ============================================================================== |\ Michael S. Fischer AKA Otterley "Turn on, log on, burn out"-net.goth _O_ | Systems Administrator, Digigami Inc. "We all feel better in the dark" | | mailto:otterley@digigami.com Phone: +1 619 231 2600 x17 | () http://www.digigami.com/~otterley FAX: +1 619 231 2773 | From firewalls-owner Wed Nov 6 20:53:03 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id UAA00583 for firewalls-outgoing; Wed, 6 Nov 1996 20:28:29 -0800 (PST) Received: from s.wipinfo.soft.net (s.wipinfo.soft.net [164.164.6.6]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id UAA00566 for ; Wed, 6 Nov 1996 20:28:05 -0800 (PST) From: srikants@wipinfo.soft.net Received: by s.wipinfo.soft.net (4.1/SMI-4.1) id AA00155; Thu, 7 Nov 96 10:05:59 IST Received: from tagore.wipinfo.soft.net by rolex.rnd.blr (4.1/SMI-4.1) id AA26894; Thu, 7 Nov 96 10:04:34+050 Message-Id: <9611070958.AA23472@tagore.wipinfo.soft.net> Subject: Writing a Socks Server.. To: firewalls@greatcircle.com Date: Thu, 7 Nov 1996 09:58:18 +0530 (IST) Reply-To: srikants@wipinfo.soft.net >From: Srikant Sharma Location: Global R&D, Wipro Infotech, Bangalore, India X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, Can any one provide us with pointers.. for a project which involves Writing a Proxy Server (SOCKS server on Linux). This project is to be done by 5 students within a period of 6 months and basically this is a study project. Any other Firewalls based project ideas are also welcome. -- Srikant ****************************************************************** Srikant S Sharma Srikant Sharma NDF, Hardware Enable Qtr 607-A, 1st floor Global R&D Wipro Infotech 6th Cross , 8th Main 30,Mission Road Bangalore New Thippasandra ph: 2241730 ext. 3413 Bangalore 560075 91-80-2241732 ph: 5280849 (res) email : srikants@wipinfo.soft.net ****************************************************************** From firewalls-owner Wed Nov 6 21:06:04 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id UAA01917 for firewalls-outgoing; Wed, 6 Nov 1996 20:58:09 -0800 (PST) Received: from ashanti.webmaster.net (ashanti.webmaster.net [205.160.174.210]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id UAA01909 for ; Wed, 6 Nov 1996 20:57:57 -0800 (PST) Received: (from jason@localhost) by ashanti.webmaster.net (8.8.2/8.8.2) id XAA19778; Wed, 6 Nov 1996 23:57:22 -0500 (EST) To: firewalls@greatcircle.com Subject: Re: Oracle Firewall strategy white paper References: <9611061025.AA23221@rs3.wmd.de> From: jason@mastaler.com (Jason R. Mastaler) Date: 06 Nov 1996 23:57:22 -0500 In-Reply-To: pauck@rs3.wmd.de's message of Wed, 6 Nov 1996 11:25:19 +0100 (MEZ) Message-ID: Lines: 11 X-Mailer: Red Gnus v0.53/XEmacs 19.14 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk pauck@rs3.wmd.de (Marco Pauck) writes: > Once upon a time, Oracle had their white papers on their web server and > the requested URL was > > http://www.oracle.com/odp/public/library/cr/pdf/22428.pdf Just substitute tiburon.us for www http://tiburon.us.oracle.com/odp/public/library/cr/pdf/22428.pdf From firewalls-owner Wed Nov 6 21:35:44 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id VAA04307 for firewalls-outgoing; Wed, 6 Nov 1996 21:28:07 -0800 (PST) Received: from xyzzy.plugh.edmonton.ab.ca (xyzzy.plugh.edmonton.ab.ca [198.161.22.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id VAA04298 for ; Wed, 6 Nov 1996 21:27:55 -0800 (PST) Received: (from uucp@localhost) by xyzzy.plugh.edmonton.ab.ca (8.6.12/8.6.9) id WAA16725; Wed, 6 Nov 1996 22:27:38 -0700 Received: from beckio.precise.ab.ca(192.168.30.61), claiming to be "snouts.obtuse.com" via SMTP by mailhost.plugh.edmonton.ab.ca, id smtpd16723aaa; Wed Nov 6 22:27:36 1996 Received: (from uucp@localhost) by snouts.obtuse.com (8.7.5/8.7.3) id WAA26134; Wed, 6 Nov 1996 22:27:45 -0700 From: Bob Beck Received: from UNKNOWN(192.168.20.5), claiming to be "chocolate.obtuse.com" via SMTP by snouts.obtuse.com, id smtpd26132aaa; Wed Nov 6 22:27:37 1996 Received: (from beck@localhost) by chocolate.obtuse.com (8.7.5/8.7.3) id XAA01173; Wed, 6 Nov 1996 23:18:51 -0700 Message-Id: <199611070618.XAA01173@chocolate.obtuse.com> Subject: Re: POP3 proxy To: tony@fozzie.secapl.com (Tony Iannotti) Date: Wed, 6 Nov 1996 23:18:50 -0700 (MST) Cc: otterley@digigami.com, admin@unicc.org, firewalls@GreatCircle.COM In-Reply-To: from "Tony Iannotti" at Nov 6, 96 09:09:15 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > On Wed, 6 Nov 1996, Michael S. Fischer wrote: > > > > but it only allows many to one, i.e. many clients to one server. I'd > > > like to implement many to many. The packet filtering is something I'd > > > > I'm using plug-gw (part of the TIS FWTK) to do this. Just plug port 110 > > on your firewall to the address and port you have your POP server ... on > > I think they are looking for something that will pass the POP request > on to another arbitrary server, not one that they have set up themselves. > > If you want pop out to arbitrary servers using a proxy, you'll have to either have a transparent proxy (lots of them around), or a modified "proxy aware" pop client that will talk to a nontransparent proxy server (I know of no such beast). Failing that, you'll have to resort to packet passing of some way, shape, or flavour, routing/NATing and allowing outgoing connections to port 110. For a transparent proxy, If you're not concerned about watching the data stream on your outgoing requests to remote clients (and for outgoing it's probably not a big deal), any generic transparent TCP proxy will do. Our Juniper Firewall Toolkit (http://www.obtuse.com/juniper) will do this, as will most of the other major firewalls that are proxy based. -Bob From firewalls-owner Wed Nov 6 22:04:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id VAA05098 for firewalls-outgoing; Wed, 6 Nov 1996 21:51:50 -0800 (PST) Received: from ashanti.webmaster.net (ashanti.webmaster.net [205.160.174.210]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id VAA05078 for ; Wed, 6 Nov 1996 21:51:34 -0800 (PST) Received: (from jason@localhost) by ashanti.webmaster.net (8.8.2/8.8.2) id AAA20193; Thu, 7 Nov 1996 00:51:20 -0500 (EST) To: Kevin Lynn cc: firewalls@greatcircle.com Subject: Re: Appletalk References: From: jason@mastaler.com (Jason R. Mastaler) Date: 07 Nov 1996 00:51:19 -0500 In-Reply-To: Kevin Lynn's message of Wed, 6 Nov 1996 17:05:33 -0800 (PST) Message-ID: Lines: 23 X-Mailer: Red Gnus v0.53/XEmacs 19.14 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Kevin Lynn writes: > Hopefully this is a simple question. > > Does anyone here know anything about running Appletalk through a TIS > gauntlet firewall? Not easily... You would have to first encapsulate the Appletalk traffic into IP. The general problem with encapsulation is that it is typically done with UDP instead of TCP. The firewall typically does NOT pass UDP traffic; one could however "packet filter" the UDP packets through; although this is NOT recommended..... The other option would be to setup some type of translation mechanicism that could translate the AppleTalk packets into TCP packets; then this TCP traffic could be "plug-gw" through the firewall. There maybe a product called "gator" that would perform this function. I really do not have alot of knowledge about this product. The last option would be to place a router in parallel with the firewall that would only route AppleTalk traffic.. From firewalls-owner Wed Nov 6 22:19:19 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id WAA05458 for firewalls-outgoing; Wed, 6 Nov 1996 22:00:26 -0800 (PST) Received: from xyzzy.plugh.edmonton.ab.ca (xyzzy.plugh.edmonton.ab.ca [198.161.22.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id VAA05339 for ; Wed, 6 Nov 1996 21:58:46 -0800 (PST) Received: (from uucp@localhost) by xyzzy.plugh.edmonton.ab.ca (8.6.12/8.6.9) id WAA16904 for ; Wed, 6 Nov 1996 22:58:49 -0700 Received: from beckio.precise.ab.ca(192.168.30.61), claiming to be "snouts.obtuse.com" via SMTP by mailhost.plugh.edmonton.ab.ca, id smtpd16902aaa; Wed Nov 6 22:58:37 1996 Received: (from uucp@localhost) by snouts.obtuse.com (8.7.5/8.7.3) id WAA26166; Wed, 6 Nov 1996 22:57:35 -0700 From: Bob Beck Received: from UNKNOWN(192.168.20.5), claiming to be "chocolate.obtuse.com" via SMTP by snouts.obtuse.com, id smtpd26164aaa; Wed Nov 6 22:57:30 1996 Received: (from beck@localhost) by chocolate.obtuse.com (8.7.5/8.7.3) id XAA01192; Wed, 6 Nov 1996 23:48:40 -0700 Message-Id: <199611070648.XAA01192@chocolate.obtuse.com> Subject: Re: NCSA certification for FWTK To: mjr@mail.clark.net (Marcus J. Ranum) Date: Wed, 6 Nov 1996 23:48:39 -0700 (MST) Cc: firewalls@GreatCircle.COM In-Reply-To: <199611062228.RAA25944@mail.clark.net> from "Marcus J. Ranum" at Nov 6, 96 05:28:11 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Frederick M Avolio writes: > >The FWTK is not a commercial product. We do not intend to submit it > >for certification. It, alone, would not pass certification anyway. > >Kernel mods, etc. are needed to make it a complete firewall. > > Oh, bull. The toolkit could pass NCSA certification with flying > colors. The hardest part about passing the certification is coughing > up the money for the NCSA membership and the testing. Do > most vendors that are certified pay for the certification from thier > marketing budget or from their R&D budget, enquiring minds > want to know. > > My cat could build a firewall that would pass NCSA certification. > He's too busy looking cute right now, though. Not being aware of the exact nature of the NCSA certification, I'm shooting in the dark here, but isn't that the distinction between toolkit and turnkey firewall? toolkit is software to make firewall, firewall is made with toolkit by appropriately configuring your victim machine with the toolkit. While I'm confident Marcus's cat could do it right, my cat's pretty dumb and might leave IP_FORWARD on in the kernel and a few other things. (Although she is good at being cute too... hmm.. got a picture online Marcus?) I would be surprised if any "toolkit" could pass any meaningful certification on it's own, since it alone does not a firewall make. You would have to "certify" a certain configuration/installation of toolkit and other stuff, or it's pretty meaningless, I.E. + installed on with operating system with options and modifications , etc. If some reseller (like Marcus' cat) wished to certify a configuration of the toolkit + os, that would probably mean something, but failing that I can't see how such a certification would mean anything more than NT's C2 rating. Great for the marketing slither and little else. -Bob From firewalls-owner Wed Nov 6 23:20:51 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA08761 for firewalls-outgoing; Wed, 6 Nov 1996 23:15:40 -0800 (PST) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id XAA08750 for ; Wed, 6 Nov 1996 23:15:27 -0800 (PST) Message-Id: <199611070715.XAA08750@miles.greatcircle.com> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA058560873; Thu, 7 Nov 1996 18:14:33 +1100 From: Darren Reed Subject: Re: NCSA certification for FWTK To: beck@obtuse.com (Bob Beck) Date: Thu, 7 Nov 1996 18:14:32 +1100 (EDT) Cc: mjr@mail.clark.net, firewalls@GreatCircle.COM In-Reply-To: <199611070648.XAA01192@chocolate.obtuse.com> from "Bob Beck" at Nov 6, 96 11:48:39 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In some mail from Bob Beck, sie said: [...] > I would be surprised if any "toolkit" could pass any > meaningful certification on it's own, since it alone does not a > firewall make. You would have to "certify" a certain > configuration/installation of toolkit and other stuff, or it's pretty > meaningless, I.E. + installed on with > operating system with options and modifications , etc. If we want to get picky here, firewalls are, for the most part, "toolkits" combined with other operating systems, even those sold by vendors in many cases. Raptor is software, Gauntlet is software, etc. We could class those as "toolkits" too. You can also buy prebuilt kits of this stuff too, and before you're done you might add a router or two to your firewall too. Now, if NCSA are going to certify software such as Gauntlet as a real internet firewall, then there really isn't much difference in having the Firewall Toolkit certified, except the fancy packaging, media with the product on it, manuals, support contract, etc. Darren From firewalls-owner Wed Nov 6 23:34:00 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA08713 for firewalls-outgoing; Wed, 6 Nov 1996 23:14:33 -0800 (PST) Received: from cet.cet.com (cet.cet.com [206.96.91.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id XAA08704 for ; Wed, 6 Nov 1996 23:14:22 -0800 (PST) Received: from cet.cet.com (roberth@cet.cet.com [206.96.91.1]) by cet.cet.com (8.6.12/8.6.12) with SMTP id XAA16372; Wed, 6 Nov 1996 23:13:17 -0800 Date: Wed, 6 Nov 1996 23:13:16 -0800 (PST) From: Robert Hanson To: Bob Beck cc: firewalls@GreatCircle.COM Subject: Re: NCSA certification for FWTK In-Reply-To: <199611070648.XAA01192@chocolate.obtuse.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ive got $500 to $1000 contribute to a kitty if other will do the "same" to have mjr consider doing something like this... what opsys would you use mjr? say freebsd or 1.2.13 or latest stable redhat/debian/slack/whatever linux or or or? we all stand to learn a lot from this and mjr could get his cat a red nissan car like the clay dude in the commercial sung to the van halen tune, "you really got me!" no kitty (cat) puns intended... ;) ---> Robert H. Hanson Cutting Edge Communications, Inc. Otis Orchards, Wa. Regional Commercial Internet Service Provider (509) 927-9541 email: roberth@cet.com - http://www.cet.com/ On Wed, 6 Nov 1996, Bob Beck wrote: > > > > Frederick M Avolio writes: > > >The FWTK is not a commercial product. We do not intend to submit it > > >for certification. It, alone, would not pass certification anyway. > > >Kernel mods, etc. are needed to make it a complete firewall. > > > > Oh, bull. The toolkit could pass NCSA certification with flying > > colors. The hardest part about passing the certification is coughing > > up the money for the NCSA membership and the testing. Do > > most vendors that are certified pay for the certification from thier > > marketing budget or from their R&D budget, enquiring minds > > want to know. > > > > My cat could build a firewall that would pass NCSA certification. > > He's too busy looking cute right now, though. > > Not being aware of the exact nature of the NCSA certification, > I'm shooting in the dark here, but isn't that the distinction between > toolkit and turnkey firewall? toolkit is software to make firewall, > firewall is made with toolkit by appropriately configuring your victim > machine with the toolkit. While I'm confident Marcus's cat could do it > right, my cat's pretty dumb and might leave IP_FORWARD on in the > kernel and a few other things. (Although she is good at being cute > too... hmm.. got a picture online Marcus?) > > I would be surprised if any "toolkit" could pass any > meaningful certification on it's own, since it alone does not a > firewall make. You would have to "certify" a certain > configuration/installation of toolkit and other stuff, or it's pretty > meaningless, I.E. + installed on with > operating system with options and modifications , etc. > If some reseller (like Marcus' cat) wished to certify a configuration > of the toolkit + os, that would probably mean something, but failing > that I can't see how such a certification would mean anything more > than NT's C2 rating. Great for the marketing slither and little else. > > -Bob > From firewalls-owner Thu Nov 7 00:04:19 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id XAA09981 for firewalls-outgoing; Wed, 6 Nov 1996 23:49:47 -0800 (PST) Received: from ns1.ntshop.com ([207.91.166.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id XAA09933 for ; Wed, 6 Nov 1996 23:49:31 -0800 (PST) Received: from beast.ntshop.net ([207.91.166.3]) by ns1.ntshop.com (post.office MTA v2.0 0813 ID# 153-13296) with ESMTP id AAA89 for ; Thu, 7 Nov 1996 01:55:21 -0600 From: "Mark Joseph Edwards" To: Subject: Re: NCSA certification for FWTK Date: Thu, 7 Nov 1996 01:49:30 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1132 MIME-Version: 1.0 Content-Type: text/plain; charset=Default Content-Transfer-Encoding: 7bit Message-ID: <19961107075521695.AAA89@beast.ntshop.net> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > I would be surprised if any "toolkit" could pass any >meaningful certification on it's own, since it alone does not a >firewall make. You would have to "certify" a certain >configuration/installation of toolkit and other stuff, or it's pretty >meaningless, I.E. + installed on with >operating system with options and modifications , etc. >If some reseller (like Marcus' cat) wished to certify a configuration >of the toolkit + os, that would probably mean something, but failing >that I can't see how such a certification would mean anything more >than NT's C2 rating. Great for the marketing slither and little else. Perhaps that's what the NCSA rating does - certifies a product as "securely configurable". Obviously different topologies and operator error come in to play. NT is C2 certified, but that doesn't necessarily mean that every installation of it is C2 compliant. So, the NCSA certification is actually a rating system of sorts that merely implies that a particular set of tools -- be they an os, an app, or toolkit -- are "capable" of securing something. mark From firewalls-owner Thu Nov 7 00:19:50 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id AAA10684 for firewalls-outgoing; Thu, 7 Nov 1996 00:05:41 -0800 (PST) Received: from jeuro.infonet.ee (jeuro.infonet.ee [194.204.5.50]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id AAA10677 for ; Thu, 7 Nov 1996 00:05:21 -0800 (PST) Received: from pavel.jeuro.infonet.ee (194.204.5.51) by jeuro.infonet.ee (EMWAC SMTPRS 0.80) with SMTP id ; Thu, 07 Nov 1996 10:09:02 +0200 Date: Thu, 07 Nov 1996 10:09:02 +0200 Message-ID: From: Pavel Murnikov To: lists@lina.inka.de X-Priority: Normal Subject: Re: Secure email package Cc: firewalls@GreatCircle.COM X-Mailer: Pronto Secure [Ver 1.10] MIME-Version: 1.0 Content-Type: text/plain Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Whether this belongs to firewalls or not, check a pgp-enabled mailer for Win95 enviromnent Pronto Secure mail v1.10 from Commtouch: www.commtouch.com eyecatching features: encrypts binary attachements, MAPI server Best regards Pavel Murnikov fax +372 6 313068 phone +372 6 313067 Type Bits/KeyID Date User ID pub 512/BEC658F5 1996/05/21 Pavel Murnikov Pavel Murnikov -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQBNAzGh/hYAAAECALrYYc4mptQ5mkPVW2nK+poPlR3uAAE3EZA6pNewoLbUbW51 r/pa9EiXdJj6vr8TTvoeJduVuDcm55b9z77GWPUABRG0J1BhdmVsIE11cm5pa292 IDxwYXZlbEBqZXVyby5pbmZvbmV0LmVlPokAVQMFEDGh/hfnlv3PvsZY9QEBhJQB +QGUg33FtBhkUACtzgOKJybsJg1kKj5tkTJMFnmQ3wQXo2dOvgTgGercvjDHDhJM fBAtdrL7Zt0YvtnjTbJLQ9S0IlBhdmVsIE11cm5pa292IDxta29mZkBiaWdmb290 LmNvbT6JAFUDBRAyT40L55b9z77GWPUBAcsIAgCCIB/CXgGmpCrD5swbPk0x5Fjq Nq/dOapyTinAEXGH2jT9P10AIujVN5O+dUE6mZdJVN24UlGVTRXj62re7LAc =sBox -----END PGP PUBLIC KEY BLOCK----- From firewalls-owner Thu Nov 7 01:19:20 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id BAA13373 for firewalls-outgoing; Thu, 7 Nov 1996 01:05:48 -0800 (PST) Received: from shadow.dbapic.com.au (shadow.dbapic.com.au [203.2.220.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id BAA13364 for ; Thu, 7 Nov 1996 01:05:31 -0800 (PST) Received: by shadow.dbapic.com.au (AIX 3.2/UCB 5.64/4.03) id AA07359; Thu, 7 Nov 1996 20:06:03 +1000 Received: from unknown(203.28.214.36) by shadow.dbapic.com.au via smap (V1.3) id sma003515; Thu Nov 7 20:05:45 1996 Message-Id: <3281A630.167EB0E7@dbapic.com.au> Date: Thu, 07 Nov 1996 20:04:48 +1100 From: Barry W Anderson Reply-To: bwa@shadow.dbapic.com.au X-Mailer: Mozilla 3.01Gold (X11; I; FreeBSD 2.2-961014-SNAP i386) Mime-Version: 1.0 To: firewalls@greatcircle.com Subject: POP and sendmail mods for no system accounts Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Along mail lines, does anyone recall seeing posted or mailed (reasonably) recently the mods to popper and sendmail to allow users not to have system accounts? Have searched Alta Vista till weird hours of the morning without success and am now at the stage where unless someone else can jog my memory as to the location, I'll write the mods myself - and I HATE reinventing the wheel. cheers, From firewalls-owner Thu Nov 7 02:49:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id CAA17269 for firewalls-outgoing; Thu, 7 Nov 1996 02:33:02 -0800 (PST) Received: from ns.runnet.ru (ns.runnet.ru [194.85.32.18]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id CAA17228 for ; Thu, 7 Nov 1996 02:32:15 -0800 (PST) Received: from runner.spmu.runnet.ru by ns.runnet.ru with ESMTP id NAA02044; (8.6.12/08.08.95) Thu, 7 Nov 1996 13:25:50 +0300 Received: from proliant by runner.spmu.runnet.ru with SMTP id OAA01819; (8.6.12/vak/1.9) Thu, 7 Nov 1996 14:22:42 +0300 Message-ID: <3281B879.4191@spmu.runnet.ru> Date: Thu, 07 Nov 1996 13:22:49 +0300 From: Lawrence Beobachter X-Mailer: Mozilla 2.0 (WinNT; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: Plain-text passwords References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello! I tried tcpdump on FreeBSD and it turned out that login information during telnet sessions as well as USER and PASS info sent by pop-client are both xmitted in plain text . Is there any solution besides S/Key (please, include pointers) to block this don't-know-how-to-call-it hole. Thank you Regards From firewalls-owner Thu Nov 7 04:33:12 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id EAA20634 for firewalls-outgoing; Thu, 7 Nov 1996 04:23:48 -0800 (PST) Received: from bigbird2.iis.net (bigbird.iis.net [207.226.20.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id EAA20627 for ; Thu, 7 Nov 1996 04:23:32 -0800 (PST) Received: from klaatu.iis.net by bigbird2.iis.net via smtpd (for miles.greatcircle.com [198.102.244.34]) with SMTP; 7 Nov 1996 12:23:35 UT Received: from apollo.iis.net (apollo.iis.net [172.20.1.150]) by klaatu.iis.net (8.7.5/8.7.3) with SMTP id HAA05828 for ; Thu, 7 Nov 1996 07:25:51 -0500 (EST) Message-Id: <3.0b36.32.19961107072516.006b1a94@pop1.iis.net> X-Sender: sean@pop1.iis.net X-Mailer: Windows Eudora Pro Version 3.0b36 (32) Date: Thu, 07 Nov 1996 07:25:24 -0500 To: Firewalls@GreatCircle.COM From: Sean Brandt Subject: Re: Firewalls for NT MIME-Version: 1.0 Content-Type: multipart/signed; boundary= "---=_=_ 50683643-6741220-13767104 _=_=---"; micalg=rsa-md5; protocol= "application/x-pkcs7-signature" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----=_=_ 50683643-6741220-13767104 _=_=--- Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" I suggest Raptor Eagle for NT, check out www.raptor.com. Great firewall! Sean Brandt < Systems Engineer Internet Information Systems, Inc. http://www.iis.net -----=_=_ 50683643-6741220-13767104 _=_=--- Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDjAMBggqhkiG9w0CBQUAMIAGCSqGSIb3DQEHAQAAoIAw ggW+MIIFJ6ADAgECAhAgXkLVa0UoWK4VC7WH4y6nMA0GCSqGSIb3DQEBBAUAMGIxETAPBgNV BAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05NjEwMjIwMDAwMDBa Fw05NjExMjEyMzU5NTlaMIIBHTERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlT aWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBT dWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIElu Y29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MT4wPAYDVQQLEzVEaWdpdGFsIElEIENsYXNz IDEgLSBTTUlNRSBEZW1pbmcgU29mdHdhcmUsIEluYy4gQmV0YTEUMBIGA1UEAxMLU2VhbiBC cmFuZHQxGzAZBgkqhkiG9w0BCQEWDHNlYW5AaWlzLm5ldDCCASIwDQYJKoZIhvcNAQEBBQAD ggEPADCCAQoCggEBAJoNO+HLz0iYBn80RwDlzbu6HtNPb/zQ0NQbsfeBJex/UdBFtBwWxn5V FWyHtgTD3ns57QlYYZ4l2QLQNHbeGS5k+iV6SqeVmtJCkPDPzyQzVS98DbX8YXEWSu5qQqDK EoBgdoRr0xa1sVPEt5DyirfakmaUXl3xmyfoAIgs0lfq5B4Akk4WZICp8Xf4OsneHL29Gktn vIYhtd9tICioWSKumAbo60s4oWQlkbDUpkTN9IIDGUTDT1wRFpyJ74wIqeZ8wEPpzNidxtUw hciHGKxBtBlGe2xUC7U7WI8GhEcUsa8f8HXVI96FH6fsAIcp6TYWB5R5GmlrskL5tKADvmUC AwEAAaOCAjIwggIuMAkGA1UdEwQCMAAwggIfBgNVHQMEggIWMIICEjCCAg4wggIKBgtghkgB hvhFAQcBATCCAfkWggGnVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0ZXMgYnkgcmVmZXJl bmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0IHRvLCB0aGUgVmVyaVNpZ24g Q2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1lbnQgKENQUyksIGF2YWlsYWJsZSBhdDog aHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzsgYnkgRS1tYWlsIGF0IENQUy1yZXF1ZXN0 c0B2ZXJpc2lnbi5jb207IG9yIGJ5IG1haWwgYXQgVmVyaVNpZ24sIEluYy4sIDI1OTMgQ29h c3QgQXZlLiwgTW91bnRhaW4gVmlldywgQ0EgOTQwNDMgVVNBIFRlbC4gKzEgKDQxNSkgOTYx LTg4MzAgQ29weXJpZ2h0IChjKSAxOTk2IFZlcmlTaWduLCBJbmMuICBBbGwgUmlnaHRzIFJl c2VydmVkLiBDRVJUQUlOIFdBUlJBTlRJRVMgRElTQ0xBSU1FRCBhbmQgTElBQklMSVRZIExJ TUlURUQuoA4GDGCGSAGG+EUBBwEBAaEOBgxghkgBhvhFAQcBAQIwLDAqFihodHRwczovL3d3 dy52ZXJpc2lnbi5jb20vcmVwb3NpdG9yeS9DUFMgMA0GCSqGSIb3DQEBBAUAA4GBALDbq3Ku fiGPO/3cGaQUg5oUj0LGLd+eRYtElzjVttg77Vt2Df3tgwAkrMAlnVEmS8PQrXrsPNvBIzVH DBCWz/jWR5KsU6MjbI9di1EnP/xsuLwEpaqu+s12hejn6ibqRCGpiMh9eq/i9ONIoWoqui/Q V5YRcaXbzt8+9M658EJyMIICeTCCAeKgAwIBAgIQNRGlUpBv59AppEAZ1BH8PjANBgkqhkiG 9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNV BAsTLkNsYXNzIDEgUHVibGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcN OTYwNjI3MDAwMDAwWhcNOTcwNjI3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJ bmRpdmlkdWFsIFN1YnNjcmliZXIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALYUps9N 0AUN2Moj0G+qtCmSY44s+G+W1y6ddksRsTaNV8nD/RzGuv4eCLozypXqvuNbzQaot3kdRCrt c/KxUoNoEHBkkdc+a/n3XZ0UQ5tul0WYgUfRLcvdu3LXTD9xquJA8lQ5vBbuz3zsuts/bCqz FrGGEp2ukzTVuNXQ9z6pAgMBAAGjMzAxMA8GA1UdEwQIMAYBAf8CAQEwCwYDVR0PBAQDAgEG MBEGCWCGSAGG+EIBAQQEAwICBDANBgkqhkiG9w0BAQIFAAOBgQAp5cegGadvFEKCTSMz172Y Oml3GmyKkidr8nwM4cRS4Pic40Cvj7E6DvdIGXTbqfsGTnkDbC8Awajv6QpNn6sdoUMNyarg 76vMWuLZEg54YCdyPUhwam0BCG9egiEUwbgmXODUqUdkerLsPeN7HvzNxJTuQo67x/m0BfWM Lf6xOgAAoYAwggEnMIGRMA0GCSqGSIb3DQEBAgUAMGIxETAPBgNVBAcTCEludGVybmV0MRcw FQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24gQ2xhc3MgMSBDQSAt IEluZGl2aWR1YWwgU3Vic2NyaWJlchcNOTYwNzAxMTczMDQwWhcNOTcwNzAxMDAwMDAwWjAN BgkqhkiG9w0BAQIFAAOBgQAYu5Do9fwDsCKoES1bNi2XqVk1IMjRtHlhSj4PYnOTDfR3FCcl JspcRzpdi7MBbke+vMBNe7lzX1ZY9PhxEPCaMfvWL1BwPKxbB//ATSoZOJYje1BPQjlUaHuM gkPTueUHDdHheXx0f2SvzkmxaKeoMflgqkij2jySdjmfv6qM6jCCASQwgY4wDQYJKoZIhvcN AQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQL Ey5DbGFzcyAxIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5Fw05NjA4 MTMwMDMwNThaFw05NzA4MTIwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA4GBANXc7/6Xr1C26DcM IkXCDqtV2kUDjMlsP0khVDbvo+a0kY475s1k6ZtG4v/HLeU+R0fWriZs+kP6Y+sdMGlxI7IV kId/1WoCHIA7F3HTmyA3MOBqX4oHDh6+e+yqRZa95BlQuIpOaE785jbHCuUqPJ6cGxF8fTRz FxZoe7zK+40RAAAxgDCCAfcCAQEwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlk dWFsIFN1YnNjcmliZXICECBeQtVrRShYrhULtYfjLqcwDAYIKoZIhvcNAgUFAKBZMBgGCSqG SIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk2MTEwNzEyMjUyM1owHwYJ KoZIhvcNAQkEMRIEEFAmFTCuju9Xz9jgCGeGVtEwDQYJKoZIhvcNAQEBBQAEggEAkAerpGA1 qgRKxc+AeDjG4EzRCAvnDI8iedpCi45VMFNTarZWDatWmzRl0wPlfafKQmO0+HUoJxZJQNij sUO9DfXhHLR8FY/jh9N1QIfhZZId9BALPJEQsusBEp/KxOytwL4OumcvZyQKgjuYlC9AWd1h TkhZJq92korNNBYSFkb8tazFG7kGg7/268+Qynyy/8Fo7TqkVDUgE6ziAtCv/T6opJA0ehr3 4tdSz++iZrFqQfqNFe+Z59ZqfdB7zXbFimmoOqDQA4Rkh15LR2/8Bw+HOx4q4GUt04m89u57 JH8t6KTqQsmiA+NXSNwKSkVsmoH7NGkTpV+FTfg3V3A+hAAAAAAAAAAA -----=_=_ 50683643-6741220-13767104 _=_=----- From firewalls-owner Thu Nov 7 05:35:06 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id FAA22252 for firewalls-outgoing; Thu, 7 Nov 1996 05:30:46 -0800 (PST) Received: from mwunix.mitre.org (mwunix.mitre.org [128.29.154.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id FAA22245 for ; Thu, 7 Nov 1996 05:30:37 -0800 (PST) Received: from smiley.sit (smiley.mitre.org [128.29.140.20]) by mwunix.mitre.org (8.6.10/8.6.4) with SMTP id IAA07379 for ; Thu, 7 Nov 1996 08:30:40 -0500 Received: from [128.29.140.130] (mckenney-mac) by smiley.sit (4.1/SMI-4.1) id AA07798; Thu, 7 Nov 96 08:28:16 EST Date: Thu, 7 Nov 96 08:28:15 EST Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: firewalls@GreatCircle.COM From: mckenney@smiley.mitre.org (Brian W. McKenney) Subject: Re: NCSA certification for FWTK Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I think the side conversations are missing key points. 1. Some corporations and other Internet Enterprises are interested in NCSA Certification. This may be one of the factors when making a buying decision or with making a risk management decision. If the firewall vendors did not think this makes good marketing sense, then we would not have a rush of firewall vendors getting NCSA Certification. Vendors are responding to customers, this will continue. 2. NCSA Certification is only one metric, a set of tests. 3. Customers want an independent assessment of a firewall product. NCSA Certification is just one metric or yardstick. Customers need to understand the scope and assumptions of this yardstick. 4. There are lots of views on the value and utility of NCSA Certification. There are also a lot of views on internal vs. independent testing. Customers can buy the automated tools and do their own testing. However, senior management may ask whether their firewall product has attained NCSA Certification. Again, vendors are using NCSA Certification as a marketing tool, they are responding to what other vendors are identifying in their glossy brochures. -Brian ++Speaking only for myself.++ From firewalls-owner Thu Nov 7 06:37:37 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA24278 for firewalls-outgoing; Thu, 7 Nov 1996 06:17:51 -0800 (PST) Received: from gargoyle.clark.net (gargoyle.clark.net [168.143.0.250]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id GAA24269 for ; Thu, 7 Nov 1996 06:17:41 -0800 (PST) Received: (from proberts@localhost) by gargoyle.clark.net (8.7.4/8.7.3) id JAA26495; Thu, 7 Nov 1996 09:24:07 -0500 Date: Thu, 7 Nov 1996 09:24:07 -0500 (EST) From: "Paul D. Robertson" X-Sender: proberts@localhost To: "Brian W. McKenney" cc: firewalls@GreatCircle.COM Subject: Re: NCSA certification for FWTK In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 7 Nov 1996, Brian W. McKenney wrote: > I think the side conversations are missing key points. > > vendors did not think this makes good marketing sense, then we would not ^^^^^^^^^^^^^^^ > Certification. Again, vendors are using NCSA Certification as a marketing > tool, they are responding to what other vendors are identifying in their > glossy brochures. No, that's exactly the key point. The NCSA certifications are marketing fluff, and don't add any significant value to the firewall process. I can configure any one of their "certified" firewalls insecurely. I can also configure systems that haven't been "blessed" by bloating their coffers to be quite secure. I doubt that NCSA has gotten any of the major vendors to change a line of code, or added any security value at all to their products for the money they've received. I think that's the main point. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@clark.net which may have no basis whatsoever in fact." PSB#9280 From firewalls-owner Thu Nov 7 07:08:35 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id GAA25054 for firewalls-outgoing; Thu, 7 Nov 1996 06:42:21 -0800 (PST) Received: from stortek.com (stortek.com [129.80.22.249]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id GAA25047 for ; Thu, 7 Nov 1996 06:42:12 -0800 (PST) Received: from coltano.stortek.com by stortek.com with SMTP id AA07563 (5.65c/IDA-1.4.4 for ); Thu, 7 Nov 1996 07:42:15 -0700 Received: (from jim@localhost) by coltano.stortek.com (8.7.4/8.7.3) id HAA22647; Thu, 7 Nov 1996 07:41:42 -0700 (MST) Date: Thu, 7 Nov 1996 07:41:42 -0700 (MST) From: Jim Wamsley 303-673-8163 Message-Id: <199611071441.HAA22647@coltano.stortek.com> To: klynn@surfsoft.com Subject: Re: Appletalk Cc: firewalls@GreatCircle.COM X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk CAUTION - BLATANT COMMERCIALISM FOLLOWS: jason mastaler writes: > > The other option would be to setup some type of translation mechanicism that > could translate the AppleTalk packets into TCP packets; then this TCP > traffic could be "plug-gw" through the firewall. There maybe a product > called "gator" that would perform this function. I really do not have alot > of knowledge about this product. > Network Systems Corporation, a subsidiary of StorageTek has the Borderguard 1000 and Borderguard 2000 products that feature Secure Tunnel Bridging. It's purpose is to provide transparent protocol encapsulation and encryption if needed to move protocols such as appletalk and ipx across an ip network such as the internet. See the NSC home page at: http://www.network.com ______________________________________________________________ [ Jim Wamsley, Network Engineering ] [ StorageTek 2270 S. 88th St, M.S. 4379, Louisville, CO 80028 ] [ Audible: (303) 673-8163 Logical jim_wamsley@stortek.com ] [ Everything to Excess! ] [ To enjoy life to the fullest, you must take big bites. ] [ Moderation is for monks. ] [ Lazarus Long ] [______________________________________________________________] From firewalls-owner Thu Nov 7 07:28:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA26350 for firewalls-outgoing; Thu, 7 Nov 1996 07:11:23 -0800 (PST) Received: from gauntlet-1.trusted.com (gauntlet-1.trusted.com [204.254.155.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA26317 for ; Thu, 7 Nov 1996 07:11:05 -0800 (PST) Received: by gauntlet-1.trusted.com; id KAA19897; Thu, 7 Nov 1996 10:18:11 -0500 Received: from dira.rv.tis.com(10.0.1.43) by gauntlet-1.trusted.com via smap (V3.1.1) id xma019882; Thu, 7 Nov 96 10:17:48 -0500 Received: from unit65.trusted.com (dyn189.trusted.com [10.0.1.189]) by dira.rv.tis.com (8.7.4/8.7.3) with SMTP id KAA08752; Thu, 7 Nov 1996 10:07:24 -0500 (EST) Message-Id: <2.2.32.19961107151000.006d0c7c@pop.trusted.com> X-Sender: avolio@pop.trusted.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 07 Nov 1996 10:10:00 -0500 To: Darren Reed , beck@obtuse.com (Bob Beck) From: Frederick M Avolio Subject: Re: NCSA certification for FWTK Cc: mjr@mail.clark.net, proberts@clark.net, firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Darren wrote: >Now, if NCSA are going to certify software such as Gauntlet as a real >internet firewall, then there really isn't much difference in having >the Firewall Toolkit certified, except the fancy packaging, media with >the product on it, manuals, support contract, etc. > >Darren I hate to disagree with Darren. I really do. But the FWTK *as is* is insufficient to act as a firewall. They would have to certify each individual installation, as they are all different. I do not mean the policy enforcement, but rather O/S changes, etc. The NCSA certification of XYZ Firewall -- as their decsription on their web page indicates -- is based on the product being installed as prescribed and operating according to spec as well as providing a base level of security (also defined on their web page, I think.) MArcus wrote: >No, because nobody'd bother to pay the NCSA membership >fees and testing fees that are necessary for the "certification." >NCSA "certification" is a product marketing device, not a technical >milestone. As far as I am concerned the main significant conclusion >one can draw from the fact that a firewall was NCSA certified is that >the vendor gave NCSA a lot of money. > >Any firewall vendors that want to pay me $15,000, I'll certify >your firewall too. :-P Heck, I'll do it for only $10,000. See >http://www.clark.net/pub/mjr/pubs/fwtest/index.htm >for details. I disagree here. This is more cynical than need be. But that is for others to decide. Suffice it to say, paying the money is not the milestone. It is a certification to be used as part of a decision process, not to be the only deciding factor. Customer comments are insufficient, vendor documentation is insufficient, and this certification alone is insufficient. I have a hard time believe that anyone really believes that "the main significant conclusion one can draw from the fact that a firewall was NCSA certified is that the vendor gave NCSA a lot of money." I think this was hyperbole. Paul Robertson wrote: >I doubt that NCSA has gotten any of the major vendors to change a line of >code, or added any security value at all to their products for the money >they've received. I think that's the main point. This is not true. While TIS, did not have to change anything -- which doesn't mean we will not in the future -- some vendors did have to. And they did/ I suspect we would all agree that 1) the NCSA certification can be *part* of the decision but should not be the only factor, 2) just because a firewall didn't seek NCSA certification does not mean it is bad, 3) NCSA certification is more than just a seal of approval bought with money, 4) the buyer should gather a bunch of data and decide what to believe or rely on and what not to, and 5) Avolio has already written more words than he should have on this and is starting to bore the audience. :-) f From firewalls-owner Thu Nov 7 07:36:01 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA26958 for firewalls-outgoing; Thu, 7 Nov 1996 07:24:31 -0800 (PST) Received: from inetsrv1.biss.co.uk (inetsrv1.biss.co.uk [193.115.8.97]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA26949 for ; Thu, 7 Nov 1996 07:24:20 -0800 (PST) Message-Id: <199611071524.HAA26949@miles.greatcircle.com> Received: from steveb_pc.biss.co.uk by inetsrv1.biss.co.uk with SMTP (1.38.193.4/16.2) id AA09760; Thu, 7 Nov 96 15:22:03 GMT From: "Steve Betts" To: , Subject: Re: Firewall for NT on Alpha Date: Thu, 7 Nov 1996 14:22:31 -0000 X-Msmail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Darren.Hamilton@merisel.com wrote: > To All, > > I'm trying to source an NT firewall for the > Digital Alpha platform. Suggestions? I understand that Raptor version 3.06 for NT is available on Alpha Regards. ___ / ) / (, ) / / NB Opinions are my own and may (__ -/--- /_,/ -/--/- not be the same as my employers / ) / /7 /7 /7 /7 / `> /7 / / /(~ tel: +44 (0) 1 442 233 366 \___//(_(/_/ (/ (_(/_/\__ /(_(/_/(_/(_/,_) fax: +44 (0) 1 442 236 623 From firewalls-owner Thu Nov 7 07:49:11 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA27171 for firewalls-outgoing; Thu, 7 Nov 1996 07:31:25 -0800 (PST) Received: from gargoyle.clark.net (gargoyle.clark.net [168.143.0.250]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id HAA27157 for ; Thu, 7 Nov 1996 07:31:08 -0800 (PST) Received: (from proberts@localhost) by gargoyle.clark.net (8.7.4/8.7.3) id KAA26690; Thu, 7 Nov 1996 10:37:26 -0500 Date: Thu, 7 Nov 1996 10:37:25 -0500 (EST) From: "Paul D. Robertson" X-Sender: proberts@localhost To: Frederick M Avolio cc: Darren Reed , Bob Beck , mjr@mail.clark.net, firewalls@greatcircle.com Subject: Re: NCSA certification for FWTK In-Reply-To: <2.2.32.19961107151000.006d0c7c@pop.trusted.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 7 Nov 1996, Frederick M Avolio wrote: > Paul Robertson wrote: > >I doubt that NCSA has gotten any of the major vendors to change a line of > >code, or added any security value at all to their products for the money > >they've received. I think that's the main point. > > This is not true. While TIS, did not have to change anything -- which > doesn't mean we will not in the future -- some vendors did have to. And they > did/ Can you quantify that? I don't mean changing configurations to meet a test suite, I mean actually changing the code to make the firewall more secure. If you're not willing to name names, how about a number out of the top 5 or 6? Heck, top 10 even. Changing a configuration to meet a test suite doesn't make a firewall more secure, that's an installation issue, and as I'm sure you're aware, that has to do with a site's security policy more than anything else. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts@clark.net which may have no basis whatsoever in fact." PSB#9280 From firewalls-owner Thu Nov 7 08:03:41 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id HAA28058 for firewalls-outgoing; Thu, 7 Nov 1996 07:50:14 -0800 (PST) Received: from lab58_12.ims.advantis.com (pony-express.ims.advantis.com [192.231.11.167]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id HAA28042 for ; Thu, 7 Nov 1996 07:49:58 -0800 (PST) Received: (from hfarkas@localhost) by lab58_12.ims.advantis.com (8.6.9/95.10.11) id KAA15546 for ; Thu, 7 Nov 1996 10:48:52 -0500 Received: from d5664655.ims.advantis.com(164.120.51.69) by lab58_12.ims.advantis.com via smap (V1.3) id sma015544; Thu Nov 7 10:48:43 1996 Received: by gandalf.ims.advantis.com (AIX 3.2/UCB 5.64/950921) id AA28672; Thu, 7 Nov 1996 10:56:49 -0500 Date: Thu, 7 Nov 1996 10:56:44 -0500 (EST) From: "Henry W. Farkas" To: firewalls@GreatCircle.COM Subject: Secure email package Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Sameer R Manek wrote: > > There's also BAP, Bryce's Auto PGP, which ... > By any chance you wouldn't have the url/ftp site for more info > on his scripts? e-mail: URL: =========================================================================== "We must all turn our backs upon the horrors of the past. We must look to the future. We cannot afford to drag forward, across the years that are to come, the hatreds and revenges which have sprung from the injuries of the past." - Winston Churchill - http://newstand.ims.advantis.com/henry PGP fingerprint AA D0 F5 44 C1 8C 11 52 - B3 80 34 1C CE 38 EC 53 From firewalls-owner Thu Nov 7 08:55:57 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id IAA29479 for firewalls-outgoing; Thu, 7 Nov 1996 08:14:19 -0800 (PST) Received: from gatekeeper.wellsfargo.com (gatekeeper.wellsfargo.com [192.246.108.4]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id IAA29470 for ; Thu, 7 Nov 1996 08:14:07 -0800 (PST) Received: from alcatraz.ipd.wellsfargo.com by gatekeeper.wellsfargo.com; (5.65v3.2/1.1.8.2/17Aug95-1000AM) id AA28677; Thu, 7 Nov 1996 08:14:16 -0800 Received: (from batldog) by alcatraz.ipd.wellsfargo.com (8.6.9/8.6.9) id JAA08173 for firewalls@greatcircle.com; Thu, 7 Nov 1996 09:10:06 -0700 From: battledog Message-Id: <199611071610.JAA08173@alcatraz.ipd.wellsfargo.com> Subject: Catapult To: firewalls@greatcircle.com Date: Thu, 7 Nov 1996 09:10:06 -0700 (PPET) X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've lurked this list for years, but this is my first post (kind of obscurity of security). I remember someone posted a message recently regarding new software from Microsoft called Catapult. Though I don't know much about this product, I do want to share the following information with the list. I can not vouch for the accuracy of all the information here, but Microsoft was contacted and admitted that the product may produce the kind of effect we observed. Two weeks ago our homepage came under a service attack. It appeared to be a SYNC flood attack and performance of the server started to degrade. An analysis of the IP packets indicated that the attack packets contained the same from IP address, so we filtered that address out at our ISP's router. At this point, though the attack was continuing, we no longer experienced the detrimental effects. We then turn our efforts to tracing down the source of the packets. The trail led to a company over in Israel and the following is their story. This company was running a beta release of Catapult on an NT machine. This product attempts to improve performance by automatically fetching information via HTTP on URL addresses it finds in it's cache (I guess the idea is, if someone wanted it then everyone may want it). The default update frequency value in the beta release was set very low (seconds). If the site is busy and the catapult server fails to make the connection, it tries again (and again and again). The company, in this case, increased the retry value and the problem appears to have gone away. I am bring it to your attention because who knows what lucky site will next to experience the thrill of being a target for this beta release. Comments anyone? Microsoft?? bd. P.S. Sorry for the pseudonym, but I have reached my threshold for hacker harassment this month (and it's still early). DISCLAIMER: The opinions so eloquently expressed above are the product of my delusions and will be disavowed at my convenience. OFFICIAL DISCLAIMER: These opinions are strictly my own, and not necessarily those of Wells Fargo. From firewalls-owner Thu Nov 7 09:37:02 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA03664 for firewalls-outgoing; Thu, 7 Nov 1996 09:20:01 -0800 (PST) Received: from cheetah.llnl.gov (cheetah.llnl.gov [198.128.36.8]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id JAA03633 for ; Thu, 7 Nov 1996 09:19:44 -0800 (PST) Received: from [198.128.36.23] by cheetah.llnl.gov (8.8.0/LLNL-2.0) id JAA18607; Thu, 7 Nov 1996 09:19:47 -0800 (PST) Message-Id: <199611071719.JAA18607@cheetah.llnl.gov> X-Sender: scooper@cheetah.llnl.gov Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 7 Nov 1996 09:19:49 -0800 To: firewalls@GreatCircle.COM From: spcooper@llnl.gov (Steve Cooper) Subject: The National Info-Sec Technical Baseline - Looking for Your Help! Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The NITB provides the state of the national technical capability in critical InfoSec areas. The purpose of the NITB is to focus the attention of the research community on topics of interest and on the most difficult and challenging problems in need of further scientific exploration. The findings of these NITB are collected in the national repository of InfoSec information which will be used to guide further research investment. The National Laboratories have been chosen for this work because of their high technical standards, their independence from product, institution, and technology slants, and their ongoing role as fair brokers. The labs now participating ar anticipated to participate include: Lawrence Livermore National Laboratory Sandia National Laboratory Los Alamos National Laboratory Oak Ridge National Laboratory The first NITB effort focused on intrusion detection and response. It produced a draft document which is currently available for public review and comment until November 27, 1996. It is available at . The second NITB effort is focusing on network firewall systems. This posting is a request for information from the Internet community on the state-of-the-art in firewall systems. What we are looking for: We are looking for professional-quality articles, lists of products and their features, bibliographies, etc. What we are NOT looking for: Sales information, information already available via the firewalls mailing list and other similar sources, etc. We are currently working on a report which will be made widely available in draft form within the next few weeks and will be announced on this forum. At that time, we will solicit comments on the report for a very brief time and will update the report with information we believe to be useful. Within a few weeks of that time, we will provide a current report and make that report available for all to see. Please send your relevant information to: spcooper@llnl.gov Thank you for your time. ================================================================= Stephen P. Cooper Email: spcooper@llnl.gov Computer Security Technology Center Lawrence Livermore National Laboratory Phone: 510-422-1817 POB 808, MS L-303, Livermore, CA 94550 Fax: 510-423-8002 From firewalls-owner Thu Nov 7 10:06:07 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA03100 for firewalls-outgoing; Thu, 7 Nov 1996 09:13:18 -0800 (PST) Received: from sbergeon.neosoft.com (sbergeon.neosoft.com [206.109.21.126]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA03093 for ; Thu, 7 Nov 1996 09:13:08 -0800 (PST) Received: by sbergeon.neosoft.com (951211.SGI.8.6.12.PATCH1042/bit.tweeker) id LAA00672; Thu, 7 Nov 1996 11:13:44 -0600 From: "Steve Bergeon" Message-Id: <9611071113.ZM669@sbergeon.neosoft.com> Date: Thu, 7 Nov 1996 11:13:43 -0600 In-Reply-To: Barry W Anderson "POP and sendmail mods for no system accounts" (Nov 7, 3:04am) References: <3281A630.167EB0E7@dbapic.com.au> X-Mailer: Z-Mail (3.2.0 26oct94 MediaMail) To: bwa@shadow.dbapic.com.au, firewalls@GreatCircle.COM Subject: Re: POP and sendmail mods for no system accounts Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Check out: http://www.hdshq.com/fixes/mail_patch/ See esp. the hds contributions. On Nov 7, 3:04am, Barry W Anderson may have said: > Subject: POP and sendmail mods for no system accounts > Along mail lines, does anyone recall seeing posted or mailed > (reasonably) recently the mods to popper and sendmail to allow users not > to have system accounts? Have searched Alta Vista till weird hours of > the morning without success and am now at the stage where unless someone > else can jog my memory as to the location, I'll write the mods myself - > and I HATE reinventing the wheel. > > cheers, > > >-- End of excerpt alledgedly from Barry W Anderson ----- sbergeon, 713.917.0425 (SB2009) admiration - Our polite recognition of another’s resemblance to ourselves. From firewalls-owner Thu Nov 7 10:37:49 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id JAA02124 for firewalls-outgoing; Thu, 7 Nov 1996 09:02:43 -0800 (PST) Received: from service.esys.ca (service.esys.ca [141.118.1.124]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id JAA02117 for ; Thu, 7 Nov 1996 09:02:31 -0800 (PST) Received: from monet.esys.ca by service.esys.ca with smtp (Smail3.1.28.1 #1) id m0vLXp8-000UmgC; Thu, 7 Nov 96 10:01 MST Received: from cezanne.esys.ca by monet.esys.ca with smtp (Smail3.1.28.1 #6) id m0vLXsi-000RWZC; Thu, 7 Nov 96 10:04 MST From: Lyndon Nerenberg Reply-To: lyndon@esys.ca To: Lawrence Beobachter cc: firewalls@GreatCircle.COM Subject: Re: Plain-text passwords In-Reply-To: <3281B879.4191@spmu.runnet.ru> Message-ID: Date: Thu, 7 Nov 1996 10:04:44 -0700 (MST) X-Mailer: Simeon for Hpux Motif Version 4.1a8 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 07 Nov 1996 13:22:49 +0300 Lawrence Beobachter wrote: > I tried tcpdump on FreeBSD and it turned out that login information > during telnet sessions as well as USER and PASS info sent by pop-client > are both xmitted in plain text . > Is there any solution besides S/Key (please, include pointers) to > block this don't-know-how-to-call-it hole. RFC1734 defines an AUTHenticate command for POP3. In a nutshell it's a cut-and-paste of the AUTH command from IMAP4. You can use this mechanism to get Kerberos authentication. POP3 also defines the APOP command, allowing for a shared-secret style of authentication. The problem with APOP is that it requires a seperate server database to hold the authentication data. This is a bit of a maintenance headache, and duplicates functionality better provided by something like Kerberos. MIT also cooked up the KPOP command -- an unofficial extension that allows Kerberos authentication to be used. I don't use POP3 clients so I can't say which of them implements any or all of the above. (RFC1957 indicates that APOP is supported in Qualcomm's POP server, Eudora (lite and pro), and by GNU Emacs VM. I also seem to recall that MH has support for one or both of APOP/KPOP.) On the server side, the only code I'm aware of that support all three of these authentication schemes is the POP3 proxy in the CMU Cyrus IMAP4 server. --lyndon From firewalls-owner Thu Nov 7 10:56:17 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id KAA09547 for firewalls-outgoing; Thu, 7 Nov 1996 10:44:17 -0800 (PST) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id KAA09536 for ; Thu, 7 Nov 1996 10:43:59 -0800 (PST) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id NAA12835; Thu, 7 Nov 1996 13:43:47 -0500 (EST) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V1.3) id sma012833; Thu Nov 7 13:43:18 1996 Received: by goffette.research.megasoft.com (940816.SGI.8.6.9/940406.SGI) id NAA12584; Thu, 7 Nov 1996 13:37:04 -0500 Date: Thu, 7 Nov 1996 13:37:04 -0500 Message-Id: <199611071837.NAA12584@goffette.research.megasoft.com> From: C Matthew Curtin To: Craig McLellan Cc: firewalls Subject: Re: CERT statistics In-Reply-To: <327E27AB@mnbp.network.com> References: <327E27AB@mnbp.network.com> X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx>>>> "Craig" == Craig McLellan writes: Craig> Does anyone know how I might get up to date CERT reporting Craig> statistics. Specifically I am looking for 1996 information. CERT reports .0004% of all reports that it gets. CERT takes an average of 9.7 weeks to process a report and actually send it out. :-) Why not ask them? http://www.cert.org/ -- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From firewalls-owner Thu Nov 7 11:32:34 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA11292 for firewalls-outgoing; Thu, 7 Nov 1996 11:11:41 -0800 (PST) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA11275 for ; Thu, 7 Nov 1996 11:11:07 -0800 (PST) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id OAA12915; Thu, 7 Nov 1996 14:11:18 -0500 (EST) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V1.3) id sma012913; Thu Nov 7 14:10:54 1996 Received: by goffette.research.megasoft.com (940816.SGI.8.6.9/940406.SGI) id OAA12598; Thu, 7 Nov 1996 14:04:10 -0500 Date: Thu, 7 Nov 1996 14:04:10 -0500 Message-Id: <199611071904.OAA12598@goffette.research.megasoft.com> From: C Matthew Curtin To: Chris Carlson Cc: "2LT Jeffery J. Lowder, 333-4615" , Firewalls@GreatCircle.COM Subject: Re: re:Security Risks with Real Audio? In-Reply-To: References: X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx>>>> "Chris" == Chris Carlson writes: Chris> So, there is a Chris> security risk in that you must open UDP ports for RealAudio to Chris> transmit. And UDP ports are a common avenue of exploitation by Chris> hackers, crackers, etc. Chris> There's a few ways you can overcome this: Chris> 1) Use RealAudio's TCP only service (but I heard it's not as Chris> good) Certainly it isn't. (How could it be? TCP has serious overhead compared to UDP. Further, the single feature of guaranteed packet delivery can cause problems if you lose a couple of packets in a row, or have to send one several times, since the rest of the data stream will wait for that retrasmitted one to come in, then reassemble all of the packets in the proper order. The end result is a pause in the sound while all of this goes on.) Chris> 2) Use RealAudio's proxy for firewalls How does proxying UDP overcome the problem of opening yourself up to UDP? You're still allowing UDP to come in. It doesn't matter whether it's coming over proxy or not... The point is that it's coming in, without being able to tell whether they're part of some sort of "ongoing conversation" or whether some bonehead from Timbuktu is trying something funny. Chris> 3) Get a firewall that supports UDP-based RealAudio ...so that you can open yourself up to any incoming-UDP problems in a more automated fashion? Chris> Note that RealAudio is only one of many emerging multimedia Chris> applications that use UDP and dynamically assigned channels to Chris> transmit data. Other cool apps (but a pain for firewalls) are: Chris> Vosaic, VDOLive, VXTreme, and even Microsoft's NetShow and Chris> NetMeeting, and Netscape's CoolTalk. This is going to continue to be the case, because of TCP's inappropriate amount of overhead for streaming applications... Chris> ** plug - plug ** The only really safe (how you define "safe" will depend on whom you ask) way to deal with UDP is to do so in a stateful packet filtering mechanism, whereby the packet filtering rules will be dynamically changed to allow incoming UDP from outside hosts only if UDP packets from an inside host has gone that way, and could be expecting a reply via UDP. Sounds like the firewall you're plugging has some kind of functionality, but I'll remain skeptical (as I do with anyone's stuff) until I have significant reason to prove otherwise. Of course, a number of firewall products already offer this functionality... -- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From firewalls-owner Thu Nov 7 12:02:09 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA11396 for firewalls-outgoing; Thu, 7 Nov 1996 11:13:22 -0800 (PST) Received: from manukau.govt.nz ([202.14.82.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA11312 for ; Thu, 7 Nov 1996 11:12:54 -0800 (PST) Received: by kotuku.manukau.govt.nz id <35715>; Fri, 8 Nov 1996 08:52:06 +1300 Message-Id: <96Nov8.085206nzdt.35715@kotuku.manukau.govt.nz> From: Matthew Thompson To: "'battledog'" Cc: "'firewalls@greatcircle.com'" Subject: RE: Catapult Date: Sat, 9 Nov 1996 10:10:02 +1300 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Two weeks ago our homepage came under a service attack. It appeared to be >a SYNC flood attack and performance of the server started to degrade. An >analysis of the IP packets indicated that the attack packets contained the >same from IP address, so we filtered that address out at our ISP's router. >At this point, though the attack was continuing, we no longer experienced >the detrimental effects. We then turn our efforts to tracing down >the source of the packets. The trail led to a company over in Israel >and the following is their story. This company was running a beta release >of Catapult on an NT machine. This product attempts to improve performance This is a known problem with the beta, corrected in the release version (now downloadable) >by automatically fetching information via HTTP on URL addresses it finds in >it's cache (I guess the idea is, if someone wanted it then everyone may want >it). Concept is that it prefetches stuff that is commonly requested from the webserver cache, so it has a current copy, in the anticipation that it will be requested again soon, not unlike the readahead most OS kernels will do on disk files. >The default update frequency value in the beta release was set very low >(seconds). If the site is busy and the catapult server fails to make the >connection, it tries again (and again and again). The company, in >this case, increased the retry value and the problem appears to have gone >away. >I am bring it to your attention because who knows what lucky site will >next to experience the thrill of being a target for this beta release. Beta expires mid November, so everyone should have upgraded by then. Beta also only runs under NT4 beta, not NT4 release, so people have a strong incentive to upgrade. A note for those planning to upgrade, you need your old setup files to uninstall catapult beta first, so keep those. The release version cannot install over the beta. From firewalls-owner Thu Nov 7 12:03:26 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA13065 for firewalls-outgoing; Thu, 7 Nov 1996 11:49:35 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA13054 for ; Thu, 7 Nov 1996 11:49:23 -0800 (PST) Received: (qmail 13410 invoked from smtpd); 7 Nov 1996 19:49:25 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 7 Nov 1996 19:49:25 -0000 Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id NAA15720; Thu, 7 Nov 1996 13:49:24 -0600 Received: by sonic.nmti.com; id AA19491; Thu, 7 Nov 1996 13:49:11 -0600 From: peter@baileynm.com (Peter da Silva) Message-Id: <9611071949.AA19491@sonic.nmti.com.nmti.com> Subject: Re: Plain-text passwords To: larry@spmu.runnet.ru (Lawrence Beobachter) Date: Thu, 7 Nov 1996 13:49:11 -0600 (CST) Cc: firewalls@GreatCircle.COM In-Reply-To: <3281B879.4191@spmu.runnet.ru> from "Lawrence Beobachter" at Nov 7, 96 01:22:49 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > I tried tcpdump on FreeBSD and it turned out that login information > during telnet sessions as well as USER and PASS info sent by pop-client > are both xmitted in plain text . > Is there any solution besides S/Key (please, include pointers) to > block this don't-know-how-to-call-it hole. SecureShell from DataFellows. http://www.datafellows.com/ From firewalls-owner Thu Nov 7 12:18:08 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA12206 for firewalls-outgoing; Thu, 7 Nov 1996 11:32:37 -0800 (PST) Received: from mail.baileynm.com (fw.baileynm.com [206.109.159.11]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA12175 for ; Thu, 7 Nov 1996 11:32:04 -0800 (PST) Received: (qmail 13141 invoked from smtpd); 7 Nov 1996 19:32:02 -0000 Received: from web.nmti.com (root@198.178.0.201) by fw.nmti.com with SMTP; 7 Nov 1996 19:32:02 -0000 Received: from sonic.nmti.com (peter@sonic.nmti.com [198.178.0.2]) by web.nmti.com (8.6.12/8.6.9) with SMTP id NAA14896; Thu, 7 Nov 1996 13:32:01 -0600 Received: by sonic.nmti.com; id AA15905; Thu, 7 Nov 1996 13:31:52 -0600 From: peter@baileynm.com (Peter da Silva) Message-Id: <9611071931.AA15905@sonic.nmti.com.nmti.com> Subject: Re: POP3 proxy To: beck@obtuse.com (Bob Beck) Date: Thu, 7 Nov 1996 13:31:51 -0600 (CST) Cc: tony@fozzie.secapl.com, otterley@digigami.com, admin@unicc.org, firewalls@GreatCircle.COM In-Reply-To: <199611070618.XAA01173@chocolate.obtuse.com> from "Bob Beck" at Nov 6, 96 11:18:50 pm X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > If you want pop out to arbitrary servers using a proxy, you'll > have to either have a transparent proxy (lots of them around), or a > modified "proxy aware" pop client that will talk to a nontransparent > proxy server (I know of no such beast). Failing that, you'll have to > resort to packet passing of some way, shape, or flavour, > routing/NATing and allowing outgoing connections to port 110. Or you can use a spoof like the one used by ftp-gw. Give it "user@site" as your login name, and "firewall" as the site. Then the proxy goes ahead and logs in to "site" as "user". From firewalls-owner Thu Nov 7 12:40:18 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA12065 for firewalls-outgoing; Thu, 7 Nov 1996 11:29:31 -0800 (PST) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA12031 for ; Thu, 7 Nov 1996 11:29:02 -0800 (PST) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id OAA12982; Thu, 7 Nov 1996 14:29:18 -0500 (EST) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V1.3) id sma012980; Thu Nov 7 14:29:18 1996 Received: by goffette.research.megasoft.com (940816.SGI.8.6.9/940406.SGI) id OAA12618; Thu, 7 Nov 1996 14:22:59 -0500 Date: Thu, 7 Nov 1996 14:22:59 -0500 Message-Id: <199611071922.OAA12618@goffette.research.megasoft.com> From: C Matthew Curtin To: Dragan Dimitrovici Cc: Firewalls@GreatCircle.COM Subject: Re: Firewall Information for Theises In-Reply-To: <327F48F0.3263@clearview.com.au> References: <327F48F0.3263@clearview.com.au> X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx>>>> "Dragan" == Dragan Dimitrovici writes: Dragan> Hi, my name is Dragan and I am doing a theisis on Internet Dragan> Security - Firewalls. Can anybody that has information about Dragan> firewalls (eg how they work, how to set them up, why a Dragan> firewall is needed, etc) could you please send me this Dragan> information. Check relevant FAQs and such: http://www.v-one.com/pubs/ http://www.greatcircle.com/firewalls/ -- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From firewalls-owner Thu Nov 7 12:40:51 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA11960 for firewalls-outgoing; Thu, 7 Nov 1996 11:27:03 -0800 (PST) Received: from waage.rz.uni-ulm.de (waage-2.rz.uni-ulm.de [134.60.240.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id LAA11890 for ; Thu, 7 Nov 1996 11:26:03 -0800 (PST) Received: by waage.rz.uni-ulm.de with Smail id m0vLa5G-0004BYC; Thu, 7 Nov 96 20:25 MET Message-Id: Subject: FW-1 and IP Spoofing To: firewalls@greatcircle.com (Firewalls Mailingliste) Date: Thu, 7 Nov 1996 20:25:50 +0100 (MET) Reply-To: frank.kargl@rz.uni-ulm.de X-Mailer: ELM [version 2.4 PL24 PGP6] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit From: Frank Kargl Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi everyone ... I have a rather strange question concerning the internals of Checkpoint's Firewall-1. First I want to describe you a specific setup : Internet<->Cisco1<->Sun/FW-1<->Switch<->Cisco2<-->int.net ^ | v Server Due to a shortage on IP addresses at a provider, I was forced to use a very small subnet of IP addresses (netmask 255.255.255.248) with all the machines. The addresses are like this (addresses changed of course): Cisco1: 198.49.12.22 and unnumbered ISDN interface Sun/FW1: 198.49.12.17 and 198.49.12.18 Switch: 198.49.12.19 Server: 198.49.12.20 Cisco2: 198.49.12.21 and internal address With the right mixture of Host-, Network- and default-routes you get this thing to work. Cisco1 has a host route to 198.49.12.17 and a network route for 198.49.12.16 to 198.49.12.17. The Sun has a host route for 198.49.12.22 to 198.49.12.17 and a network route for 198.49.12.16 to 198.49.12.18. All the other machines have default routes to 198.49.12.18 and a network route to the internal network. My question is, wether and how the FW-1 software is able to get it right to deny spoofed packets on the exterior interface claiming to be one of the internal hosts (esp. the server) or if this setup means any severe security risk. Regards ... Frank -- ------------------------------------------------------------------------------ Frank Kargl (aka Comram) Computing Center, University of Ulm, Germany Email:frank.kargl@rz.uni-ulm.de http://www.uni-ulm.de/kargl/ (->PGP-Key) Tel.(Uni): 0731-502-2509 Tel.(Privat): 0731-553972 Eplus: 0177-5539510 ------------------------------------------------------------------------------ Logic, logic, logic...Logic is the beginning of wisdom, Valeris, not the end [Spock --- Star Trek VI: "The Undiscovered Country"] From firewalls-owner Thu Nov 7 12:48:19 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id LAA11981 for firewalls-outgoing; Thu, 7 Nov 1996 11:27:48 -0800 (PST) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id LAA11929 for ; Thu, 7 Nov 1996 11:26:39 -0800 (PST) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id OAA12971; Thu, 7 Nov 1996 14:26:18 -0500 (EST) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V1.3) id sma012969; Thu Nov 7 14:25:49 1996 Received: by goffette.research.megasoft.com (940816.SGI.8.6.9/940406.SGI) id OAA12614; Thu, 7 Nov 1996 14:19:26 -0500 Date: Thu, 7 Nov 1996 14:19:26 -0500 Message-Id: <199611071919.OAA12614@goffette.research.megasoft.com> From: C Matthew Curtin To: Jan Koum Cc: Colin Campbell , Ken Meade , firewalls@GreatCircle.COM Subject: Re: Firewall selection! In-Reply-To: References: <199611052256.IAA00916@guru.citec.qld.gov.au> X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx>>>> "Jan" == Jan Koum writes: Jan> Following your analogy: Jan> I don't trust any one with keys to my house. Even those who Jan> built it. I better build one on my own and know all "ins and Jan> outs" in case of fire or other natural disasters. Also, what if Jan> it rains and roof leaks and people from TIS are not around? You Jan> better know where to look for that leak, or else it will be a lot Jan> of water... ;-) Take your pick. The problem with taking the analogy out to this point is that it won't hold up because the Gauntlet is a crystal box. You get all of the source code. You get documentation. You get support. They don't just give you an "upgrade" and say "here, run these commands as root, it will run some programs". You've got complete source so that you can pull it apart, learn from it, and even modify it if need be. I use some parts of the FWTK for my own purposes, or for things for my own company internally. I'll be here to fix it if something goes wrong, and there are other people here sufficiently clued to be able to figure out what's happening and fix it if I'm not. However, in situations where someone wants me to recommend something that their IS department can run (or if I'm consulting), or that sort of thing, I'll point 'em to the Gauntlet... -- Matt Curtin cmcurtin@research.megasoft.com Megasoft, Inc Chief Scientist http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself. Hacker Security Firewall Crypto PGP Privacy Unix Perl Java Internet Intranet From firewalls-owner Thu Nov 7 13:18:32 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA18068 for firewalls-outgoing; Thu, 7 Nov 1996 13:07:29 -0800 (PST) Received: from gamespot.com (ns1.gamespot.com [206.169.18.2]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id NAA18040 for ; Thu, 7 Nov 1996 13:07:17 -0800 (PST) Received: from tech-a.gamespot.com (tech-a.gamespot.com [206.169.18.66]) by gamespot.com (8.7.5/8.6.12) with SMTP id NAA25954 for ; Thu, 7 Nov 1996 13:54:56 GMT Message-Id: <199611071354.NAA25954@gamespot.com> Comments: Authenticated sender is From: "Ian Kallen" To: firewalls@greatcircle.com Date: Thu, 7 Nov 1996 13:08:38 +0000 Subject: defense against SYN floods on FreeBSD? Reply-to: ian@gamespot.com X-mailer: Pegasus Mail for Windows (v2.23) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I understand that BSDi put out a patch for SYN flood hardening, does anybody know of a fix for freeBSD 2.1.5? -- Ian Kallen ian@gamespot.com Director of Technology & Web Administration http://www.gamespot.com From firewalls-owner Thu Nov 7 13:22:54 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA16740 for firewalls-outgoing; Thu, 7 Nov 1996 12:47:54 -0800 (PST) Received: from reflections.mindspring.com (reflections.mindspring.com [204.180.142.192]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id MAA16713 for ; Thu, 7 Nov 1996 12:47:41 -0800 (PST) Received: (from lists@localhost) by reflections.mindspring.com (8.7.1/8.7.1) id PAA19173; Thu, 7 Nov 1996 15:48:20 -0500 Date: Thu, 7 Nov 1996 15:48:20 -0500 (EST) From: Todd Graham Lewis To: Jim Wamsley 303-673-8163 cc: klynn@surfsoft.com, firewalls@GreatCircle.COM Subject: Re: Appletalk In-Reply-To: <199611071441.HAA22647@coltano.stortek.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 7 Nov 1996, Jim Wamsley 303-673-8163 wrote: > CAUTION - BLATANT COMMERCIALISM FOLLOWS: > > jason mastaler writes: > > > > The other option would be to setup some type of translation mechanicism that > > could translate the AppleTalk packets into TCP packets; then this TCP > > traffic could be "plug-gw" through the firewall. There maybe a product > > called "gator" that would perform this function. I really do not have alot > > of knowledge about this product. > > > > Network Systems Corporation, (...) has the Borderguard > 1000 and Borderguard 2000 products that feature Secure Tunnel Bridging. (...) Additionally, you might want to look into using netatalk to encapsulate and route appletalk across IP. It's been too long since I've used it, but I think it might be up to it. __ Todd Graham Lewis Linux! Core Engineering Mindspring Enterprises tlewis@mindspring.com (800) 719 4664, x2804 From firewalls-owner Thu Nov 7 13:33:56 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id NAA18975 for firewalls-outgoing; Thu, 7 Nov 1996 13:16:55 -0800 (PST) Received: from maryann.ebs.net (maryann.ebs.net [204.254.158.8]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with ESMTP id NAA18886 for ; Thu, 7 Nov 1996 13:16:33 -0800 (PST) Received: from gilligan.ebs.net (cosmo@gilligan.ebs.net [204.254.158.13]) by maryann.ebs.net (8.8.2/8.6.9) with SMTP id PAA06990; Thu, 7 Nov 1996 15:23:40 -0600 Date: Thu, 7 Nov 1996 15:23:31 -0600 (CST) From: Craig Brozefsky To: Tony Iannotti cc: Adam Shostack , otterley@digigami.com, admin@unicc.org, firewalls@GreatCircle.COM Subject: Re: POP3 proxy In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Wed, 6 Nov 1996, Tony Iannotti wrote: > > Also consider requiring apop or kerberos authentication to the > > proxy, and then translate that into a uname/password combination if > > thats all your internal machine requires/supports. > > I think the newest qpop does apop, and IMHO should be required. I reccomend doing a code review of qpop before using it on a server inside your firewall and plugging thru to it. > > Encrypting & authenticating this link is a very good idea, on > > top of apop. Kerberized mail, if I remember correctly, will be > > encrypted on the wire. > > I thought kerberos only did authentication, not session encryption? It's broken tho. Craig Brozefsky cosmo@ebs.net System Administrator vox: 312-226-1675 EBS.NET http://www.ebs.net *****available for limited time only in this dimension**** From firewalls-owner Thu Nov 7 13:40:31 1996 Received: (majordom@localhost) by miles.greatcircle.com (8.7.1-lists/Lists-960417-1) id MAA15891 for firewalls-outgoing; Thu, 7 Nov 1996 12:34:21 -0800 (PST) Received: from lehman.Lehman.COM (lehman.Lehman.COM [192.147.66.1]) by miles.greatcircle.com (8.7.4/Miles-960830-1) with SMTP id MAA15850 for ; Thu, 7 Nov 1996 12:33:46 -0800 (PST) Received: (from smap@localhost) by lehman.Lehman.COM (8.6.12/8.6.12) id PAA15006; Thu, 7 Nov 1996 15:33:09 -0500 Received: from relay.mail.lehman.com(192.9.140.112) by lehman via smap (V1.3) id tmp014996; Thu Nov 7 15:33:02 1996 Received: from lehman.COM (cmgrelay1) by relay.lehman.com (4.1/LB-0.6) id AA07974; Thu, 7 Nov 96 15:33:00 EST Received: from usccgw03.usccmail.lehman.com (usccgw03 [146.127.39.13]) by lehman.COM (8.7.6/8.7.6) with SMTP id PAA01438; Thu, 7 Nov 1996 15:32:58 -0500 (EST) Received: from ccMail by usccgw03.usccmail.lehman.com (IMA Internet Exchange 2.03 (Beta 3) Enterprise) id 0001833E; Thu, 7 Nov 96 15:34:10 -0500 Mime-Version: 1.0 Date: Thu, 7 Nov 1996 15:26:41 -0500 Message-Id: <0001833E.1576@usccmail.lehman.com> From: Paul_Hanusz@usccmail.lehman.com (Paul Hanusz) Subject: Re[2]: [NTSEC] SAM file content - has anyone opened it? To: Bill Stout , Ryan Russell/SYBASE , firewalls@greatcircle.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Description: cc:Mail note part Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The syntax is: at