From owner-firewalls-outgoing Tue Apr 1 00:38:30 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA07080 for firewalls-outgoing; Tue, 1 Apr 1997 00:26:00 -0800 (PST) Received: from polaris.pacificnet.net (polaris.pacificnet.net [207.171.0.250]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id AAA07051 for ; Tue, 1 Apr 1997 00:25:54 -0800 (PST) Received: from default (pm3c-4.pacificnet.net [207.171.18.101]) by polaris.pacificnet.net (8.6.11/8.6.11) with SMTP id AAA13390; Tue, 1 Apr 1997 00:24:33 -0800 Message-ID: <3340C7BE.1873@pacificnet.net> Date: Tue, 01 Apr 1997 00:30:54 -0800 From: Osiris Reply-To: osiris@pacificnet.net Organization: Abode of the Dead X-Mailer: Mozilla 3.01Gold (Win95; I) MIME-Version: 1.0 To: sunwei@sea.net.edu.cn CC: Firewalls@GreatCircle.COM Subject: Re: PC based network analyzer References: <199703290900.BAA16076@honor.greatcircle.com> <33417F81.317E@sea.net.edu.cn> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ********* Gobbler *********** http://www.macatawa.org/~agent43/gobbler.zip [ALT] ftp://ftp.mzt.hr/pub/tools/pc/sniffers/gobbler/gobbler.zip [ALT] ftp://ftp.tordata.se/www/hokum/gobbler.zip ******** Ethload ********** ftp://oak.oakland.edu/SimTel/msdos/lan/ethld104.zip [ALT] http://www.med.ucalgary.ca:70/1/ftp/dos/regular [ALT] ftp://ftp.vuw.ac.nz/simtel/msdos/lan/ethld104.zip [ALT] http://www.apricot.co.uk/ftp/bbs/atsbbs/allfiles.htm From owner-firewalls-outgoing Tue Apr 1 00:54:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA08962 for firewalls-outgoing; Tue, 1 Apr 1997 00:48:14 -0800 (PST) Received: from cemtecasia.com.sg ([202.42.237.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id AAA08954 for ; Tue, 1 Apr 1997 00:48:08 -0800 (PST) Received: by ssy.cemtecasia.com.sg id <14979>; Tue, 1 Apr 1997 16:59:47 +0800 X-MAPI-MessageClass: IPM To: sunwei@sea.net.edu.cn, Firewalls@GreatCircle.COM X-Mailer: FTP Software Internet Mail 2.0 MIME-Version: 1.0 From: Wilson Heng Subject: RE: PC based network analyzer Date: Tue, 1 Apr 1997 17:27:06 +0800 Content-Type: text/plain; charset=US-ASCII; X-MAPIextension=".TXT" Content-Transfer-Encoding: 7bit Message-Id: <97Apr1.165947sst.14979@ssy.cemtecasia.com.sg> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Well, you could use LANwatch from FTP software. More information could be obtained at www.ftp.com. :-) Subject : PC based network analyzer *Sun Wei (sunwei@sea.net.edu.cn) wrote> Hi, Does anyone know if there is a kind of PC based network packet analyzer? TIA, Wei -- *---------------------------------------------------------------* | Wei Sun | Phone: 86-10-62784997 | | Tsinghua Univ. Network Center | Fax : 86-10-62785933 | | Rm 224, Central Main Building | Email: sunwei@sea.net.edu.cn | | Tsinghua Univ., Beijing, P.R.China | *---------------------------------------------------------------* >>End of message From owner-firewalls-outgoing Tue Apr 1 01:28:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA12823 for firewalls-outgoing; Tue, 1 Apr 1997 01:18:34 -0800 (PST) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA12806 for ; Tue, 1 Apr 1997 01:18:27 -0800 (PST) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id EAA22153; Tue, 1 Apr 1997 04:18:47 -0500 Date: Tue, 1 Apr 1997 04:18:43 -0500 (EST) From: Todd Graham Lewis To: Sun Wei cc: Firewalls@GreatCircle.COM Subject: Re: PC based network analyzer In-Reply-To: <33417F81.317E@sea.net.edu.cn> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 1 Apr 1997, Sun Wei wrote: > Does anyone know if there is a kind of PC based network packet analyzer? Yes; tcpdump. It runs on a number of PC os'es, including Linux, the BSD's, and potentially NT, although I'm not sure about the last. __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Tue Apr 1 01:36:30 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA13168 for firewalls-outgoing; Tue, 1 Apr 1997 01:21:39 -0800 (PST) Received: from us0229.nomura.co.uk (us0229.nomura.co.uk [194.223.136.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id BAA13069 for ; Tue, 1 Apr 1997 01:21:16 -0800 (PST) From: steve.gailey@nomura.co.uk Received: by us0229.nomura.co.uk; id AA24003; Tue, 1 Apr 97 10:27:21 BST Received: from mailhub by us0229.nomura.co.uk via smap (V3.1) id xma023990; Tue, 1 Apr 97 10:27:18 +0100 Received: from by nomura.co.uk (5.x/SMI-SVR4) id AA27873; Tue, 1 Apr 1997 10:21:34 +0100 X-Openmail-Hops: 2 Date: Tue, 1 Apr 97 10:20:48 +0100 Message-Id: In-Reply-To: <33417F81.317E@sea.net.edu.cn> Subject: Re: PC based network analyzer Mime-Version: 1.0 To: sunwei@sea.net.edu.cn Cc: Firewalls@GreatCircle.COM Content-Type: text/plain; charset=US-ASCII; name="PC" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Try ethermon, It's on ftp.demon.co.uk amongst other places, somewhere in their PC tree. It uses Packet drivers to work with most PC cards and provides a real time display, mainly aimed at ip, though it does some other stuff as well including IPX. It is a bit long in the tooth now, but I still use it. Ignore the contact details in the readme file though, I have moved several times and changed ISP's too :-) Steve ______________________________ Reply Separator _________________________________ Subject: PC based network analyzer Author: firewalls-owner (firewalls-owner@GreatCircle.COM) at internet-mime Date: 4/1/97 9:34 PM Hi, Does anyone know if there is a kind of PC based network packet analyzer? TIA, Wei -- *---------------------------------------------------------------* | Wei Sun | Phone: 86-10-62784997 | | Tsinghua Univ. Network Center | Fax : 86-10-62785933 | | Rm 224, Central Main Building | Email: sunwei@sea.net.edu.cn | | Tsinghua Univ., Beijing, P.R.China | *---------------------------------------------------------------* From owner-firewalls-outgoing Tue Apr 1 01:51:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA16507 for firewalls-outgoing; Tue, 1 Apr 1997 01:48:08 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA16480 for ; Tue, 1 Apr 1997 01:47:53 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id MAA12130; Tue, 1 Apr 1997 12:48:22 +0300 Date: Tue, 1 Apr 97 12:48:59 From: Ziv Dascalu Subject: RE: Firewall export license To: firewalls@GreatCircle.COM, allan@bellsouth.net X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Mon, 31 Mar 1997 10:52:16 -0800 Allan Chong wrote: >How hard is it to get a DES encryption export license for a >firewall? I've got a financial services firm that wants >encryption between their location here in the US and Israel. > > >allan -----------------End of Original Message----------------- Hi, I would suggest looking at firewall vendors that their development was done outside the IS. they are not bounded to the export restrictions that the US manufactures are tied with. In any case I would suggest looking specifically at the VPN solutions that the vendors have and not the end to end ones . /Ziv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ / AbirNet provides the next generation in Internet and Intranet Protection\ | AbirNet provides Windows 95 & NT-based software that let's you know | | how your network is being used while protecting it from intrusions | | and abuse using no-network overhead, see-it-all filtering, blocking, | | alerting, logging, and scanning technologies. | | | \========== Get a trial version at ===============/ From owner-firewalls-outgoing Tue Apr 1 02:06:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA15692 for firewalls-outgoing; Tue, 1 Apr 1997 01:41:34 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA15636 for ; Tue, 1 Apr 1997 01:41:19 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id MAA12081; Tue, 1 Apr 1997 12:41:48 +0300 Date: Tue, 1 Apr 97 12:43:53 From: Ziv Dascalu Subject: RE: Microsoft ULS/ILS through a firewall To: "'firewalls@GreatCircle.COM'" , Cato Antonsen X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Tue, 1 Apr 1997 00:02:19 +0100 Cato Antonsen wrote: >Hi, > >I've been trying to figure out which ports I need to open on our >firewall to get Netmeeting and the ILS-server to work on our network. > >I've searched the net and browsed through some Internet drafts without >any luck. So now I turn to you guy's... ;-) > >Thanks in advance! > >Mvh, >Cato Antonsen (http://login.nord.eunet.no/~cato) >Systemansvarlig, EUnet NORD AS -----------------End of Original Message----------------- Hi, I would recommend 1st to monitor your system and see what protocols are being used . then block EVERYTHING and just leave the once you detected and want to keep. I found it to be the fastest way to integrate a firewall into an existing netowrk. /Ziv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ / AbirNet provides the next generation in Internet and Intranet Protection\ | AbirNet provides Windows 95 & NT-based software that let's you know | | how your network is being used while protecting it from intrusions | | and abuse using no-network overhead, see-it-all filtering, blocking, | | alerting, logging, and scanning technologies. | | | \========== Get a trial version at ===============/ From owner-firewalls-outgoing Tue Apr 1 02:23:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA18960 for firewalls-outgoing; Tue, 1 Apr 1997 02:06:34 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA18899 for ; Tue, 1 Apr 1997 02:06:18 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id NAA12241; Tue, 1 Apr 1997 13:06:47 +0300 Date: Tue, 1 Apr 97 13:09:16 From: Ziv Dascalu Subject: RE: RealAudio To: firewalls@GreatCircle.COM, mmozes@fujitsu.ca X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Mon, 31 Mar 97 10:36:00 PST mmozes@fujitsu.ca wrote: > >Does anyone know the port number for RealAudio? > >Thanks, -----------------End of Original Message----------------- realAudio is 7070 TCP /ZIv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection http://www.AbirNet.com | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ From owner-firewalls-outgoing Tue Apr 1 02:36:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA23292 for firewalls-outgoing; Tue, 1 Apr 1997 02:33:29 -0800 (PST) Received: from gateway.internet-smartware.com ([195.152.168.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA23249 for ; Tue, 1 Apr 1997 02:33:17 -0800 (PST) Received: by gateway.internet-smartware.com; id LAA20461; Tue, 1 Apr 1997 11:34:36 +0100 (BST) Received: from jupiter.internet-smartware.com(172.16.2.4) by gateway.internet-smartware.com via smap (V3.1.1) id xma020459; Tue, 1 Apr 97 11:34:09 +0100 Received: from jupiter.internet-smartware.com (robin@jupiter.Internet-SmartWare.com [172.16.2.4]) by jupiter.internet-smartware.com (8.7.4/8.7.3) with SMTP id LAA10659; Tue, 1 Apr 1997 11:44:32 +0100 (BST) Date: Tue, 1 Apr 1997 11:44:31 +0100 (BST) From: Robin J Smith To: Cato Antonsen cc: "'firewalls@GreatCircle.COM'" Subject: Re: Microsoft ULS/ILS through a firewall In-Reply-To: <97Apr1.005915bst.11649-2@gateway.peapod.co.uk> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Cato, On Tue, 1 Apr 1997, Cato Antonsen wrote: > I've been trying to figure out which ports I need to open on our > firewall to get Netmeeting and the ILS-server to work on our network. If you really want to let Netmeeting through your firewall: http://www.microsoft.com/kb/articles/q158/6/23.htm ...but you should look at proxying UDP. Robin J Smith - Systems Engineer Internet Smartware Ltd., 1c The Harlequin Centre, Southall Lane, Southall, Middlesex, UB2 5NH, UK Tel:+44 (0) 181 574 9545 Fax:+44 (0) 181 574 8384 http://www.internet-smartware.com From owner-firewalls-outgoing Tue Apr 1 03:08:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA19760 for firewalls-outgoing; Tue, 1 Apr 1997 02:12:01 -0800 (PST) Received: from mozart.adv.magwien.gv.at (mozart.adv.magwien.gv.at [141.203.2.173]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id CAA19732 for ; Tue, 1 Apr 1997 02:11:50 -0800 (PST) Received: by mozart.adv.magwien.gv.at id AA23476 (5.65c8+/MagwienServer(pfp)2.3 for firewalls@greatcircle.com); Tue, 1 Apr 1997 12:14:54 +0200 Received: from ta4014.adv.magwien.gv.at by adv.magwien.gv.at (5.65c8+/MagwienSilly(pfp&stg)1.2/3.10) id AA18687; Tue, 1 Apr 1997 12:14:52 +0200 Message-Id: <2.2.32.19970401101209.006a3af4@pop1.magwien.gv.at> X-Sender: pel@pop1.magwien.gv.at X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 01 Apr 1997 12:12:09 +0200 To: firewalls@GreatCircle.COM From: Michael Pellmann Subject: Re: CNET story on Microsoft defending ActiveX today X-Charset: LATIN1 X-Char-Esc: 29 X-Doublesendmail-From: pel@adv.magwien.gv.at X-Doublesendmail-To: firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Or what happens when you go to an ActiveX class or buy the Microsoft Press >version? How does Microsoft *know* what they are signing? > >Or when someone duplicates the signing technology (Oh, before you run this >neat application, you will need to Upgrade your Cert Authority Now!). > And don't forget that the authentication is only used for downloading. Every page on the net can use all modules already installed. And modules can be installed either by downloading (authentication involved) or by local installed applications or systems (no authentication involved, but maybe you know where you get that one out of thousend modules from). You can use that modules in a way, the author never expected to work. Or you can use it in a way the author has designed it to work, but never to work over the net or only for his application. Remember the good old authorization SVCs on mainframes, you had to know to bypass security. BTW do you know where you have gotten the that module from ? Michael From owner-firewalls-outgoing Tue Apr 1 03:09:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA22216 for firewalls-outgoing; Tue, 1 Apr 1997 02:24:56 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA22199 for ; Tue, 1 Apr 1997 02:24:47 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id NAA12325; Tue, 1 Apr 1997 13:25:18 +0300 Date: Tue, 1 Apr 97 13:26:58 From: Ziv Dascalu Subject: Re: email monitoring To: firewalls@GreatCircle.COM, Information Security X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Fri, 28 Mar 1997 00:25:22 -0500 (EST) Information Security wrote: >Still posting to comp.security.firewalls... > >I'm up through the five month statistics on what was caught >outbound via the firewall...over 400,000 lines of proprietary >source code for one thing. > >All the people had legitimate access internally. > >It makes me feel (almost) that all the regular Unix security >work I've done had no meaning. Who cares if they break root >if distributed thieves and idiots simply email out what they >already have access to? > >Sigh, >---guy -----------------End of Original Message----------------- Hi, Why not just putting some email monitoring software and block messages which do not fit the company policies ? /Ziv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ / AbirNet provides the next generation in Internet and Intranet Protection\ | AbirNet provides Windows 95 & NT-based software that let's you know | | how your network is being used while protecting it from intrusions | | and abuse using no-network overhead, see-it-all filtering, blocking, | | alerting, logging, and scanning technologies. | | | \========== Get a trial version at ===============/ From owner-firewalls-outgoing Tue Apr 1 03:21:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA20796 for firewalls-outgoing; Tue, 1 Apr 1997 02:17:12 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA20751 for ; Tue, 1 Apr 1997 02:16:57 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id NAA12286; Tue, 1 Apr 1997 13:17:25 +0300 Date: Tue, 1 Apr 97 13:17:55 From: Ziv Dascalu Subject: RE: Need advice on logging, authentication and encyrption To: firewalls@GreatCircle.COM, FaNgYoU2 X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, You asked: 1) How can we get the NT machine to write the log created by cc:Web over a serial port to a stand alone logging machine? *** You can get and use othewr tracking devices that will log and show the whole traffic or needed parts of it for later viewing 2) Can the NT machine be set up to ftp the log file to another hardened machine? *** you can set a FTP server on that machine or use scripts to send it over to somewhere else on specific times 3) What software is out there that we could give to users that would work together with the Secure-ID we are installing on Gauntlet to provide encryption of the connection? *** I would check it with the vendor and also what smart cards companies are working with this /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ / AbirNet provides the next generation in Internet and Intranet Protection\ | AbirNet provides Windows 95 & NT-based software that let's you know | | how your network is being used while protecting it from intrusions | | and abuse using no-network overhead, see-it-all filtering, blocking, | | alerting, logging, and scanning technologies. | | | \========== Get a trial version at ===============/ From owner-firewalls-outgoing Tue Apr 1 03:41:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA20114 for firewalls-outgoing; Tue, 1 Apr 1997 02:13:57 -0800 (PST) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA20095 for ; Tue, 1 Apr 1997 02:13:49 -0800 (PST) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id NAA12273; Tue, 1 Apr 1997 13:14:14 +0300 Date: Tue, 1 Apr 97 13:15:59 From: Ziv Dascalu Subject: Re: Need advice on logging, authentication and encyrption To: FaNgYoU2 , Harry Behrens Cc: firewalls@GreatCircle.COM, behrens@mtl.t.u-tokyo.ac.jp X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Mon, 31 Mar 1997 02:27:54 +0900 Harry Behrens wrote: >At 08:28 97/03/30 -0500, you wrote: > >>Last Thursday they found that a hacker running a packet sniffer on the >>Internet had been capturing user names and passwords and then logging into >>cc:Web/cc:Mail during off hours. > >How do you suppose a hacker runs a packet sniffer "on the Internet". >Typically packet sniffers are run on your local LAN by listening to all >traffic being sent over the local Ethernet. >I don't see how this can be done on the Internet unless the hacker is placed >on some upstream network through which all traffic to and from that site is >routed. >> -----------------End of Original Message----------------- The sniffing can also be done by doing DNS redirection for specific services In this case there is no need to be upsteam since it will go throu you. /Ziv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ / AbirNet provides the next generation in Internet and Intranet Protection\ | AbirNet provides Windows 95 & NT-based software that let's you know | | how your network is being used while protecting it from intrusions | | and abuse using no-network overhead, see-it-all filtering, blocking, | | alerting, logging, and scanning technologies. | | | \========== Get a trial version at ===============/ From owner-firewalls-outgoing Tue Apr 1 04:51:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id EAA14421 for firewalls-outgoing; Tue, 1 Apr 1997 04:36:13 -0800 (PST) Received: from cissco.hq.caci.com (cissco.hq.caci.com [204.177.212.111]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id EAA14414 for ; Tue, 1 Apr 1997 04:36:08 -0800 (PST) Received: by cissco.hq.caci.com; id HAA09259; Tue, 1 Apr 1997 07:38:31 -0500 (EST) Received: from unknown(198.135.9.87) by cissco.hq.caci.com via smap (V3.1.1) id xma009257; Tue, 1 Apr 97 07:38:26 -0500 Received: by cacimta.hq.caci.com(Lotus SMTP MTA v1.05 (274.9 11-27-1996)) id 8525646C.0045B228 ; Tue, 1 Apr 1997 07:41:15 -0400 X-Lotus-FromDomain: CACI From: "Ed Martin" To: FIREWALLS@GreatCircle.COM Message-ID: <8525646C.004582CF.00@cacimta.hq.caci.com> Date: Tue, 1 Apr 1997 07:41:20 -0400 Subject: Cisco Enterprise Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From: Ed Martin on 04/01/97 07:41 AM Anyone have any input/feedback on the overall security of using a Cisco 2500 series router loaded with the Enterprise package as a firewall between internet and internal network? Ed Martin emartin@hq.caci.com From owner-firewalls-outgoing Tue Apr 1 05:07:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id EAA14493 for firewalls-outgoing; Tue, 1 Apr 1997 04:38:38 -0800 (PST) Received: from cheops.anu.edu.au (cheops.anu.edu.au [150.203.76.24]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id EAA14486 for ; Tue, 1 Apr 1997 04:38:32 -0800 (PST) Message-Id: <199704011238.EAA14486@honor.greatcircle.com> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA233638035; Tue, 1 Apr 1997 22:33:55 +1000 From: Darren Reed Subject: Re: PC based network analyzer To: lists@reflections.eng.mindspring.net (Todd Graham Lewis) Date: Tue, 1 Apr 1997 22:33:55 +1000 (EST) Cc: sunwei@sea.net.edu.cn, Firewalls@GreatCircle.COM In-Reply-To: from "Todd Graham Lewis" at Apr 1, 97 04:18:43 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In some mail from Todd Graham Lewis, sie said: > > On Tue, 1 Apr 1997, Sun Wei wrote: > > > Does anyone know if there is a kind of PC based network packet analyzer? > > Yes; tcpdump. It runs on a number of PC os'es, including Linux, the > BSD's, and potentially NT, although I'm not sure about the last. On NT, look for "netmon" - a superb packet analyzer! Someone should port it to Unix. From owner-firewalls-outgoing Tue Apr 1 05:21:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA15770 for firewalls-outgoing; Tue, 1 Apr 1997 05:17:52 -0800 (PST) Received: from relay.hq.tis.com (relay.hq.tis.com [192.94.214.100]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA15763 for ; Tue, 1 Apr 1997 05:17:47 -0800 (PST) Received: by relay.hq.tis.com; id IAA29623; Tue, 1 Apr 1997 08:14:51 -0500 (EST) Received: from clipper.hq.tis.com(10.33.1.2) by relay.hq.tis.com via smap (3.2) id xma029612; Tue, 1 Apr 97 08:14:33 -0500 Received: from gildor.hq.tis.com (gildor.hq.tis.com [10.33.80.10]) by clipper.hq.tis.com (8.7.5/8.7.3) with SMTP id IAA10042; Tue, 1 Apr 1997 08:17:49 -0500 (EST) Message-Id: <3.0.1.32.19970401081629.006f5e64@pop.hq.tis.com> X-Sender: avolio@pop.hq.tis.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 01 Apr 1997 08:16:29 -0500 To: allan@bellsouth.net, firewalls@greatcircle.com From: Frederick M Avolio Subject: Re: Firewall export license In-Reply-To: <333FFD59.1AB1@bellsouth.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Allan, It depends on the firewall and the company. Gauntlet firewalls may be exported with 56bit DES (with or without key recovery technology) and with triple DES (with key recovery). We may be the only firewall vendor able to do this currently. See www.tis.com for details. f At 10:52 AM 3/31/97 -0800, Allan Chong wrote: >How hard is it to get a DES encryption export license for a >firewall? I've got a financial services firm that wants >encryption between their location here in the US and Israel. --- (voice) +1 301-854-5749; (fax) +1 301-854-5363 Web site: http://www.tis.com/ PGP Key: http://www.tis.com/docs/corporate/fredpgp.html PGP Key fingerprint =37 6B 35 BB B2 07 BE B7 D5 47 C3 30 4E 39 A2 EE From owner-firewalls-outgoing Tue Apr 1 05:47:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA15936 for firewalls-outgoing; Tue, 1 Apr 1997 05:24:33 -0800 (PST) Received: from panix2.panix.com (panix2.panix.com [198.7.0.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA15928 for ; Tue, 1 Apr 1997 05:24:28 -0800 (PST) Received: (from guy@localhost) by panix2.panix.com (8.8.5/8.7/PanixU1.3) id IAA27792; Tue, 1 Apr 1997 08:25:22 -0500 (EST) Date: Tue, 1 Apr 1997 08:25:22 -0500 (EST) From: Information Security Message-Id: <199704011325.IAA27792@panix2.panix.com> To: firewalls@GreatCircle.COM Subject: Re: email monitoring Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > --- On Fri, 28 Mar 1997 00:25:22 -0500 (EST) Information Security wrote: > > >Still posting to comp.security.firewalls... > > > >I'm up through the five month statistics on what was caught > >outbound via the firewall...over 400,000 lines of proprietary > >source code for one thing. > > -----------------End of Original Message----------------- > > Hi, > Why not just putting some email monitoring software and block > messages which do not fit the company policies ? > /Ziv How would you programmatically block (or not block) an arbitrary email? ---- I'm through a number of different categories of security incidents, such as o people working on their own jobs while within the firm o Dumb-and-Dumber o last week on the job o people just trying to do work (ex: mailing code to a vendor) If it's scrolled out of your local ISP, try www.dejanews.com. Usenet group 'comp.security.firewalls', subject "Corruption at Salomon Brothers'. Installments "Serial #0" through #12 have been posted. ---guy From owner-firewalls-outgoing Tue Apr 1 05:54:27 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA16326 for firewalls-outgoing; Tue, 1 Apr 1997 05:36:12 -0800 (PST) Received: from scribe.cc.purdue.edu (scribe.cc.purdue.edu [128.210.11.6]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id FAA16318 for ; Tue, 1 Apr 1997 05:36:07 -0800 (PST) Received: from ia01.freh.purdue.edu by scribe.cc.purdue.edu; Tue, 1 Apr 97 08:36:39 -0500 Comments: Authenticated sender is From: "Michael S Hines" Organization: Purdue University To: Firewalls@GreatCircle.COM Date: Tue, 1 Apr 1997 08:39:28 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: PC based network analyzer Reply-to: mshines@purdue.edu X-mailer: Pegasus Mail for Win32 (v2.42) Message-Id: <33410f672348002@scribe.cc.purdue.edu> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk WinNT Server comes with a network analyzer tool whcih will catch and log packets for you. ----------------------------------------------------------------- Internet: mshines@purdue.edu * Michael S. Hines, CDP, CFE Voice: (765) 494-5845 * Sr. Information Systems Auditor FAX: (765) 496-1814 * Purdue University * 1065 Freehafer Hall * West Lafayette, IN 47907-1065 From owner-firewalls-outgoing Tue Apr 1 06:24:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA19531 for firewalls-outgoing; Tue, 1 Apr 1997 06:10:11 -0800 (PST) Received: from ferc1.ferc.fed.us (ferc1.ferc.fed.us [199.75.48.241]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA19524 for ; Tue, 1 Apr 1997 06:10:05 -0800 (PST) Received: from mjycdsi ([205.130.8.15]) by ferc1.ferc.fed.us (8.6.9/8.6.9) with SMTP id QAA27541 for ; Tue, 1 Apr 1997 16:39:26 -0500 Message-ID: <33411719.AE2@ferc.fed.us> Date: Tue, 01 Apr 1997 09:09:29 -0500 From: michael yelland Reply-To: myelland@ferc.fed.us Organization: FERC X-Mailer: Mozilla 3.0 (WinNT; I) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Eagle NT 4.0 & DNS Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk We have Eagle NT 4.0, and Linux DNS. Linux lives on the inside. We want it to erve our domain - as it has. We want to set up Eagle's DNSd so it forwards requests not in our domain to the root servers. Our Eagle's inside add is 13.230, outside is 12.200 and Linux is 13.243, and we want to point our clients at 13.230, so that we can (slowly) move DNS to Eagle completely. We want 13.230 to send requests for _our_ domain to 13.243 and for any other to the root. I've got a 'forwarders 13.230' and 'slave' statement in named.boot on Linux, and...but it doesn't work yet. If I point clients to 13.243 all is fine (inside)... -- Your packet is important to us...clear the DE bit next time... From owner-firewalls-outgoing Tue Apr 1 06:52:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA27061 for firewalls-outgoing; Tue, 1 Apr 1997 06:47:45 -0800 (PST) Received: from miles.greatcircle.com (miles.greatcircle.com [198.102.244.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA26753 for ; Tue, 1 Apr 1997 06:46:31 -0800 (PST) Received: from portal.east.saic.com (portal.east.saic.com [198.151.13.15]) by miles.greatcircle.com (8.8.5/Miles-970308-2) with SMTP id GAA00168 for ; Tue, 1 Apr 1997 06:30:18 -0800 (PST) Received: from blazer.cist.saic.com ([149.8.156.11]) by portal.east.saic.com via smtpd (for miles.greatcircle.com [198.102.244.34]) with SMTP; 1 Apr 1997 14:30:35 UT Received: from obiwan.cist.saic.com (unverified [149.8.156.16]) by blazer.cist.saic.com (EMWAC SMTPRS 0.83) with SMTP id ; Tue, 01 Apr 1997 09:31:42 -0500 Message-ID: From: "Chris Kostick" To: "Neale Banks" Cc: Subject: Re: Getting DNS through a firewall. Date: Tue, 1 Apr 1997 09:27:52 -0500 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > I would suggest to run you own dns slave server on the firewall instead of > > unsafely passing DNS Packets. > > Does this not raise a quandry: if it is unsafe to pass DNS packets through > the firewall, then how is it safe to pass them to a dns slave server on > the firewall? > > Or, is it assumed that one will run a "safe" dns slave on the firewall? Refresh my memory. What's so unsafe about DNS, or more specifically, the BIND code that most people use? I think what the poster was suggesting is that an external (i.e. slave server) and internal DNS server be run. Outside access would only have minimal information available to them. This, as opposed to the original question of just getting DNS through the firewall to the only DNS server (TCP and UDP), and having all information available about the internal network. -- chris From owner-firewalls-outgoing Tue Apr 1 07:06:50 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA24535 for firewalls-outgoing; Tue, 1 Apr 1997 06:37:02 -0800 (PST) Received: from prometheus.advstaff.com (advstaff.com [205.136.148.15]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA24508 for ; Tue, 1 Apr 1997 06:36:55 -0800 (PST) From: mgetter@advstaff.com Received: by prometheus.advstaff.com; id JAA12655; Tue, 1 Apr 1997 09:24:57 -0500 (EST) Received: from art-ntsrv01.advstaff.com(192.168.100.15) by prometheus.advstaff.com via smap (3.2) id xma012653; Tue, 1 Apr 97 09:24:27 -0500 Received: by art-ntsrv01.advstaff.com(Lotus SMTP MTA v1.05 (274.9 11-27-1996)) id 8525646C.00503116 ; Tue, 1 Apr 1997 09:35:54 -0400 X-Lotus-FromDomain: ADVANTAGE To: firewalls@greatcircle.com Message-ID: <8525646C.00501F08.00@art-ntsrv01.advstaff.com> Date: Tue, 1 Apr 1997 09:35:52 -0400 Subject: procmail Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Is it possible to utilize a utility such as Procmail to filter messages passing through a Gauntlet Firewall? From owner-firewalls-outgoing Tue Apr 1 07:22:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA25982 for firewalls-outgoing; Tue, 1 Apr 1997 06:42:31 -0800 (PST) Received: from mercury.csc.com (mercury.csc.com [20.1.20.110]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA25951 for ; Tue, 1 Apr 1997 06:42:22 -0800 (PST) Received: from relay.ashton.csc.com(really [20.2.54.2]) by mercury.csc.com via smtpd with esmtp id for ; Tue, 1 Apr 1997 09:42:13 -0500 (EST) (Smail-3.2.0.91 1997-Jan-14 #7 built 1997-Feb-26) Received: by relay.ashton.csc.com; id JAA25288; Tue, 1 Apr 1997 09:43:38 -0500 Received: from jkerr2.sed.csc.com(20.2.53.152) by relay.ashton.csc.com via smap (g3.0.1) id sma025286; Tue, 1 Apr 97 09:43:15 -0500 Message-ID: <33411F64.6ACB@csc.com> Date: Tue, 01 Apr 1997 09:44:52 -0500 From: John Kerr Reply-To: jkerr2@csc.com Organization: Computer Sciences Corporation X-Mailer: Mozilla 3.0 (Win95; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: Firewall Architecture for Web, Database Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A customer of ours has asked about setting up a security architecture with the Firewall being the main focus. They would like to allow access into their Database inside of the Firewall opposed to having a Database Server that would sit outside the Firewall. They seem to be okay with having a Web server sitting outside the Firewall, so I don't see that as a problem. The problem that they are trying to avoid is having to copy or replicate the data to the Database Server (too time consuming). What are the dangers with adding a third interface to the Firewall and putting the Database on a seperate DMZ. It would look like this: Internet | | ---------- --------- | -Database- - Web - | ---------- --------- --------- | | - FW ------------------------------ --------- | | | Internal Network Rules would be put on the firewall to only allow external access from the internet to the DMZ. We would not allow any access from the DMZ into the internal Network. Any suggestions would be appreciated. Thanks John From owner-firewalls-outgoing Tue Apr 1 08:23:50 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA06030 for firewalls-outgoing; Tue, 1 Apr 1997 08:13:11 -0800 (PST) Received: from gateway2.ey.com (gateway2.ey.com [199.50.26.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id IAA05976 for ; Tue, 1 Apr 1997 08:12:43 -0800 (PST) From: CHRIS.NICHOLS@EY.COM Received: by gateway2.ey.com id AA14602 (InterLock SMTP Gateway 3.0 for firewalls@greatcircle.com); Tue, 1 Apr 1997 11:13:17 -0500 Received: by gateway2.ey.com (Protected-side Proxy Mail Agent-2); Tue, 1 Apr 1997 11:13:17 -0500 Received: by gateway2.ey.com (Protected-side Proxy Mail Agent-1); Tue, 1 Apr 1997 11:13:17 -0500 To: " - (052)firewalls (a) greatcircle.com" Subject: sudo Message-Id: <0014500003650391000002L012*@MHS> Date: Tue, 1 Apr 1997 11:10:36 -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Who makes a commercial version of sudo? Chris chris.nichols@ey.com From owner-firewalls-outgoing Tue Apr 1 08:36:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA04167 for firewalls-outgoing; Tue, 1 Apr 1997 07:51:29 -0800 (PST) Received: from hydra.prenhall.com (hydra.PRENHALL.COM [192.251.132.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA04159 for ; Tue, 1 Apr 1997 07:51:24 -0800 (PST) From: Laura_Bohde@prenhall.com Received: from ccgate2.prenhall.com ([168.146.69.61]) by hydra.prenhall.com (4.1/SMI-4.1) id AA08119; Tue, 1 Apr 97 10:52:23 EST Received: from ccMail by ccgate2.prenhall.com (IMA Internet Exchange 2.02 Enterprise) id 3412F9D1; Tue, 1 Apr 97 10:54:05 -0500 Date: Tue, 1 Apr 1997 10:47:30 -0500 Message-Id: <3412F9D1.@prenhall.com> Subject: Re: RealAudio To: , mmozes@fujitsu.ca Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Multiple ports ! That's the problem - and the sessions are established from the outside RealAudio servers, to your inside clients. (Someone correct me if I'm wrong. This is what I remember from my testing about a year ago.) There is a defined range of ports however, 6090 through 7010 rings a bell. The Eagle Raptor firewall software supplies a proxy for it and I believe other vendors were building theirs as well. Hope this helps - ______________________________ Reply Separator _________________________________ Subject: RealAudio Author: mmozes@fujitsu.ca at INTERNET-PUB Date: 3/31/97 10:36 AM Does anyone know the port number for RealAudio? Thanks, From owner-firewalls-outgoing Tue Apr 1 08:38:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA05186 for firewalls-outgoing; Tue, 1 Apr 1997 08:01:51 -0800 (PST) Received: from hq.idt.net (hq.idt.net [169.132.12.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA05171 for ; Tue, 1 Apr 1997 08:01:43 -0800 (PST) Received: from hq.idt.net (hq.idt.net [169.132.12.10]) by hq.idt.net (8.8.5/NETSYS-LEN) with SMTP id LAA16649; Tue, 1 Apr 1997 11:02:03 -0500 (EST) Date: Tue, 1 Apr 1997 11:02:03 -0500 (EST) From: Parthiv Shah X-Sender: parthiv@hq.idt.net To: mgetter@advstaff.com cc: firewalls@GreatCircle.COM Subject: Re: procmail In-Reply-To: <8525646C.00501F08.00@art-ntsrv01.advstaff.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk setup your .forward as "|IFS=' '&&exec /opt/local/bin/procmail -f-||exit 75 #username" where /opt/local/bin/procmail is your procmail path and #username would be your username, for you it would be #mgetter setup .procmailrc with :0 * ^From +firewalls@GreatCircle.COM firewalls This will put any mail coming from firewalls mailing list to the folder firewalls. or even better if you want to do via subject :0 * ^From +firewalls@GreatCircle.COM * ^Subject:.*route firewalls-route etc.. I hope this helps. see procmail(1) for more details or if you have more questions regarding procmail you can subscribe to the mailinglist procmail@informatik.rwth-aachen.de send an E-mail to procmail-request@informatik.rwth-aachen.de for subscription request. Parthiv -- Parthiv Shah (201) 928 - 4414 Work: parthiv@corp.idt.net http://www.idt.net Personal: parthiv@netadmin.net http://www.netadmin.net On Tue, 1 Apr 1997 mgetter@advstaff.com wrote: > Date: Tue, 1 Apr 1997 09:35:52 -0400 > From: mgetter@advstaff.com > To: firewalls@GreatCircle.COM > Subject: procmail > > > > > > Is it possible to utilize a utility such as Procmail to filter messages > passing through a Gauntlet Firewall? > > From owner-firewalls-outgoing Tue Apr 1 08:44:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA03829 for firewalls-outgoing; Tue, 1 Apr 1997 07:48:24 -0800 (PST) Received: from diablo.cisco.com (diablo.cisco.com [171.68.223.106]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA03791 for ; Tue, 1 Apr 1997 07:48:15 -0800 (PST) Received: from clonvick-pc.cisco.com (sj-dial-3-19.cisco.com [171.68.179.20]) by diablo.cisco.com (8.8.5/CISCO.SERVER.1.2) with SMTP id HAA22095; Tue, 1 Apr 1997 07:48:09 -0800 (PST) Message-Id: <2.2.32.19970401154329.00725218@diablo.cisco.com> X-Sender: clonvick@diablo.cisco.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 01 Apr 1997 09:43:29 -0600 To: Information Security , firewalls@GreatCircle.COM From: Chris Lonvick Subject: Re: email monitoring Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello Guy, There appears to be a new creature on the block. It's called an email guard but sounds like a bear. http://www.nsa.gov:8080/programs/missi/cat_fg.html and as a specific example http://www.nsa.gov:8080/programs/missi/scc_sns.html I'm especially impressed with the dirty-word search filter feature ;-) I bet that the use of this in a commercial environment would bring up a lot of social issues about email privacy, etc. I'd say that with today's technology, guards like these can only perform keyword searches when trying to perform policy enforcement. However, I bet that there's some development going on somewhere to view the content. Probably, with some ingenuity, you could at least get the Microsoft Word viewer to pass judgement on each of the outgoing emails so that they meet, or exceed an 8th grade writing level. If everyone would enforce that policy, that would certainly cut down on the amount of junk emails that I receive :-) or, at least I'd be able to understand some of the rants a little better. Hope this helps, Chris Lonvick Cisco Systems Consulting Engineering Houston, TX, USA +1..713.778.5663 At 08:25 AM 4/1/97 -0500, Information Security wrote: > > --- On Fri, 28 Mar 1997 00:25:22 -0500 (EST) Information Security wrote: > > > > >Still posting to comp.security.firewalls... > > > > > >I'm up through the five month statistics on what was caught > > >outbound via the firewall...over 400,000 lines of proprietary > > >source code for one thing. > > > > -----------------End of Original Message----------------- > > > > Hi, > > Why not just putting some email monitoring software and block > > messages which do not fit the company policies ? > > /Ziv > >How would you programmatically block (or not block) an arbitrary email? > >---- > >I'm through a number of different categories of security incidents, >such as > > o people working on their own jobs while within the firm > o Dumb-and-Dumber > o last week on the job > o people just trying to do work (ex: mailing code to a vendor) > >If it's scrolled out of your local ISP, try www.dejanews.com. >Usenet group 'comp.security.firewalls', >subject "Corruption at Salomon Brothers'. > >Installments "Serial #0" through #12 have been posted. >---guy > > From owner-firewalls-outgoing Tue Apr 1 09:07:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA06220 for firewalls-outgoing; Tue, 1 Apr 1997 08:16:10 -0800 (PST) Received: from webhost.tcg.com (mx0.tcg.com [198.177.228.50]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA06197 for ; Tue, 1 Apr 1997 08:15:54 -0800 (PST) Received: from duraflame.tcg.com (duraflame [192.9.200.109]) by webhost.tcg.com (8.8.4/8.8.4) with ESMTP id LAA10594 for ; Tue, 1 Apr 1997 11:16:55 -0500 (EST) Received: from em1.est.tcg.com (em1 [192.9.200.230]) by duraflame.tcg.com (8.8.4/8.8.4) with SMTP id LAA03659 for ; Tue, 1 Apr 1997 11:15:50 -0500 (EST) Received: from tcg.com by em1.est.tcg.com (5.x/SMI-SVR4) id AA21819; Tue, 1 Apr 1997 11:18:51 -0500 Received: from TCGOGW-Message_Server by tcg.com with Novell_GroupWise; Tue, 01 Apr 1997 11:18:51 -0500 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Tue, 01 Apr 1997 11:18:19 -0500 From: James Pizzirusso To: Firewalls@GreatCircle.COM Subject: Firewalls-Digest V6 #134 -Reply Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In the future, can you please send all E-mail correspondence directly to my account at CERFNet (jimp@cerf.net). To send this from Groupwise you need to send it the following manner; TO: Internet("jimp@cerf.net") Also, the TCG Groupwise Mailgateway is not MIME compliant so I am not able to receive mail attachments. The best method to overcome this problem is to cut and paste your attached files into a mail note. Thanks, Jim Pizzirusso From owner-firewalls-outgoing Tue Apr 1 09:19:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA06403 for firewalls-outgoing; Tue, 1 Apr 1997 08:19:09 -0800 (PST) Received: from netq.lanoptics.co.il ([194.90.121.37]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA06384 for ; Tue, 1 Apr 1997 08:19:01 -0800 (PST) Received: from roby-nt ([194.90.121.35]) by netq.lanoptics.co.il (Netscape Mail Server v2.0) with ESMTP id AAA43; Tue, 1 Apr 1997 17:16:19 +0200 Message-ID: <334127D0.5FDF@netvision.net.il> Date: Tue, 01 Apr 1997 18:20:48 +0300 From: Roby Roth Reply-To: robyr@netvision.net.il X-Mailer: Mozilla 4.0b2 (WinNT; I) MIME-Version: 1.0 To: sunwei@sea.net.edu.cn CC: Firewalls@GreatCircle.COM Subject: Re: PC based network analyzer X-Priority: 3 (Normal) References: <199703290900.BAA16076@honor.greatcircle.com> <33417F81.317E@sea.net.edu.cn> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Sun Wei wrote: > > Hi, > > Does anyone know if there is a kind of PC based network packet analyzer? > > TIA, > > Wei > Well , it also depends on your OS (and your budget) For DOS, Win3.x I would recommend Novel Lanalyzer (~1200 USD) For WinNT, Win95 NetXray from Cinco Net.(~1900 USD). You can download a free demo from their site but it will only record 5 packets. You could find even this pretty good, provided you set up your filters accordingly. regards -- Roby Roth Home |Office ========================+==================================== 1/4 Vitkin St |LanOptics Building, P.O.B. 184 Migdal HaEmek 34756 Haifa |10551 Ramat Gabriel Industrial Park, ISRAEL +972-4-8254825 |Phone:+972-6-6449913, Fax:+972-6-6540124 E-mail: | robyr@netvision.net.il, |roby@netq.lanoptics.co.il ============================================================= From owner-firewalls-outgoing Tue Apr 1 09:27:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA08875 for firewalls-outgoing; Tue, 1 Apr 1997 08:43:02 -0800 (PST) Received: from web1.zzz.com (web1.zzz.com [205.238.3.50]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA08858 for ; Tue, 1 Apr 1997 08:42:54 -0800 (PST) Received: from edsawick ([205.238.5.69]) by web1.zzz.com (8.7.4/8.7.3) with ESMTP id IAA27576; Tue, 1 Apr 1997 08:41:31 -0800 (PST) Message-Id: <199704011641.IAA27576@web1.zzz.com> Reply-To: From: "Ed Sawicki" To: "Darren Reed" , "Todd Graham Lewis" Cc: , Subject: Re: PC based network analyzer Date: Tue, 1 Apr 1997 08:41:27 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1160 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > From: Darren Reed > To: Todd Graham Lewis > Cc: sunwei@sea.net.edu.cn; Firewalls@GreatCircle.COM > Subject: Re: PC based network analyzer > Date: Tuesday, April 01, 1997 4:33 AM > > In some mail from Todd Graham Lewis, sie said: > > > > On Tue, 1 Apr 1997, Sun Wei wrote: > > > > > Does anyone know if there is a kind of PC based network packet analyzer? > On NT, look for "netmon" - a superb packet analyzer! Someone should port > it to Unix. Where can I get a copy of netmon? From owner-firewalls-outgoing Tue Apr 1 09:56:20 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA20165 for firewalls-outgoing; Tue, 1 Apr 1997 09:48:44 -0800 (PST) Received: from zippy.radian.com (zippy.radian.com [129.160.16.4]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA19877 for ; Tue, 1 Apr 1997 09:47:34 -0800 (PST) Received: from yakko.radian.com (yakko.radian.com [129.160.224.1]) by zippy.radian.com (8.8.5/8.8.5) with SMTP id LAA25210; Tue, 1 Apr 1997 11:47:07 -0600 (CST) Received: by yakko.radian.com (SMI-8.6/SMI-SVR4) id LAA10706; Tue, 1 Apr 1997 11:47:05 -0600 From: rtwood@radian.com (Ryan Wood) Message-Id: <199704011747.LAA10706@yakko.radian.com> Subject: Re: sudo To: CHRIS.NICHOLS@EY.COM Date: Tue, 1 Apr 1997 11:47:05 -0600 (CST) Cc: firewalls@GreatCircle.com In-Reply-To: <0014500003650391000002L012*@MHS> from "CHRIS.NICHOLS@EY.COM" at Apr 1, 97 11:10:36 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Previously, CHRIS.NICHOLS@EY.COM wrote: > Who makes a commercial version of sudo? We just received a product call Symark PowerPak v2.2.3. One of the features it has is the ability to grant users root commands, and you can limit the usage to a variety of conditions (machine, time, etc). To get more info, try: Symark Software 5655 Lindero Canyon Road Suite 502 Westlake Village, CA 91362 818.865.6100 800.234.9072 info@symark.com Ryan P.S. I am not affiliated with Symark. +--------------------+----------------------------+---------------------+ | Ryan T. Wood | Radian International LLC | All the opinions, | | Scientist | Austin, Texas USA | typos, and errors | | Texas A&M '94 | tel: 512.419.5941 | are my own, not n | | rtwood@radian.com | fax: 512.345.9684 | those of Radian | +--------------------+----------------------------+---------------------+ Important Events: 240 .. days till t.u. gets beat in football by A&M!!!!! From owner-firewalls-outgoing Tue Apr 1 09:56:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA03197 for firewalls-outgoing; Tue, 1 Apr 1997 07:43:07 -0800 (PST) Received: from helios.insnet.com (helios.insnet.com [206.54.244.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA03169 for ; Tue, 1 Apr 1997 07:42:59 -0800 (PST) Received: from chester.rmsbus.com (max13.insnet.com [206.54.244.136]) by helios.insnet.com (8.8.4/8.7.3) with SMTP id JAA03067; Tue, 1 Apr 1997 09:34:58 -0600 Message-Id: <3.0.1.32.19970401094257.006d2c20@popmail.insnet.com> X-Sender: cm@popmail.insnet.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Tue, 01 Apr 1997 09:42:57 +0600 To: support@tis.com From: chris michael Subject: web servers Cc: firewalls@GreatCircle.COM Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Folks, Here's my problem. I have Gauntlet installed with three web servers behind it. The web servers are very light usage/testbeds and the machines they're on are used for other things. It's not practical to move the web servers outside of the firewall and the network behind the the firewall has private (non-routable) IP addresses. Is there any way to get to the three different web servers through the firewall? I thought of running a web server on the firewall with an initial page that pointed to the other webservers, but that was rejected by managment. If it were just one web server I could just plug port 80. If they ran at different ports I could plug different ports--but they don't. I was thinking that perhaps I could assign multiple IP address to the outside interface of the firewall, give the firewall different aliases with different IP addresses and somehow run different instances of plug-gw based on which IP address was connected to. It's the "somehow" part that I'm having trouble with. Any ideas? --- christopher michael*rms business systems* From owner-firewalls-outgoing Tue Apr 1 10:18:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA13964 for firewalls-outgoing; Tue, 1 Apr 1997 09:12:10 -0800 (PST) Received: from cidexchange.infosel.com.mx (cidexchange.infosel.com.mx [148.246.8.22]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA13933 for ; Tue, 1 Apr 1997 09:12:02 -0800 (PST) Received: by cidexchange.infosel.com.mx with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC3E8C.9D1D54E0@cidexchange.infosel.com.mx>; Tue, 1 Apr 1997 11:05:31 -0600 Message-ID: From: =?iso-8859-1?Q?David_Cant=FA_L=F3pez?= To: "'FIREWALLS@GreatCircle.COM'" , "'Ed Martin'" Subject: RE: Cisco Enterprise Date: Tue, 1 Apr 1997 11:07:21 -0600 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Please see: >Cisco IOS Network Address Translation (NAT) http://www.cisco.com/warp/customer/701/60.html David Cantu InfoSel dcantu@infosel.com.mx >---------- >From: Ed Martin[SMTP:emartin@hq.caci.com] >Sent: Martes 1 de Abril de 1997 5:41 AM >To: FIREWALLS@GreatCircle.COM >Subject: Cisco Enterprise > > > > > >From: Ed Martin on 04/01/97 07:41 AM > >Anyone have any input/feedback on the overall security of using a Cisco >2500 series router loaded with the Enterprise package as a firewall >between internet and internal network? > >Ed Martin >emartin@hq.caci.com > > > From owner-firewalls-outgoing Tue Apr 1 11:13:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA10941 for firewalls-outgoing; Tue, 1 Apr 1997 08:55:10 -0800 (PST) Received: from ns2.emirates.net.ae (ns2.emirates.net.ae [194.170.1.7]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id IAA10889 for ; Tue, 1 Apr 1997 08:54:54 -0800 (PST) Received: from csl031.emirates.net.ae (csl031.emirates.net.ae [194.170.125.211]) by ns2.emirates.net.ae (SMI-8.6/8.6) with SMTP id UAA00117; Tue, 1 Apr 1997 20:55:05 +0400 Received: by csl031.emirates.net.ae with Microsoft Mail id <01BC3EE0.B44F65F0@csl031.emirates.net.ae>; Tue, 1 Apr 1997 21:07:27 -0000 Message-ID: <01BC3EE0.B44F65F0@csl031.emirates.net.ae> From: GSC Prabhakar To: "'Valery Brasseur'" , "firewalls@GreatCircle.COM" Subject: RE: NT security Date: Tue, 1 Apr 1997 20:26:56 -0000 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk you can find more on NT security at http://www.ntsecurity.com/News/index.html GSC Prabhakar Internet Consultant -----Original Message----- From: Valery Brasseur [SMTP:Valery.Brasseur@sligos.fr] Sent: Tuesday, April 01, 1997 11:13 AM To: firewalls@GreatCircle.COM Subject: NT security Where can I find informations about NT security ? I would like to know what should be done to secure an NT machine connecting to Internet... is there any tools or well known bug who should be tested ? Thanks +----------------------------------------------------------------------+ | Valery Brasseur | | SLIGOS-MARBEN/FAS3 - Arobasse | | 1, avenue Newton BP107 92142 CLAMART CEDEX FRANCE | | Phone (33) 1 41 28 40 89 Fax : (33) 1 41 28 46 59 | | email : Valery.Brasseur@arobasse.sligos.fr | +----------------------------------------------------------------------+ From owner-firewalls-outgoing Tue Apr 1 11:38:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA20674 for firewalls-outgoing; Tue, 1 Apr 1997 09:55:10 -0800 (PST) Received: from ns1.aplatform.com (ns1.aplatform.com [204.29.139.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA20633 for ; Tue, 1 Apr 1997 09:54:59 -0800 (PST) Received: from grant.aplatform.com (grant.aplatform.com [204.29.139.82]) by ns1.aplatform.com (8.8.5/8.8.5) with SMTP id JAA14389 for ; Tue, 1 Apr 1997 09:55:29 -0800 Message-Id: <3.0.32.19970401095451.006bf384@mail.aplatform.com> X-Sender: grant@mail.aplatform.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Apr 1997 09:54:53 -0800 To: firewalls@greatcircle.com From: "Gail L. Grant" Subject: SSL and Firewall Survey for Lynx users Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've been using illegal HTML for years, :) but lynx complains (BAD HTML!), being much more of a purist browser, so I've created a special version of the survey for those of you with lynx or other browsers that didn't like my form: http://www.glgc.com/fw-lynx.html Thanks to Bennett Todd for finding the problem. Regards, g. -- Gail L. Grant GLG Consulting http://www.glgc.com grant@glgc.com 415-324-3822 From owner-firewalls-outgoing Tue Apr 1 11:55:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA28719 for firewalls-outgoing; Tue, 1 Apr 1997 10:39:26 -0800 (PST) Received: from pino.demon.nl (pino.demon.nl [194.159.226.41]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA28434 for ; Tue, 1 Apr 1997 10:38:36 -0800 (PST) Received: from localhost (arjan@localhost) by pino.demon.nl (8.8.4/8.8.4) with SMTP id TAA02804; Tue, 1 Apr 1997 19:38:15 +0200 Date: Tue, 1 Apr 1997 19:38:14 +0200 (MET DST) From: Arjan Vos To: mgetter@advstaff.com cc: firewalls@greatcircle.com Subject: Re: procmail In-Reply-To: <8525646C.00501F08.00@art-ntsrv01.advstaff.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 1 Apr 1997 mgetter@advstaff.com wrote: > > > > > Is it possible to utilize a utility such as Procmail to filter messages > passing through a Gauntlet Firewall? > > I'm not quiet sure what you mean by that. If you mean that procmail is used for security-based filtering I would say no. If procmail is used to filter messages which have passed through the firewall (smap), thenI would say yes. But procmail only filters on a per used basis AFAIK. Arjan Vos -- Eat hard Sleep hard Wear glasses if you need them From owner-firewalls-outgoing Tue Apr 1 12:35:33 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA26701 for firewalls-outgoing; Tue, 1 Apr 1997 10:31:41 -0800 (PST) Received: from mycroft.GreatCircle.COM (mycroft.greatcircle.com [198.102.244.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA26611 for ; Tue, 1 Apr 1997 10:31:21 -0800 (PST) Received: from scribe.cc.purdue.edu by mycroft.GreatCircle.COM (8.8.5/SMI-4.1/Brent-961106) id KAA15593; Tue, 1 Apr 1997 10:29:48 -0800 (PST) Received: from ia01.freh.purdue.edu by scribe.cc.purdue.edu; Tue, 1 Apr 97 13:31:19 -0500 Comments: Authenticated sender is From: "Michael S Hines" Organization: Purdue University To: Firewalls@GreatCircle.COM Date: Tue, 1 Apr 1997 13:34:07 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: PC based network analyzer Reply-to: mshines@purdue.edu X-mailer: Pegasus Mail for Win32 (v2.42) Message-Id: <334154777228002@scribe.cc.purdue.edu> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Where can I get a copy of netmon? Buy Windows NT Server 4.0..... its part of the standard distribution. ----------------------------------------------------------------- Internet: mshines@purdue.edu * Michael S. Hines, CDP, CFE Voice: (765) 494-5845 * Sr. Information Systems Auditor FAX: (765) 496-1814 * Purdue University * 1065 Freehafer Hall * West Lafayette, IN 47907-1065 From owner-firewalls-outgoing Tue Apr 1 12:53:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA20695 for firewalls-outgoing; Tue, 1 Apr 1997 09:55:25 -0800 (PST) Received: from lexicon.ins.com (lexicon.ins.com [199.0.193.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA20688 for ; Tue, 1 Apr 1997 09:55:18 -0800 (PST) Received: from beethoven.ins.com (dyn-max14-186.chicago.il.ameritech.net [206.141.214.186]) by lexicon.ins.com (8.7.5/8.7.3) with SMTP id JAA02131; Tue, 1 Apr 1997 09:54:05 -0800 (PST) Message-Id: <3.0.32.19970401115339.0075f77c@lexicon.ins.com> X-Sender: daughe_b@lexicon.ins.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Tue, 01 Apr 1997 11:53:46 -0600 To: , "Darren Reed" , "Todd Graham Lewis" From: Brad Daugherty Subject: Re: PC based network analyzer Cc: , Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> On NT, look for "netmon" - a superb packet analyzer! Someone should port >> it to Unix. > >Where can I get a copy of netmon? Another great package is Shomiti's Lan Analyzer for $999 (Windows 95/NT based). You can get a 15 day trial copy at http://www.shomiti.com. If you need an extension you can call Shomiti tech support and they will email you another 15 day unlock code. Good luck, Brad Providing The Power Of Operable Networks (http://www.ins.com) Brad Daugherty - Associate Network Systems Engineer PHONE:(630)942-5770 PAGER:(800)467-1467 Lifetime: (mailto:bsd@pobox.com) (http://www.pobox.com/~bsd) From owner-firewalls-outgoing Tue Apr 1 12:59:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA10100 for firewalls-outgoing; Tue, 1 Apr 1997 11:37:53 -0800 (PST) Received: from threewiz.demon.co.uk (threewiz.demon.co.uk [158.152.116.88]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA10076 for ; Tue, 1 Apr 1997 11:37:43 -0800 (PST) Received: from monaco (unverified [196.14.41.3]) by monaco.kimble.co.uk (EMWAC SMTPRS 0.83) with SMTP id ; Tue, 01 Apr 1997 20:02:46 +0100 Message-ID: From: "David Harvey-George" To: , "Valery Brasseur" Subject: Re: NT security Date: Tue, 1 Apr 1997 20:02:45 +0100 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ISS seems quite good (http://www.iss.com/) but doesn't include a lot of the recent NT holes. You could check out http://www.ntsecurity.net and http://www.ntsecurity.com (two different sites). regards, David ---------- > From: Valery Brasseur > > Where can I find informations about NT security ? I would like to know > what should be done to secure an NT machine connecting to Internet... is there > any tools or well known bug who should be tested ? From owner-firewalls-outgoing Tue Apr 1 13:16:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA09818 for firewalls-outgoing; Tue, 1 Apr 1997 11:35:58 -0800 (PST) Received: from igate2.pabs.com (igate2.pabs.com [38.246.96.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA06477 for ; Tue, 1 Apr 1997 11:10:27 -0800 (PST) Received: from igate2.pabs.com (root@localhost) by igate2.pabs.com (8.7.5/8.7.3) with ESMTP id OAA24462 for ; Tue, 1 Apr 1997 14:15:18 -0500 (EST) Received: from richey.pabs.com (richey.pabs.com [157.154.1.136]) by igate2.pabs.com (8.7.5/8.7.3) with ESMTP id OAA24453 for ; Tue, 1 Apr 1997 14:15:17 -0500 (EST) Received: from richey (richey@richey.pabs.com [157.154.1.136]) by richey.pabs.com (8.8.5/8.8.5) with SMTP id OAA25449; Tue, 1 Apr 1997 14:14:07 -0500 Message-ID: <33415E7E.C26F1E1@highmark.com> Date: Tue, 01 Apr 1997 14:14:06 -0500 From: Jim Richey X-Mailer: Mozilla 3.01Gold (X11; I; Linux 2.0.25 i586) MIME-Version: 1.0 To: Laura_Bohde@prenhall.com CC: firewalls@GreatCircle.COM, mmozes@fujitsu.ca Subject: Re: RealAudio References: <3412F9D1.@prenhall.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk RealAudio can be set to use only TCP on port 7070. Laura_Bohde@prenhall.com wrote: > > > Multiple ports ! That's the problem - and the sessions > are established from the outside RealAudio servers, to > your inside clients. (Someone correct me if I'm wrong. > This is what I remember from my testing about a year > ago.) There is a defined range of ports however, 6090 > through 7010 rings a bell. The Eagle Raptor firewall > software supplies a proxy for it and I believe other > vendors were building theirs as well. > > Hope this helps - > > ______________________________ Reply Separator _________________________________ > Subject: RealAudio > Author: mmozes@fujitsu.ca at INTERNET-PUB > Date: 3/31/97 10:36 AM > > > Does anyone know the port number for RealAudio? > > Thanks, -- Jim Richey jrichey@highmark.com Highmark Inc. http://www.highmark.com From owner-firewalls-outgoing Tue Apr 1 13:28:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA07525 for firewalls-outgoing; Tue, 1 Apr 1997 11:18:12 -0800 (PST) Received: from intermec.com (gw.intermec.com [204.57.247.200]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA07497 for ; Tue, 1 Apr 1997 11:18:05 -0800 (PST) Received: by intermec.com (4.1/3.1.090690-) id AA09725; Tue, 1 Apr 97 11:18:37 PST Received: from unknown(192.9.210.110) by gw.intermec.com via smap (V1.3) id sma009685; Tue Apr 1 11:18:27 1997 Received: from intermec.com by intermec.com with smtp (Smail3.1.27.1 #4) id m0wC93G-000x2FC; Tue, 1 Apr 97 11:17 GMT-0:41 Received: by intermec.com (5.x/SMI-SVR4) id AA00517; Tue, 1 Apr 1997 11:16:33 -0800 Date: Tue, 1 Apr 1997 11:16:33 -0800 From: kkost@intermec.com (Kathy Kost) Message-Id: <9704011916.AA00517@intermec.com> To: firewalls@greatcircle.com Subject: combo internal/external web servers Sender: firewalls-owner@GreatCircle.COM Precedence: bulk A company I'm doing some work for is trying to decide on having separate internal and external web servers or having them both on one machine, with some proxy or firewall software keeping them separate. I have only implemented them separately. What is the current feeling on this these days? Is it possible to have them both co-exist on the same box without risking the internal web site? Any suggestions as to the best security software to use (public domain or not)? Or pointers to reference information on the subject? Thanks a bunch, Kathy Kost kkost@intermec.com or kathyk@wolfenet.com From owner-firewalls-outgoing Tue Apr 1 13:36:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA14159 for firewalls-outgoing; Tue, 1 Apr 1997 12:02:29 -0800 (PST) Received: from miles.greatcircle.com (miles.greatcircle.com [198.102.244.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA14130 for ; Tue, 1 Apr 1997 12:02:21 -0800 (PST) From: gordonp.atc@gao.gov Received: from viper.gao.gov (viper.gao.gov [161.203.16.1]) by miles.greatcircle.com (8.8.5/Miles-970308-2) with ESMTP id MAA05400 for ; Tue, 1 Apr 1997 12:03:57 -0800 (PST) Received: from viper.gao.gov (root@localhost) by viper.gao.gov (8.7.5/8.7.3) with ESMTP id OAA20808; Tue, 1 Apr 1997 14:52:17 -0500 (EST) Received: from mailgateway.gao.gov (mailgateway.gao.gov [161.203.15.2]) by viper.gao.gov (8.7.5/8.7.3) with SMTP id OAA20789; Tue, 1 Apr 1997 14:52:13 -0500 (EST) Received: from ccMail by mailgateway.gao.gov (SMTPLINK V2.10.04o) id AA859935419; Tue, 01 Apr 97 14:41:10 EST Date: Tue, 01 Apr 97 14:41:10 EST Message-Id: <9703018599.AA859935419@mailgateway.gao.gov> To: support@tis.com, chris michael Cc: firewalls@GreatCircle.COM Subject: Re: web servers Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Chris, Have you explored the possiblities of creating an "Extranet"? (I've been dying to use that buzz word!!) As far as I know, Gauntlet provides the capabilities to use a third network card that you could place these web servers behind. - Paul Gordon, TROY Systems, http://www.troy.com email:pgordon@troy.com, http://mason.gmu.edu/~pgordon ______________________________ Reply Separator _________________________________ Subject: web servers Author: chris michael at INTERNET Date: 4/1/97 1:58 PM Folks, Here's my problem. I have Gauntlet installed with three web servers behind it. The web servers are very light usage/testbeds and the machines they're on are used for other things. It's not practical to move the web servers outside of the firewall and the network behind the the firewall has private (non-routable) IP addresses. Is there any way to get to the three different web servers through the firewall? I thought of running a web server on the firewall with an initial page that pointed to the other webservers, but that was rejected by managment. If it were just one web server I could just plug port 80. If they ran at different ports I could plug different ports--but they don't. I was thinking that perhaps I could assign multiple IP address to the outside interface of the firewall, give the firewall different aliases with different IP addresses and somehow run different instances of plug-gw based on which IP address was connected to. It's the "somehow" part that I'm having trouble with. Any ideas? --- christopher michael*rms business systems* From owner-firewalls-outgoing Tue Apr 1 14:06:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA20906 for firewalls-outgoing; Tue, 1 Apr 1997 12:53:10 -0800 (PST) Received: from envirolink.org (envirolink.org [206.210.73.7]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA20883 for ; Tue, 1 Apr 1997 12:53:02 -0800 (PST) Received: by envirolink.org (SMI-8.6/SMI-SVR4) id PAA08725; Tue, 1 Apr 1997 15:50:27 -0500 Date: Tue, 1 Apr 1997 15:50:26 -0500 (EST) From: Wolf Man To: Ed Sawicki cc: Darren Reed , Todd Graham Lewis , sunwei@sea.net.edu.cn, Firewalls@GreatCircle.COM Subject: Re: PC based network analyzer In-Reply-To: <199704011641.IAA27576@web1.zzz.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > On NT, look for "netmon" - a superb packet analyzer! Someone should port > > it to Unix. > > Where can I get a copy of netmon? > It is part of the NT Resource Kit CD for 4.0 JD From owner-firewalls-outgoing Tue Apr 1 14:54:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA18656 for firewalls-outgoing; Tue, 1 Apr 1997 12:35:10 -0800 (PST) Received: from firstunion.com (gate.funb.com [204.5.135.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA18639 for ; Tue, 1 Apr 1997 12:35:01 -0800 (PST) Received: by firstunion.com (4.1/SMI-4.1) id AA27622; Tue, 1 Apr 97 15:35:35 EST Received: from cm_mailhost.capmark.funb.com(168.175.82.50) by gate.funb.com via smap (V2.0beta) id xma027612; Tue, 1 Apr 97 15:35:11 -0500 Received: from funws302.capmark.funb.com (funws302 [168.175.7.54]) by cm_mailhost.capmark.funb.com (8.7.5/8.7.3) with ESMTP id PAA05122 for ; Tue, 1 Apr 1997 15:35:10 -0500 (EST) Received: (mhorn@localhost) by funws302.capmark.funb.com (8.6.12/8.6.12) id PAA07171; Tue, 1 Apr 1997 15:35:10 -0500 Message-Id: <199704012035.PAA07171@funws302.capmark.funb.com> Date: Tue, 1 Apr 1997 15:35:09 -0500 From: "Mark Horn [ Net Ops ]" To: firewalls@GreatCircle.COM Subject: Re: web servers References: <3.0.1.32.19970401094257.006d2c20@popmail.insnet.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.68 In-Reply-To: <3.0.1.32.19970401094257.006d2c20@popmail.insnet.com>; from chris michael on Tue, Apr 01, 1997 at 09:42:57AM +0600 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk chris michael says: >I was thinking that perhaps I could assign multiple IP address to the >outside interface of the firewall, give the firewall different aliases with >different IP addresses and somehow run different instances of plug-gw based >on which IP address was connected to. It's the "somehow" part that I'm >having trouble with. I've done this. However, you have to modify the code to plug-gw. Basically, what I did was modify plug-gw to take a new option: ip. Essentially, an entry for this plug-gw looks like this: plug-gw: ip 1.1.1.1 port 80 * -plug-to 2.2.2.1 plug-gw: ip 1.1.1.2 port 80 * -plug-to 2.2.2.2 plug-gw: ip 1.1.1.3 port 80 * -plug-to 2.2.2.3 This is very easy to do. All I did was use getsockname() on fd 0 to figure out which of the IP aliases was being used. Then I used the existing cfg_get() function to look for 'ip' in the config line. I also created a -srcip option so that if you had multiple IP addresses and you wanted a paritcular connection to appear to come from one of those IP addresses, you could specify it. This was also easy to do. I added two paramaters to bind_conn_server() in lib/conn.c. The first was the IP address to bind to, and the second was the port to bind to. If the srcip flag was set to zero, then bind_conn_server() would bind to any available IP address. If srcport was set to zero, then bind_conn_server() would bind to any available port. Setting both to zero got the normal behavior. Then in the function, just did a bind() prior to doing the connect. I created a patch so that anyone else in our organization could understand what I did. However, I'm uncertain of the legality of distributing it, so I'm nog going to. But believe me, this is not hard. I'm not a programmer and I managed to get this to work! -- Mark Horn PGP Public Key available from: http://www.es.net/hypertext/pgp.html PGP KeyID/fingerprt: 00CBA571/32 4E 4E 48 EA C6 74 2E 25 8A 76 E6 04 A1 7F C1 From owner-firewalls-outgoing Tue Apr 1 15:26:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA19646 for firewalls-outgoing; Tue, 1 Apr 1997 12:43:26 -0800 (PST) Received: from panix2.panix.com (panix2.panix.com [198.7.0.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA19632 for ; Tue, 1 Apr 1997 12:43:19 -0800 (PST) Received: (from guy@localhost) by panix2.panix.com (8.8.5/8.7/PanixU1.3) id PAA24974; Tue, 1 Apr 1997 15:44:11 -0500 (EST) Date: Tue, 1 Apr 1997 15:44:11 -0500 (EST) From: Information Security Message-Id: <199704012044.PAA24974@panix2.panix.com> To: firewalls@GreatCircle.com Subject: Re: email monitoring Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > From clonvick@cisco.com Tue Apr 1 10:48:50 1997 > To: Information Security , firewalls@GreatCircle.COM > Subject: Re: email monitoring > > Hello Guy, > > There appears to be a new creature on the block. It's called an email > guard but sounds like a bear. > > http://www.nsa.gov:8080/programs/missi/cat_fg.html > > and as a specific example > > http://www.nsa.gov:8080/programs/missi/scc_sns.html > > I'm especially impressed with the dirty-word search filter feature > ;-) # * Filters: # + ASCII text only # + Classification line # + Sender/Recipient/Host addresses # + Dirty-word search # + Attachment Review Module (ARM) # + Source routing # * Manual review # * Message journaling If this is useful, it is for companies that can afford to assign as many people as necessary to clear each piece of mail manually. Not really feasible unless you have deep pockets and don't mind mail delays. Other than that, it's just filter stuff, unrelated to the Internet Risk Management Analytics I have been posting about. > I bet that the use of this in a commercial environment would bring > up a lot of social issues about email privacy, etc. I've covered that topic in the postings, serial #1. > Chris Lonvick > Cisco Systems > Consulting Engineering > Houston, TX, USA > +1..713.778.5663 > > >If it's scrolled out of your local ISP, try www.dejanews.com. > >Usenet group 'comp.security.firewalls', > >subject "Corruption at Salomon Brothers'. > > > >Installments "Serial #0" through #12 have been posted. > >---guy Cisco is one of the biggest security holes for all sites! ;-) I'm serious! ---guy [ SISS = Salomon Information Security Services ] :From: guy :To: vivian [Legal] :Subject: Snarf: ROUTER REDHOT 6/27/96 :Cc: mon_c ******************************************************************************* ******************************************************************************* ******************************************************************************* SECURITY INCIDENT REPORT, 6/27/96 ROUTER PASSWORDS BRIDGE AND ROUTER CONFIGURATIONS NOC SYSTEMS SECURITY --------------------------------- This is a security incident report regarding the Internet (a public wire) traffic of Salomon Brothers, which is monitored for security/compliance. NOTE: THESE INCIDENTS HAVE NOT STOPPED DESPITE REPEATED SISS REPORTS! This report should be taken as a complaint that insufficient procedures have been put in place to ensure current and new Salomon personnel are made aware of the security issues of Internet transmissions for network device configuration files. Suggest wide-spread distribution of a memo concerning the problem. Perhaps place "no-Internet-transmission" comments in all network config files. Standard warning issued to all new networkers. Three transmissions of live passwords to three different Salomon routers have been sent in cleartext over the Internet by Rock Transves nnn-nnnn of Internet Client Services: SENDER DATE ROUTER LINE PASSWORD Rock Transves 6/27/96 09:37 bc7f7w40 [global] bs345way [and again on] 6/26/96 16:10 con 0 bs345way aux 0 bs345way vty 0 qwerty0 Rock Transves 6/18/96 11:27 ard7w35 [global] z23c4v5b trangobw1 [global] bs345way con 0 bs345way ALL OF THESE ROUTERS *AND* ALL ROUTERS USING THE SAME PASSWORDS MUST HAVE THEIR PASSWORDS CHANGED. [snip, from serial #6] From owner-firewalls-outgoing Tue Apr 1 15:38:34 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA25747 for firewalls-outgoing; Tue, 1 Apr 1997 13:26:09 -0800 (PST) Received: from dallas-cs-000.novare.net (dallas-cs-000.novare.net [205.229.104.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA25705 for ; Tue, 1 Apr 1997 13:25:57 -0800 (PST) Received: from muggles (mark@muggles.novare.net [205.229.105.72]) by dallas-cs-000.novare.net (8.7.6/8.6.9) with SMTP id PAA11698 for ; Tue, 1 Apr 1997 15:31:34 -0600 Message-ID: <33417DF9.636DE59D@novare.net> Date: Tue, 01 Apr 1997 15:28:25 -0600 From: m* Organization: Novare' International Information Systems X-Mailer: Mozilla 3.0Gold (X11; I; Linux 2.0.27 i586) MIME-Version: 1.0 To: firewalls Subject: Re: PC based network analyzer References: <334154777228002@scribe.cc.purdue.edu> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Michael S Hines wrote: > > > Where can I get a copy of netmon? > > Buy Windows NT Server 4.0..... its part of the standard > distribution. > > wasn't there a post recently about a security bug in metmon? m* -- "The Shining One" -- From owner-firewalls-outgoing Tue Apr 1 15:52:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA28292 for firewalls-outgoing; Tue, 1 Apr 1997 13:42:53 -0800 (PST) Received: from gatekeeper.Bridge.COM (gatekeeper.bridge.com [167.76.159.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA28228 for ; Tue, 1 Apr 1997 13:42:36 -0800 (PST) Received: (from mailproxy@localhost) by gatekeeper.Bridge.COM (8.6.12/8.6.9) id PAA16851; Tue, 1 Apr 1997 15:36:08 -0600 Received: from dns1srv.bridge.com(167.76.36.6) by gatekeeper.Bridge.COM via smap (V1.3) id sma016806; Tue Apr 1 15:36:05 1997 Received: from binki.bridge.com (binki.bridge.com [167.76.24.243]) by dns1srv.bridge.com (8.7.6/8.7.3) with ESMTP id PAA28610; Tue, 1 Apr 1997 15:42:33 -0600 (CST) Received: (from ken@localhost) by binki.bridge.com (8.7/8.7) id PAA03507; Tue, 1 Apr 1997 15:42:30 -0600 (CST) Date: Tue, 1 Apr 1997 15:42:30 -0600 (CST) From: Ken Hardy Message-Id: <199704012142.PAA03507@binki.bridge.com> To: mgetter@advstaff.com, arjan@pino.demon.nl Subject: Re: procmail Cc: firewalls@GreatCircle.COM X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Arjan Vos wrote: >On Tue, 1 Apr 1997 mgetter@advstaff.com wrote: >> Is it possible to utilize a utility such as Procmail to filter messages >> passing through a Gauntlet Firewall? >> >> >I'm not quiet sure what you mean by that. If you mean that procmail is >used for security-based filtering I would say no. If procmail is used to >filter messages which have passed through the firewall (smap), thenI >would say yes. But procmail only filters on a per used basis AFAIK. There is a global procmail.rc file in /etc (which I haven't played with much), but it only gets used when procmail gets invoked, which is usually only when the local delivery agent gets called. I doubt that happens on the firewall much. Depending on what you want to do, a clever sendmail config might do whatever it is that you have in mind. E.g., there are some fairly simple ways to use sendmail as a spam filter (http://spam.abuse.net/spam/tools/mailblock.html). -- KH From owner-firewalls-outgoing Tue Apr 1 15:52:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA03477 for firewalls-outgoing; Tue, 1 Apr 1997 14:11:54 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA03465 for ; Tue, 1 Apr 1997 14:11:47 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id RAA02252; Tue, 1 Apr 1997 17:08:38 -0500 (EST) From: Adam Shostack Message-Id: <199704012208.RAA02252@homeport.org> Subject: Re: Getting DNS through a firewall. In-Reply-To: from Chris Kostick at "Apr 1, 97 09:27:52 am" To: christopher.t.kostick@cpmx.saic.com (Chris Kostick) Date: Tue, 1 Apr 1997 17:08:38 -0500 (EST) Cc: neale@planet.NET.AU, firewalls@GreatCircle.COM X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Chris Kostick wrote: | > Does this not raise a quandry: if it is unsafe to pass DNS packets | through | > the firewall, then how is it safe to pass them to a dns slave server on | > the firewall? | Refresh my memory. What's so unsafe about DNS, or more specifically, the | BIND code that most people use? Theres a buffer overflow in some older bind code. There have been attacks where a server returns malicious information supporting Java attacks (lookup(www2.foo.com) returned something in your domain Java, already inside your perimiter, would connect to it.) There exists a telnet over DNS tool. If you let people pass arbitrary packets through your firewall, adding DNS to the list isn't a big deal. If you don't let dns through, then a dns-gw would be a good idea. Cheswick talked about one at SANS 96(?), and I'm wondering why its not part of any commercial product yet. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-outgoing Tue Apr 1 16:10:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA06449 for firewalls-outgoing; Tue, 1 Apr 1997 14:26:12 -0800 (PST) Received: from mail.ka.inka.de (quechua.inka.de [193.197.84.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA06330 for ; Tue, 1 Apr 1997 14:25:41 -0800 (PST) Received: from uu.inka.de ([193.197.84.8]) by mail.ka.inka.de with smtp (ident root using rfc1413) id m0wCC0I-0004HMC (Debian Smail-3.2 1996-Jul-4 #2); Wed, 2 Apr 1997 00:26:10 +0200 (MET DST) Received: from lina.inka.de (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Wed, 2 Apr 97 00:26 MET DST Received: by lina.inka.de id m0wCBqN-00016nC (Debian Smail-3.2 1996-Jul-4 #2); Wed, 2 Apr 1997 00:15:35 +0200 (CEST) Message-ID: <19970402001534.59596@inka.de> Date: Wed, 2 Apr 1997 00:15:34 +0200 From: Bernd Eckenfels To: Chris Kostick Cc: Neale Banks , firewalls@greatcircle.com Subject: Re: Getting DNS through a firewall. References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61.1 In-Reply-To: ; from Chris Kostick on Apr 04, 1997 at 09:27:52AM -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, On Apr 1, Chris Kostick wrote > server) > and internal DNS server be run. Outside access would only have minimal > information > available to them. This, as opposed to the original question of just > getting > DNS through the firewall to the only DNS server (TCP and UDP), and having > all > information available about the internal network. Well, I was suggesting both. Using a BIND Server between Internet and Resolver Code will (hopefully) add some additiona checks on Answer Packets and will do some trafic and line usage minimizing caching. Additionally it will hide your internal (most probably with broken/unofficial ip addresses) namespace. Additionally the bind server will work like a statefull udp relay for port 520. Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +4972573817 BE5-RIPE (O____O) If privacy is outlawed only Outlaws have privacy From owner-firewalls-outgoing Tue Apr 1 16:26:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13017 for firewalls-outgoing; Tue, 1 Apr 1997 15:05:41 -0800 (PST) Received: from mail.ka.inka.de (quechua.inka.de [193.197.84.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA12949 for ; Tue, 1 Apr 1997 15:05:20 -0800 (PST) Received: from uu.inka.de ([193.197.84.8]) by mail.ka.inka.de with smtp (ident root using rfc1413) id m0wCCck-0004FwC (Debian Smail-3.2 1996-Jul-4 #2); Wed, 2 Apr 1997 01:05:54 +0200 (MET DST) Received: from lina.inka.de (lists@lina.inka.de) by uu.inka.de with bsmtp (S3.1.29.1) id ; Wed, 2 Apr 97 01:05 MET DST Received: by lina.inka.de id m0wCCSu-00016mC (Debian Smail-3.2 1996-Jul-4 #2); Wed, 2 Apr 1997 00:55:24 +0200 (CEST) Message-ID: <19970402005522.08462@inka.de> Date: Wed, 2 Apr 1997 00:55:22 +0200 From: Bernd Eckenfels To: Kathy Kost Cc: firewalls@greatcircle.com Subject: Re: combo internal/external web servers References: <9704011916.AA00517@intermec.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.61.1 In-Reply-To: <9704011916.AA00517@intermec.com>; from Kathy Kost on Apr 04, 1997 at 11:16:33AM -0800 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, On Apr 1, Kathy Kost wrote > What is the current feeling on this these days? Is it possible to have > them both co-exist on the same box without risking the internal web site? Its more a question of risking the internal net or the firewall security. I don't see the point of putting internal web on the firewall. You can run a Web-Server for a small Intranet on about any machine in your bureau. If you dont expect heavy usage you can use any internal host. You have to expect cgi-bin and user logins on the web server, something you clearly don't want on the firewall host. Unless you have a trusted OS there is no real possibility toseparate the internal and external servers on one host. Its also a bad idea to put the external Server on your firewall. You will need cgi-bins and Maintennce Logins and you can expect a lot of exploations on your web server. Put it on a small Box on your DMZ. Unless you are going to offer porn pictures an old 486 with Linux or *BSD* will do very well. Actually thats not an answer toyour question, its simply a 'dont do it, its easy to avoid'. Greetings Bernd -- (OO) -- Bernd_Eckenfels@Wittumstrasse13.76646Bruchsal.de -- ( .. ) ecki@{inka.de,linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD eckes@irc +4972573817 BE5-RIPE (O____O) If privacy is outlawed only Outlaws have privacy From owner-firewalls-outgoing Tue Apr 1 16:36:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13312 for firewalls-outgoing; Tue, 1 Apr 1997 15:07:25 -0800 (PST) Received: from ns1.seagate.com (ns1.seagate.com [204.160.183.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id PAA13251 for ; Tue, 1 Apr 1997 15:07:06 -0800 (PST) Received: (from smap) by ns1.seagate.com (8.8.5/8.8.5) id OAA16003; Tue, 1 Apr 1997 14:54:19 -0800 Received: from unknown(134.204.114.75) by ns1 via smap (V1.3) id sma015968; Tue Apr 1 22:54:01 1997 Received: from charlot.stsj.seagate.com (charlot.stsj.seagate.com [10.26.0.100]) by auth1.seagate.com (8.6.12/cf-v5) with ESMTP id OAA00299; Tue, 1 Apr 1997 14:55:52 -0800 Received: from MikeOropeza.stsj.seagate.com by charlot.stsj.seagate.com (SMI-8.6/SMI-SVR4) id OAA09147; Tue, 1 Apr 1997 14:55:16 -0800 Message-ID: <334192AC.2235@seagate.com> Date: Tue, 01 Apr 1997 14:56:44 -0800 From: Mike J Oropeza Organization: Corporate Internet Services X-Mailer: Mozilla 4.0b2 (Win95; I) MIME-Version: 1.0 To: gordonp.atc@gao.gov CC: support@tis.com, chris michael , firewalls@GreatCircle.COM Subject: Re: web servers X-Priority: 3 (Normal) References: <9703018599.AA859935419@mailgateway.gao.gov> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This appears to be a good situation for reverse proxying. The proxy can behave as a single web server, while mapping to different servers inside a firewall. Access control may also be applied at the proxy server, since the controls are applied after name translation. Of course, the usual constraints may be applied to the firewall so that only the proxy server can access the content servers internally. > Here's my problem. I have Gauntlet installed with three web servers behind > it. The web servers are very light usage/testbeds and the machines they're > on are used for other things. It's not practical to move the web servers > outside of the firewall and the network behind the the firewall has private > (non-routable) IP addresses. Is there any way to get to the three > different web servers through the firewall? > > I thought of running a web server on the firewall with an initial page that > pointed to the other webservers, but that was rejected by managment. > > If it were just one web server I could just plug port 80. If they ran at > different ports I could plug different ports--but they don't. > > I was thinking that perhaps I could assign multiple IP address to the > outside interface of the firewall, give the firewall different aliases with > different IP addresses and somehow run different instances of plug-gw based > on which IP address was connected to. It's the "somehow" part that I'm > having trouble with. > > Any ideas? > --- > christopher michael*rms business systems* -- Mike J Oropeza -------------------------------- Those who hear not the music, think the dancers mad ~{';'}~ From owner-firewalls-outgoing Tue Apr 1 17:23:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA25516 for firewalls-outgoing; Tue, 1 Apr 1997 16:08:22 -0800 (PST) Received: from inet.uni-c.dk (inet.uni-c.dk [130.228.6.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA25483 for ; Tue, 1 Apr 1997 16:08:12 -0800 (PST) Received: (from vader@localhost) by inet.uni-c.dk (8.8.4/8.6.9) id CAA04090; Wed, 2 Apr 1997 02:08:47 +0200 (METDST) Date: Wed, 2 Apr 1997 02:08:47 +0200 (METDST) From: Chris Larsen Subject: Re: PC based network analyzer To: Firewalls@GreatCircle.COM In-Reply-To: <334154777228002@scribe.cc.purdue.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 1 Apr 1997, Michael S Hines wrote: > > Where can I get a copy of netmon? > > Buy Windows NT Server 4.0..... its part of the standard > distribution. > In fact this only enables you to look at traffic comming to/from the installed NIC. To use netmon on a NIC in promiscous mode ie. capturing/analyzing all packets on the lan segment, you need to have the SMS version of netmon. I would myself promote NetXray as the foremost and best quality sniffer for NT. Especially since you can deploy agents around on various positions on the lan. For unix i still like tcpdump on a FreeBSD host because of the flexibility of rules and parsing of the dump files can be customized to just your needs and parsing language :-) just my 0.02$ worth. Chris Larsen | We learn from history, vader@inet.uni-c.dk | that we do not learn from history... System Manager | Struers A/S | All opinions expressed herein are my own | and _not_ those of my employers !!. From owner-firewalls-outgoing Tue Apr 1 21:07:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA22520 for firewalls-outgoing; Tue, 1 Apr 1997 20:58:18 -0800 (PST) Received: from relay1.smtp.psi.net (relay1.smtp.psi.net [38.8.14.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id UAA22495 for ; Tue, 1 Apr 1997 20:58:04 -0800 (PST) Received: from Inf.COM by relay1.smtp.psi.net (8.8.3/SMI-5.4-PSI) id XAA09709; Tue, 1 Apr 1997 23:58:29 -0500 (EST) Received: by Inf.COM (4.1/SMI-4.1) id AA11054; Tue, 1 Apr 97 23:49:49 EST Received: from unknown(204.4.54.92) by infosys.inf.COM via smap (V1.3) id sma010946aaa; Tue Apr 1 23:48:15 1997 Received: from PDMALLYA ([204.4.54.74]) by jhelum.inf.com (8.8.4/) with SMTP id KAA01546; Wed, 2 Apr 1997 10:31:07 -0500 Message-Id: <3341E604.3C67@inf.com> Date: Wed, 02 Apr 1997 10:22:20 +0530 From: "Prabhakar D. Mallya" Reply-To: pdmallya@Inf.COM Organization: Infosys Technologies Ltd X-Mailer: Mozilla 3.0 (Win95; I) Mime-Version: 1.0 To: firewalls@greatcircle.com Cc: John Kerr Subject: Re: Firewall Architecture for Web, Database References: <33411F64.6ACB@csc.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk John Kerr wrote: > > A customer of ours has asked about setting up a security architecture > with the Firewall being the main focus. They would like to allow access > into their Database inside of the Firewall opposed to having a Database > Server that would sit outside the Firewall. They seem to be okay with > having a Web server sitting outside the Firewall, so I don't see that as > a problem. The problem that they are trying to avoid is having to copy > or replicate the data to the Database Server (too time consuming). What > are the dangers with adding a third interface to the Firewall and > putting the Database on a seperate DMZ. It would look like this: > > Internet > | > | ---------- --------- > | -Database- - Web - > | ---------- --------- > --------- | | > - FW ------------------------------ > --------- > | > | > | > Internal > Network > > Rules would be put on the firewall to only allow external access from > the internet to the DMZ. We would not allow any access from the DMZ > into the internal Network. > Any suggestions would be appreciated. > Thanks > John Hi, I'm faced with similar requirements, and I'm evaluating alternatives. My analysis, so far, of this situation: 1. The database server and the Web server are open to attack, wherever you place them, because you want to allow external users to access them. 2. The rationale for placing these servers in the DMZ is that even if they are compromised, the rest of your network is still protected by the firewall; the damage is contained to these servers. 3. You can use the firewall to protect your Web & Database servers by configuring it to reject all traffic between the Internet and the DMZ, except HTTP browser traffic with the Web Server. The DataBase Server should be accessible from the Web Server and from the Internal network. Perhaps you could increase protection to the database server by placing it on a fourth network segment connected to the firewall. Internet | ---------- | --------- -Database- | - Web - ---------- | --------- | --------- | ----------------- FW ------------------------ --------- | | | Internal Network 4. You still have to protect your Web server - e.g., against malicious CGI scripts. I think TIS (http://www.tis.com) have a product for Web server protection. 5. You still have to protect your database server - e.g., you need to ensure that users, especially from the Web server, who access the database server cannot access data they are not authorized to access. I would be interested in further views/analysis/security holes/solutions on this topic. Regards -- Prabhakar D. Mallya Infosys Technologies, Bangalore, India http://www.inf.com/ e-mail: pdmallya@inf.com phone: 91-80-8520261 xtn 1156 fax: 91-80-8520348 From owner-firewalls-outgoing Tue Apr 1 21:45:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA25308 for firewalls-outgoing; Tue, 1 Apr 1997 21:30:21 -0800 (PST) Received: from col1.telecom.com.co (COL1.TELECOM.COM.CO [200.21.200.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id VAA25299 for ; Tue, 1 Apr 1997 21:30:16 -0800 (PST) Received: from [200.21.212.34] by col1.telecom.com.co; (5.65v3.2/1.1.8.2/04Oct96-1154AM) id AA17350; Wed, 2 Apr 1997 00:35:02 -0500 Received: by ucauca.edu.co (SMI-8.6/SMI-SVR4) id XAA03710; Tue, 1 Apr 1997 23:32:45 -0400 Date: Tue, 1 Apr 1997 23:32:45 -0400 (CST) From: Mauricio Constain To: firewalls@greatcircle.com Subject: which proxy server is beter? Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I am seting up a firewall and i want to know what proxy software (for Solaris or linux) can i use to let about 50 pc's have access to internet. Actually I am using CERN HTTPD as proxy server but i am not satisfy whit the performance because sometimes the transfer for FTP shutdowns. It's better to put the proxy server in a sparc station or in a pc whit linux ?. I'm looking for the best comercial or public-domain sofware, any experience can help. Thanks Mauricio Constain mconsta@atenea.ucauca.edu.co From owner-firewalls-outgoing Tue Apr 1 22:13:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA26963 for firewalls-outgoing; Tue, 1 Apr 1997 21:46:49 -0800 (PST) Received: from miles.greatcircle.com (miles.greatcircle.com [198.102.244.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id VAA26853 for ; Tue, 1 Apr 1997 21:46:24 -0800 (PST) Received: from mrkev.vabo.cz (mrkev.vabo.cz [160.216.1.1]) by miles.greatcircle.com (8.8.5/Miles-970308-2) with SMTP id VAA10568 for ; Tue, 1 Apr 1997 21:42:58 -0800 (PST) Message-Id: <199704020542.VAA10568@miles.greatcircle.com> Received: by mrkev.vabo.cz (1.37.109.4/16.2) id AA12792; Wed, 2 Apr 97 07:37:23 +0200 From: Josef Kaderka Subject: Re: PC based network analyzer To: firewalls@greatcircle.com Date: Wed, 2 Apr 97 7:37:23 METDST Phone: +42 5 4118 2704 Mailer: Elm [revision: 70.85] Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Does anyone know if there is a kind of PC based network packet > analyzer? I use over 4 years NetSight Analyst from Intel. It's MS DOS based and can works with any (I hope) NIC through packet driver. Full installation has less than 1 MB :-). You can create many filters for receiving or displaying packets, decode any packet etc. This product helped me many times when I doubted what really occurs in network. +---------------------------------------------------------------+ | Josef Kaderka kade@vabo.cz | +---------------------------------------------------------------+ | Network & Internet administrator tel. xx420 5 41182704 | | Department of Computers fax. xx420 5 41182987 | | Brno Military Academy | | Kounicova 65, 612 00 Brno, Czech Republic OK2PWD | +---------------------------------------------------------------+ From owner-firewalls-outgoing Tue Apr 1 22:22:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id WAA00732 for firewalls-outgoing; Tue, 1 Apr 1997 22:18:40 -0800 (PST) Received: from col1.telecom.com.co (COL1.TELECOM.COM.CO [200.21.200.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id WAA00704 for ; Tue, 1 Apr 1997 22:18:31 -0800 (PST) Received: from [200.21.212.34] by col1.telecom.com.co; (5.65v3.2/1.1.8.2/04Oct96-1154AM) id AA16672; Wed, 2 Apr 1997 01:23:22 -0500 Received: by ucauca.edu.co (SMI-8.6/SMI-SVR4) id AAA03927; Wed, 2 Apr 1997 00:21:05 -0400 Date: Wed, 2 Apr 1997 00:21:05 -0400 (CST) From: Mauricio Constain To: firewalls@greatcircle.com Subject: which proxy server is beter? Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I am seting up a firewall and i want to know what proxy software (for Solaris or linux) can i use to let about 50 pc's have access to internet. Actually I am using CERN HTTPD as proxy server but i am not satisfy whit the performance because sometimes the transfer for FTP shutdowns. It's better to put the proxy server in a sparc station or in a pc whit linux ?. I'm looking for the best comercial or public-domain sofware, any experience can help. Thanks Mauricio Constain mconsta@atenea.ucauca.edu.co From owner-firewalls-outgoing Wed Apr 2 00:37:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA10700 for firewalls-outgoing; Wed, 2 Apr 1997 00:33:29 -0800 (PST) Received: from flex.flex.ro (flex.flex.ro [193.230.255.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id AAA10693 for ; Wed, 2 Apr 1997 00:33:20 -0800 (PST) Received: from powercore (dial05.flex.ro [193.230.255.105]) by flex.flex.ro (8.7.5/8.7.3) with ESMTP id MAA10062 for ; Wed, 2 Apr 1997 12:25:44 +0300 Message-Id: <199704020925.MAA10062@flex.flex.ro> From: "Viorel Dehelean" To: Subject: VBX Date: Wed, 2 Apr 1997 11:35:44 +0300 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Any one know if there is a posibility to convert VBX files into OCX files ? Best Regards , Viorel Dehelean AKA Powerman - Risc Team vdehelean@flex.ro powerm@usa.net http://www.flex.ro/RISC Tel. Home : 039-615151 Tel. Work : 039-641841 From owner-firewalls-outgoing Wed Apr 2 01:22:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA11707 for firewalls-outgoing; Wed, 2 Apr 1997 00:54:34 -0800 (PST) Received: from TYO9.gate.nec.co.jp (TYO9.gate.nec.co.jp [203.180.98.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id AAA11700 for ; Wed, 2 Apr 1997 00:54:28 -0800 (PST) From: Lo_Chi_Hou@PHI-HKMRO.ccgw.nec.co.jp Received: from mailsv.nec.co.jp ([133.200.254.203]) by TYO9.gate.nec.co.jp (8.8.5+2.7Wbeta5/3.4Wb-NEC-TYO9) with ESMTP id RAA25676 for ; Wed, 2 Apr 1997 17:55:09 +0900 (JST) Received: from gmsjp25.gms.nec.co.jp (gmsjp25.gms.nec.co.jp [10.1.243.2]) by mailsv.nec.co.jp (8.8.5+2.7Wbeta5/3.4W-97040118) with ESMTP id RAA22676 for ; Wed, 2 Apr 1997 17:55:06 +0900 (JST) Received: by gmsjp25.gms.nec.co.jp (8.8.5+2.7Wbeta5/6.4JAIN) id RAA03106; Wed, 2 Apr 1997 17:55:06 +0900 (JST) Message-Id: <199704020855.RAA03106@gmsjp25.gms.nec.co.jp> To: Firewalls@GreatCircle.COM Subject: Network Access Authentication... Date: Wed, 2 Apr 1997 13:40:00 +0900 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi!!! I am currently working on an project that will require me to do some authentication, audit, and accounting on both dial up and LAN user's Internet usage in our University. For dial up we don't have much problem, there is the TACACS and XTACACS that can be use for this purposes. But I am having a problem when it comes to the LAN user. I need to protect and prevent unauthorize users in the campus from accessing the Internet. To do LAN user authentication and control, I am kind of thinking may be a firewall or proxy may do the tricks. Something like the setup below: Internet ----- Router ------+---- Proxy ----- Internal LAN | Bastion Host The proxy should be able to do some authentication, and accounting on the user. Can anyone tell me where I can find such a proxy? or any other software that may help me solve the problem? TACACS use the wtmp format of UNIX for saving accounting data(such as login and logout time, username... etc). I was hoping that the proxy will also be able to log user info in such a format for better management. Thanks in advance.... From owner-firewalls-outgoing Wed Apr 2 02:42:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA20038 for firewalls-outgoing; Wed, 2 Apr 1997 02:21:30 -0800 (PST) Received: from mail.vtx.ch (mail.vtx.ch [194.51.92.4]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA20031 for ; Wed, 2 Apr 1997 02:21:21 -0800 (PST) Received: from tla03 ([194.191.78.3]) by mail.vtx.ch (Netscape Mail Server v1.1) with SMTP id AAA2321; Wed, 2 Apr 1997 12:19:32 +0200 Message-ID: <33422236.C68@tla.ch> Date: Wed, 02 Apr 1997 11:09:10 +0200 From: Christian ALT Reply-To: calt@tla.ch Organization: Telecom and Logistics Associates X-Mailer: Mozilla 3.0Gold (WinNT; I) MIME-Version: 1.0 To: Mauricio Constain CC: Firewalls@greatcircle.com Subject: Re: which proxy server is beter? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Go and look for squid, freeware, we replaced our linux cern httpd by a sparc 4 with squid, works great. Many people claim that it is faster than commercial proxy. http://www.nlanr.net/Squid/ Mauricio Constain wrote: > > I am seting up a firewall and i want to know what proxy software (for > Solaris or linux) can i use to let about 50 pc's have access to internet. > > Actually I am using CERN HTTPD as proxy server but i am not satisfy whit > the performance because sometimes the transfer for FTP shutdowns. > > It's better to put the proxy server in a sparc station or in a pc whit > linux ?. > > I'm looking for the best comercial or public-domain sofware, any > experience can help. > > Thanks > > Mauricio Constain > mconsta@atenea.ucauca.edu.co -- Christian ALT E-mail: calt@tla.ch Telecom and Logistics Associates phone & fax : +41 22 328 14 88 10, Rue des Savoises, CH-1205 Geneva http://www.tla.ch From owner-firewalls-outgoing Wed Apr 2 03:21:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA22582 for firewalls-outgoing; Wed, 2 Apr 1997 03:11:56 -0800 (PST) Received: from dallas-cs-000.novare.net (dallas-cs-000.novare.net [205.229.104.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA22545 for ; Wed, 2 Apr 1997 03:11:36 -0800 (PST) Received: from muggles (mark@muggles.novare.net [205.229.105.72]) by dallas-cs-000.novare.net (8.7.6/8.6.9) with SMTP id FAA16339 for ; Wed, 2 Apr 1997 05:17:42 -0600 Message-ID: <33423F92.59E69C29@novare.net> Date: Wed, 02 Apr 1997 05:14:26 -0600 From: m* Organization: Novare' International Information Systems X-Mailer: Mozilla 3.0Gold (X11; I; Linux 2.0.27 i586) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Re: which proxy server is beter? References: <33422236.C68@tla.ch> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Christian ALT wrote: > > Go and look for squid, freeware, we replaced our linux cern httpd by a > sparc 4 with squid, works great. Many people claim that it is faster > than commercial proxy. > > http://www.nlanr.net/Squid/ > > Mauricio Constain wrote: > > > > I am seting up a firewall and i want to know what proxy software (for > > Solaris or linux) can i use to let about 50 pc's have access to internet. i have gotten fabulous performance from our squid through our firewall. it's a relative cince to set up and configure too ( on debian linux ). i would highly recommend it. m* -- "The Shining One" -- From owner-firewalls-outgoing Wed Apr 2 03:44:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA22303 for firewalls-outgoing; Wed, 2 Apr 1997 03:09:09 -0800 (PST) Received: from bbbpop.bbamerindus.com.br ([200.250.236.20]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA22296 for ; Wed, 2 Apr 1997 03:08:59 -0800 (PST) Received: from leste by bbbpop.bbamerindus.com.br with SMTP (1.39.111.2/16.2) id AA116389469; Wed, 2 Apr 1997 08:11:09 -0300 Message-Id: <33423E2D.275C@usa.net> Date: Wed, 02 Apr 1997 08:08:29 -0300 From: Pedro Lineu Orso Organization: Banco Bamerindus do Brasil SA X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) Mime-Version: 1.0 To: Lo_Chi_Hou@PHI-HKMRO.ccgw.nec.co.jp Cc: Firewalls@GreatCircle.COM Subject: Re: Network Access Authentication... References: <199704020855.RAA03106@gmsjp25.gms.nec.co.jp> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Lo_Chi_Hou@PHI-HKMRO.ccgw.nec.co.jp wrote: > > Hi!!! I am currently working on an project that will require > me to do some authentication, audit, and accounting on both > dial up and LAN user's Internet usage in our University. > > For dial up we don't have much problem, there is the TACACS > and XTACACS that can be use for this purposes. But I am > having a problem when it comes to the LAN user. I need to > protect and prevent unauthorize users in the campus from > accessing the Internet. > > To do LAN user authentication and control, I am kind of > thinking may be a firewall or proxy may do the tricks. > > Something like the setup below: > > > Internet ----- Router ------+---- Proxy ----- Internal LAN > | > Bastion Host > > The proxy should be able to do some authentication, and > accounting on the user. > > Can anyone tell me where I can find such a proxy? or any > other software that may help me solve the problem? > > TACACS use the wtmp format of UNIX for saving accounting > data(such as login and logout time, username... etc). I was > hoping that the proxy will also be able to log user info > in such a format for better management. > > Thanks in advance.... Hi Lo Try Squid Proxy at http://squid.nlanr.net/Squid The Squid authentication works fine for me. Pedro L Orso HSBC BAmerindus orso@usa.net Brazil From owner-firewalls-outgoing Wed Apr 2 04:07:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA27347 for firewalls-outgoing; Wed, 2 Apr 1997 03:50:14 -0800 (PST) Received: from linuxdtc. ([194.148.23.67]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id DAA27297 for ; Wed, 2 Apr 1997 03:49:59 -0800 (PST) Received: from Smaret.datelec.ch (smaret. [194.148.23.108]) by linuxdtc. (8.6.12/8.6.9) with SMTP id FAA19897 for ; Wed, 2 Apr 1997 05:00:17 +0100 Message-Id: <2.2.32.19970402134907.006c836c@mail.datelec.ch> X-Sender: smaret@mail.datelec.ch X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 02 Apr 1997 13:49:07 +0000 To: firewalls@GreatCircle.COM From: Sylvain Maret Subject: Re: Network penetration test tool? Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 10:57 AM 3/27/97 -0800, you wrote: >Hi All, > Does anyone have a recommendation of any commercial software or >freeware > that will do network penetration or vulnerability test? > Thanks in advance! >---- >Kay.H.Weng@cpmx.saic.com >FAX: 619-458-2786 Voice: 619-535-7874 > >Science Application International Corp. >10260 Campus Point Dr., Loc. 245, MS A1 >San Diego, CA 92121 > > Have a look on http://www.iss.net This is great scan tools. +------------------------------------------------------------+ Sylvain MARET, Systems Engineer Datelec Networks SA Route du Bois-Genoud 1 CH-1023 Crissier / Lausanne Tel: +41 21 636.26.26 Switzerland Fax: +41 21 636.12.46 Visit our Web Site: http://www.datelec.com +-------------------------------------------------------------+ From owner-firewalls-outgoing Wed Apr 2 05:23:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id EAA03221 for firewalls-outgoing; Wed, 2 Apr 1997 04:51:06 -0800 (PST) Received: from tymix.Tymnet.COM (tymix.tymnet.com [131.146.2.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id EAA03197 for ; Wed, 2 Apr 1997 04:50:55 -0800 (PST) Received: by tymix.Tymnet.COM (4.1/SMI-4.1) id AA21391; Wed, 2 Apr 97 04:51:35 PST Received: from titan by tymix.Tymnet.COM (in.smtpd); 2 Apr 0 4:51:34 PDT Received: by titan.tymnet.com (4.1/SMI-4.1) id AA14862; Wed, 2 Apr 97 04:51:32 PST From: dtosic@titan.Tymnet.COM (Dragan Tosic) Message-Id: <9704021251.AA14862@titan.tymnet.com> Subject: FTP site for "The Gobbler" To: firewalls@greatcircle.com Date: Wed, 2 Apr 1997 04:51:31 -0800 (PST) X-Mailer: ELM [version 2.4 PL24] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi there, does anybody on this list has a pointer to FTP site which contains program named "The Gobbler" ? This is an fairly old snifffer prog for DOS based PCs,but anyway...... TIA D.B.Tosic Frankfurt/Germany From owner-firewalls-outgoing Wed Apr 2 05:37:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA06056 for firewalls-outgoing; Wed, 2 Apr 1997 05:29:49 -0800 (PST) Received: from scribe.cc.purdue.edu (scribe.cc.purdue.edu [128.210.11.6]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id FAA06049 for ; Wed, 2 Apr 1997 05:29:42 -0800 (PST) Received: from ia01.freh.purdue.edu by scribe.cc.purdue.edu; Wed, 2 Apr 97 08:30:26 -0500 Comments: Authenticated sender is From: "Michael S Hines" Organization: Purdue University To: Firewalls@greatcircle.com Date: Wed, 2 Apr 1997 08:33:12 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Network penetration test tool? Reply-to: mshines@purdue.edu X-mailer: Pegasus Mail for Win32 (v2.42) Message-Id: <33425f7256f5002@scribe.cc.purdue.edu> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Speaking of penetrtion testing - what tools does SIAC offer? I believe SATAN also does a pretty good job of scanning to assure latest patches are installed. It has a hypertext user interface with drill down for more details. It may be somewhat dated now, but it is user extendable for particular additional tests you want performed. You might check out the Computer Operations, Audit, and Security Technology web site for more information and tools - www.cs.purdue.edu/COAST. ----------------------------------------------------------------- Internet: mshines@purdue.edu * Michael S. Hines, CDP, CFE Voice: (765) 494-5845 * Sr. Information Systems Auditor FAX: (765) 496-1814 * Purdue University * 1065 Freehafer Hall * West Lafayette, IN 47907-1065 From owner-firewalls-outgoing Wed Apr 2 06:17:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA07793 for firewalls-outgoing; Wed, 2 Apr 1997 05:49:38 -0800 (PST) Received: from mailhost.onramp.net (mailhost.onramp.net [199.1.11.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA07763 for ; Wed, 2 Apr 1997 05:49:26 -0800 (PST) Received: from sage1 (sage1.doogie.com [206.50.2.2]) by mailhost.onramp.net (8.8.5/8.6.5) with ESMTP id HAA25572; Wed, 2 Apr 1997 07:50:06 -0600 (CST) Message-Id: <199704021350.HAA25572@mailhost.onramp.net> From: "Jerry Mckane" To: "Dragan Tosic" , Cc: Subject: Re: FTP site for "The Gobbler" Date: Wed, 2 Apr 1997 07:49:51 -0600 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1161 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk try here http://www.pris.bc.ca/tech/faqs/sniff.htm ---------- > From: Dragan Tosic > To: firewalls@GreatCircle.COM > Subject: FTP site for "The Gobbler" > Date: Wednesday, April 02, 1997 6:51 AM > > Hi there, > does anybody on this list has a pointer to > FTP site which contains program named "The Gobbler" ? > This is an fairly old snifffer prog for DOS based PCs,but anyway...... > TIA > D.B.Tosic Frankfurt/Germany From owner-firewalls-outgoing Wed Apr 2 06:37:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA10983 for firewalls-outgoing; Wed, 2 Apr 1997 06:26:53 -0800 (PST) Received: from dns2.infocom.etecsa.cu ([169.158.64.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA10957 for ; Wed, 2 Apr 1997 06:26:36 -0800 (PST) Received: by dns2.infocom.etecsa.cu (Smail3.1.28.1 #3) id m0wCR0G-0002U6C; Wed, 2 Apr 97 09:27 EST Received: from manati.in.etecsa.cu by dns2.infocom.etecsa.cu with SMTP id XXXXXXXX-Xa27992; Wed, 02 Apr 97 09:27 EST Received: by manati.in.etecsa.cu (Smail3.1.28.1 #3) id m0wCR0F-00017iC; Wed, 2 Apr 97 09:27 EST Message-Id: Subject: DNS doble-reverse ...HELP To: firewalls@greatcircle.com Date: Wed, 2 Apr 1997 09:27:07 -0500 (EST) From: Betsy Abreu X-Mailer: ELM [version 2.4 PL13] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi I've problems configuring a double reverse lookups on a DNS server; I heard about a wildcard on PTR records but cannot solve them, this cause that ftp connections to places that make double reverse lookup (like ftp.tis.com) are refused. I'm using SVR3 and BIND 4.9.2 Could anybody give me some information about this ? Thanks BETSY Betsy Abreu e-mail: betsy@mail.infocom.etecsa.cu From owner-firewalls-outgoing Wed Apr 2 07:00:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA11993 for firewalls-outgoing; Wed, 2 Apr 1997 06:44:44 -0800 (PST) Received: from palrel3.hp.com (palrel3.hp.com [15.253.88.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA11986; Wed, 2 Apr 1997 06:44:40 -0800 (PST) From: CHRISTIAN_STAHL@HP-Denmark-om1.om.hp.com Received: from stamp.brussels.hp.com (stamp.brussels.hp.com [15.184.0.125]) by palrel3.hp.com with ESMTP (8.7.5/8.7.3) id GAA13632; Wed, 2 Apr 1997 06:45:21 -0800 (PST) Received: from by stamp.brussels.hp.com with SMTP (1.37.109.16/15.5+ECS 3.4 Openmail) id AA040092311; Wed, 2 Apr 1997 16:45:11 +0200 X-Openmail-Hops: 1 Date: Wed, 2 Apr 97 16:44:55 +0200 Message-Id: In-Reply-To: <199703041521.HAA29074@miles.greatcircle.com> Subject: Problems with VPN conf. on Raptor 4.0, NT 4.0 To: firewalls@GreatCircle.COM, firewalls-owner@GreatCircle.COM Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hey, I have a small configuration problem with setting up VPN between to Raptor Eagle version 4.0 firewalls. 1: Does anyone know how to see when the tunnel is up and running (Logfiles etc.) 2: Is it right that i can't see anything in the ESP type field under the secure tunnel menu? Best regards Christian Stahl From owner-firewalls-outgoing Wed Apr 2 07:52:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA19699 for firewalls-outgoing; Wed, 2 Apr 1997 07:45:31 -0800 (PST) Received: from deere-bh.dx.deere.com (deere-bh.dx.deere.com [207.122.201.66]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA19670 for ; Wed, 2 Apr 1997 07:45:21 -0800 (PST) Received: (from uucp@localhost) by deere-bh.dx.deere.com (8.6.12/8.6.11) id JAA21321; Wed, 2 Apr 1997 09:41:06 -0600 Received: from 192.43.1.3 by deere-bh.dx.deere.com via smap (V3.1.1) id xma020147; Wed, 2 Apr 97 09:39:41 -0600 Received: from 90.deere.com by deere (SMI-8.6/SMI-SVR4) id JAA05122; Wed, 2 Apr 1997 09:43:51 -0600 Received: from catbert.uu.deere.com by 90.deere.com (SMI-8.6/SMI-SVR4) id JAA22014; Wed, 2 Apr 1997 09:43:51 -0600 Message-ID: <33427E63.6DD7@90.deere.com> Date: Wed, 02 Apr 1997 09:42:27 -0600 From: Bertrum Carroll Organization: Deere & Company X-Mailer: Mozilla 4.0b2 (Win95; I) MIME-Version: 1.0 To: Robin J Smith CC: Cato Antonsen , "'firewalls@GreatCircle.COM'" Subject: Re: Microsoft ULS/ILS through a firewall X-Priority: 3 (Normal) References: Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Is anyone really doing Netmeeting through their firewall. We are considering doing this but it looks unsafe. I'd like to know (other than Microsoft) who is doing this and if I can get any "lessons learned" from thier install. Bert Carroll bc17684@90.deere.com From owner-firewalls-outgoing Wed Apr 2 08:38:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA21935 for firewalls-outgoing; Wed, 2 Apr 1997 08:12:17 -0800 (PST) Received: from Bear.COM (wafw.bear.com [207.159.107.81]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id IAA21921 for ; Wed, 2 Apr 1997 08:12:05 -0800 (PST) Received: by Bear.COM (SMI-8.6/SMI-SVR4) id LAA06498; Wed, 2 Apr 1997 11:06:35 -0500 Received: from fastbear(147.107.87.14) by wafw via smap (V2.0beta) id xma003692; Wed, 2 Apr 97 10:57:34 -0500 Received: from whip_xfr by fastbear.bear.com (4.1/SMI-4.1/1.0 AMR 12/15/94) id AA12668; Wed, 2 Apr 97 11:06:13 EST Received: from wizard by whip_xfr (SMI-8.6/SMI-SVR4) id LAA04643; Wed, 2 Apr 1997 11:03:43 -0500 Received: from neptune by wizard (SMI-8.6/SMI-SVR4) id LAA07875; Wed, 2 Apr 1997 11:03:42 -0500 Message-Id: <3342835F.3839@bear.com> Date: Wed, 02 Apr 1997 11:03:43 -0500 From: Shahryar Jahangir Organization: Bear Stearns, Inc X-Mailer: Mozilla 3.0Gold (X11; I; SunOS 5.5.1 sun4u) Mime-Version: 1.0 To: Ziv Dascalu Cc: firewalls@GreatCircle.COM, mmozes@fujitsu.ca Subject: Re: RealAudio References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Through a proxy it's 1090. Go to the ralaudio page. You will see that once you have the software installed, it's all done transparently. check out the homepage dude ! sj Ziv Dascalu wrote: > > --- On Mon, 31 Mar 97 10:36:00 PST mmozes@fujitsu.ca wrote: > > > > >Does anyone know the port number for RealAudio? > > > >Thanks, > > -----------------End of Original Message----------------- > > realAudio is 7070 TCP > > /ZIv > /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ > | A B I R N E T Active Network Protection http://www.AbirNet.com | > \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ -- ........................................... " Is there a God ? I don't know, the computer is down !" Shahryar Jahangir Information Services Bear Stearns & Co. Inc. 245 Park Avenue New York, NY 10167 email: sj@bear.com Tel: 212 272 7764 Fax : 212 499 6977 ........................................... -- ******************************************************************************* Bear Stearns is not responsible for any recommendation, solicitation, offer or agreement or any information about any transaction, customer account or account activity contained in this communication. ******************************************************************************* From owner-firewalls-outgoing Wed Apr 2 08:52:20 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA23264 for firewalls-outgoing; Wed, 2 Apr 1997 08:35:33 -0800 (PST) Received: from ns.trade-a-plane.com (ns.trade-a-plane.com [208.138.64.15]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA23223 for ; Wed, 2 Apr 1997 08:35:20 -0800 (PST) Received: from ns.trade-a-plane.com ([208.138.64.5]) by ns.trade-a-plane.com (Netscape Mail Server v2.0) with ESMTP id AAA18081 for ; Wed, 2 Apr 1997 10:37:01 -0500 Message-ID: <33428AF0.13E7@trade-a-plane.com> Date: Wed, 02 Apr 1997 10:36:00 -0600 From: greg@trade-a-plane.com (Greg Walker) Reply-To: greg@trade-a-plane.com Organization: TAP Publishing Company X-Mailer: Mozilla 4.0b2 (Win95; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: NAT on Firewall-1 X-Priority: 3 (Normal) Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk We have a net configured like this local net ----------FireWall-1---------Web Server----------Router-------Internet illegal IP version 2.1 DNS Server Email works fine through the Firewall, but I cannot access the web from an internal client(the same client has no problem accessing the web when connected to the external net). I have tried address translation in Firewall-1 along with route and arp commands. All this does is make my email not work. The Firewall is running on Solaris, as is the WEB and DNS servers. My questions: 1. Should I be able to access the web with my internal client through the Firewall? 2. Can you put more than one route in WIN95 (gateway) - one for the internal side of the firewall, and one for the router to the net? 3. Will I have to set up routes on the router? 4. Will DNS work through the firewall? Thanks in advance, Greg Walker greg@trade-a-plane.com From owner-firewalls-outgoing Wed Apr 2 09:03:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA24704 for firewalls-outgoing; Wed, 2 Apr 1997 08:50:23 -0800 (PST) Received: from jehova.owl.de (jehova.owl.de [194.121.202.132]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA24695 for ; Wed, 2 Apr 1997 08:50:15 -0800 (PST) Received: from fiction.pb.owl.de (root@fiction.pb.owl.de [193.174.12.5]) by jehova.owl.de (8.8.5/8.8.5) with SMTP id SAA04384 for ; Wed, 2 Apr 1997 18:50:57 +0200 (MET DST) Received: from squirrel.owl.de by fiction.pb.owl.de with bsmtp id m0wCTKr-00003CC; Wed, 2 Apr 97 18:56 MET DST Received: (qmail 5835 invoked by uid 300); 2 Apr 1997 14:52:28 -0000 Date: 2 Apr 1997 14:52:28 -0000 Message-ID: <19970402145228.5834.qmail@squirrel.owl.de> From: Stuart Johnson To: firewalls@greatcircle.com Subject: Haystack info (Steve Smaha) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk About a month ago, I inquired about Haystack and Wheelgroup. I received an email from someone at Haystack that did not want to disclose their identity but revealed a lot of information about the company. I believe this information to be true, but would like to find out to the contrary. >From the inside information, apparently the founder and CEO of Haystack, Steve Smaha has been removed because he was a control freak and raving lunatic inside the company. Haystack is in decay because the Stalker family was a complete misdesign and failure. Also the source said that Steve Smaha was threatening to sue his own investors, partners, and customers. This seems kind of extreme to me, but the confirmation about Haystack suing Wheelgroup leaves this as a definite possibility. Some of the customers for Haystack have emailed me saying they have not received an update for some of the Stalker family in over 3 years. I wouldn't be suprised if Steve Smaha does not get sued himself if this is true. The investors, that removed Steve Smaha, brought in a new CEO. He is currently moving the company to Boston due to the lack of engineering talent in the former Austin HQ of Haystack. The new CEO is trying to recruit engineers that can decipher the source code because it lacked any structure and comments to understand it. I would have probably ignored this email except I am interested in monitoring tools and this seems like a legitimate insider giving me details. I have tried to contact Steve Smaha but have not been able to reach him. I am looking for someone who might know the company better than me to confirm these facts. Stuart From owner-firewalls-outgoing Wed Apr 2 10:01:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA01650 for firewalls-outgoing; Wed, 2 Apr 1997 09:43:51 -0800 (PST) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA01641 for ; Wed, 2 Apr 1997 09:43:45 -0800 (PST) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id MAA27508; Wed, 2 Apr 1997 12:44:27 -0500 Date: Wed, 2 Apr 1997 12:44:27 -0500 (EST) From: Todd Graham Lewis To: Mauricio Constain cc: firewalls@GreatCircle.COM Subject: Re: which proxy server is beter? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 1 Apr 1997, Mauricio Constain wrote: > I am seting up a firewall and i want to know what proxy software (for > Solaris or linux) can i use to let about 50 pc's have access to internet. > > Actually I am using CERN HTTPD as proxy server but i am not satisfy whit > the performance because sometimes the transfer for FTP shutdowns. > > It's better to put the proxy server in a sparc station or in a pc whit > linux ?. > > I'm looking for the best comercial or public-domain sofware, any > experience can help. I can vouch personally for the stability and overall performance of The Squid (http://squid.nlanr.net) under Linux. We support several hundred users using such a configuration as part of our firewall setup, and it has never given us (non-operator-error-related) problems of any sort. Plus, of course, other than hardware everything in such a solution comes free and with full source. __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Wed Apr 2 10:19:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA02918 for firewalls-outgoing; Wed, 2 Apr 1997 09:52:26 -0800 (PST) Received: from gw.garrison.com ([205.241.58.147]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA02888 for ; Wed, 2 Apr 1997 09:52:09 -0800 (PST) Received: from gw.garrison.com (root@localhost) by gw.garrison.com (8.7.5/8.7.3) with ESMTP id LAA07692; Wed, 2 Apr 1997 11:52:39 -0600 (CST) Received: from garrison.com (garrison.com [10.0.0.2]) by gw.garrison.com (8.7.5/8.7.3) with SMTP id LAA07688; Wed, 2 Apr 1997 11:52:38 -0600 (CST) Received: by garrison.com (4.1/SMI-4.1) id AA01730; Wed, 2 Apr 97 11:52:13 CST Date: Wed, 2 Apr 97 11:52:13 CST From: jeromie@garrison.com (Jeromie Jackson) Message-Id: <9704021752.AA01730@garrison.com> To: firewalls@GreatCircle.COM, CHRIS.NICHOLS@EY.COM Subject: Re: sudo Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Who makes a commercial version of sudo? > > Chris > chris.nichols@ey.com > I do believe "Freedman & Associates" as well as Guardian from Datalyxn offer sudo type options, as wel as a load of other things.. Jeromie Jackson Garrison Technologies jeromie@garrison.com From owner-firewalls-outgoing Wed Apr 2 10:41:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA02006 for firewalls-outgoing; Wed, 2 Apr 1997 09:45:44 -0800 (PST) Received: from cerberus2.fon.sprintcorp.com (cerberus2.fon.sprintcorp.com [204.215.0.61]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA01965 for ; Wed, 2 Apr 1997 09:45:31 -0800 (PST) From: BLeBlanc@igate.sprint.com Received: by cerberus2.fon.sprintcorp.com; id LAA21075; Wed, 2 Apr 1997 11:46:14 -0600 (CST) Received: from fonkc28.fon.sprintcorp.com(144.223.19.54) by cerberus2.fon.sprintcorp.com via smap (3.2) id xma021054; Wed, 2 Apr 97 11:45:51 -0600 Received: FROM FONIMAIL.fonkc28.fon.sprintcorp.com BY fonkc28.fon.sprintcorp.com ; 2 APR 97 11:45:50 CST Date: 2 APR 97 11:43:32 CST Subject: FW: Problems with VPN conf. on Raptor 4.0, NT 4.0 To: firewalls@greatcircle.com Message-ID: <0007zvrhljfj.H000012201d9df73@igate.sprint.com> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Christian, Raptor has a new whitepaper on the 4.0 firewall on their web page, including graphics of the configuration pages. Take a look at: http://www.raptor.com/whitepaper/5.html (VPN chapter) or http://www.raptor.com/whitepaper/title.html (Table of Contents for the new whitepaper) Hope this helps, Bob ---------- From: firewalls-owner Sent: Wednesday, April 02, 1997 10:46 AM To: LeBlanc, Bob J.; ; Subject: Problems with VPN conf. on Raptor 4.0, NT 4.0 Hey, I have a small configuration problem with setting up VPN between to Raptor Eagle version 4.0 firewalls. 1: Does anyone know how to see when the tunnel is up and running (Logfiles etc.) 2: Is it right that i can't see anything in the ESP type field under the secure tunnel menu? Best regards Christian Stahl From owner-firewalls-outgoing Wed Apr 2 10:49:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA05195 for firewalls-outgoing; Wed, 2 Apr 1997 10:09:54 -0800 (PST) Received: from gw.intuit.com (fw.intuit.com [199.2.32.4]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id KAA05185 for ; Wed, 2 Apr 1997 10:09:48 -0800 (PST) Received: by gw.intuit.com (4.1/SMI-4.1) id AA25919; Wed, 2 Apr 97 10:08:09 PST Received: from cliff.intuit.com(199.2.34.38) by gw.intuit.com via smap (V1.3) id sma025703; Wed Apr 2 10:07:28 1997 Received: from ra.intuit.com.intuit.com by cliff.intuit.com (4.1/SMI-4.1d) id AA26127; Wed, 2 Apr 97 10:07:08 PST From: corby@intuit.com (Corby Anderson) Message-Id: <9704021807.AA26127@cliff.intuit.com> Subject: Re: DNS doble-reverse ...HELP To: firewalls@greatcircle.com Date: Wed, 2 Apr 1997 10:08:48 -0800 (PST) X-Mailer: ELM [version 2.4 PL22] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I can't make any sense of your question. A forward lookup to ftp.tis.com gives a CNAME record for portal.ex.tis.com which in turn give an A record of 192.94.214.101. A reverse lookup on 192.94.214.101 immediately gives a PTR record of portal.ex.tis.com. There's nothing double about it. The only good use I've heard of for wildcards is in MX records. And it's not really a good use at that. So what EXACTLY is your problem? Can you please describe something that your trying to do but can't? Can you provide as many examples as you think are warrented? For example, it would be nice if you provided information like, "when I try to telnet to that host, it drops me immediately, but when I ftp to it, it waits one minute and then lets me in. I can't ping to that name, but I *can* ping to that address." > Betsy Abreu says: > > Hi > I've problems configuring a double reverse lookups on a DNS server; I > heard about a wildcard on PTR records but cannot solve them, this cause > that ftp connections to places that make double reverse lookup (like > ftp.tis.com) are refused. > > I'm using SVR3 and BIND 4.9.2 > > Could anybody give me some information about this ? > > Thanks > > BETSY From owner-firewalls-outgoing Wed Apr 2 12:06:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA13947 for firewalls-outgoing; Wed, 2 Apr 1997 11:19:59 -0800 (PST) Received: from mx01.netaddress.usa.net (mx01.netaddress.usa.net [204.68.24.129]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA13938 for ; Wed, 2 Apr 1997 11:19:55 -0800 (PST) Received: (qmail 14074 invoked by uid 0); 2 Apr 1997 19:20:38 -0000 Received: from 196.3.144.86 by www01 via web-mailer (2.1) on Wed, 02 Apr 1997 12:20:11 Message-ID: Date: Wed, 02 Apr 1997 12:20:11 From: "Ashram Beachoo" To: firewalls@GreatCircle.COM Subject: New Email Address Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My new email address is swamie@usa.net Please change your records so that I can start receiving my mail at this address. From owner-firewalls-outgoing Wed Apr 2 12:19:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA13742 for firewalls-outgoing; Wed, 2 Apr 1997 11:18:15 -0800 (PST) Received: from castles.com (sparc1.castles.com [199.4.103.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA13721 for ; Wed, 2 Apr 1997 11:18:06 -0800 (PST) Received: from jmcbrea.brwncald.com ([205.185.80.10]) by castles.com (5.x/SMI-SVR4/CASTLES) id AA19402; Wed, 2 Apr 1997 11:13:12 -0800 Message-Id: <2.2.32.19970402192126.00730e60@sparc1.castles.com> X-Sender: jmcbrea@sparc1.castles.com X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 02 Apr 1997 11:21:26 -0800 To: Firewalls@GreatCircle.COM From: John McBrearty Subject: Re: PC based network analyzer Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 03:34 PM 4/1/97 -0600, Wei Sun purportedly wrote: >Hi, > >Does anyone know if there is a kind of PC based network packet analyzer? > I've found useful a commercial product from the AG Group called Etherpeek (approx. $700 US) , which was originally developed for Macs and steadily improved on that platform. It now also runs on Win 95 (which I use) and reportedly NT. It includes translation filters for many types of packets, and its GUI is very intuitive in terms of filtering, device names, etc. (As I suppose you might expect coming from the Mac world.) The url is http://www.aggroup.com. My relation to the company is just that of a customer. ------------------ John McBrearty jmcbrearty@usa.net Computer and Network Consulting Pleasant Hill, CA 510-974-9171 ------------------ "Work is the curse of the drinking classes." - Oscar Wilde From owner-firewalls-outgoing Wed Apr 2 13:09:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA25642 for firewalls-outgoing; Wed, 2 Apr 1997 12:54:02 -0800 (PST) Received: from igate.nrc.gov (igate.nrc.gov [148.184.176.31]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA25631 for ; Wed, 2 Apr 1997 12:53:54 -0800 (PST) Received: from nrc.gov by smtp-gateway SMTP id PAA14132 for ; Wed, 2 Apr 1997 15:54:27 -0500 (EST) Received: from GATED-Message_Server by nrcsmtp.nrc.gov with Novell_GroupWise; Wed, 02 Apr 1997 15:55:49 -0500 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Wed, 02 Apr 1997 15:52:03 -0500 From: Victor Pham To: firewalls@GreatCircle.COM Subject: Firewall Architecture for Web, Database -Reply Mime-Version: 1.0 Content-Type: text/plain Content-Disposition: inline Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I see 2 problems: 1. From the picture, the Web server is INSIDE the firewall. 2. Put a Database server on the a separate segment is only a start. Questions to ask are: A. How do the public access the Database server? (telnet, http, etc.) B. How does your client plan to populate & manage the Database server? C. How concern do your client feel about network security? Answers to the above questions will make a different on HOW do you deploy the Database server. Victor Pham >>> John Kerr 04/01/97 09:44am >>> A customer of ours has asked about setting up a security architecture with the Firewall being the main focus. They would like to allow access into their Database inside of the Firewall opposed to having a Database Server that would sit outside the Firewall. They seem to be okay with having a Web server sitting outside the Firewall, so I don't see that as a problem. The problem that they are trying to avoid is having to copy or replicate the data to the Database Server (too time consuming). What are the dangers with adding a third interface to the Firewall and putting the Database on a seperate DMZ. It would look like this: Internet | | ---------- --------- | -Database- - Web - | ---------- --------- --------- | | - FW ------------------------------ --------- | | | Internal Network Rules would be put on the firewall to only allow external access from the internet to the DMZ. We would not allow any access from the DMZ into the internal Network. Any suggestions would be appreciated. Thanks John From owner-firewalls-outgoing Wed Apr 2 14:36:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA01204 for firewalls-outgoing; Wed, 2 Apr 1997 13:44:12 -0800 (PST) Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.130]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA01196 for ; Wed, 2 Apr 1997 13:44:02 -0800 (PST) Received: by inet03.citec.qld.gov.au; id HAA00560; Thu, 3 Apr 1997 07:44:43 +1000 Received: from guru.citec.qld.gov.au(147.132.20.47) by inet03.citec.qld.gov.au via smap (3.2) id xma000553; Thu, 3 Apr 97 07:44:22 +1000 Received: (from sgcccdc@localhost) by guru.citec.qld.gov.au (8.6.12/8.6.12) id HAA12028 for firewalls@greatcircle.com; Thu, 3 Apr 1997 07:45:58 +1000 From: Colin Campbell Message-Id: <199704022145.HAA12028@guru.citec.qld.gov.au> Subject: web servers, databases and firewalls - a solution? To: firewalls@greatcircle.com Date: Thu, 3 Apr 1997 07:45:57 +1000 (EST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, The growing number of questions and lack of solutions regarding firewalls between web servers and databases got me thinking. Why not put the CGI guts inside the firewall? On the web server the CGI just calls a stub which makes a network call through the firewall (using something like a plug-gw) to a well-mashed "httpd" on the inside that knows only how to fork a CGI program and pass it the args it receives on stdin. Or all the CGI programs on the web server are replaced with one that just passes everything to the bastion host. What we have is therefore: +------------+ | httpd | +------------+ |CGI frontend| External Web Server +------------+ | | +------------+ | plug-gw | Bastion Host +------------+ | | +------------+ |pseudo-httpd| +------------+ | real CGI | Internal Host(s) +------------+ | | +------------+ | database | +------------+ This has a number of advantages: 1) independent of database at the firewall (no special proxies reqd) 2) always connects at known port on firewall 3) no external access to the database 4) it's simple 5) probably other things I can't think of right now Disadvantages? 1) need to modify the external CGI scripts or replace them with a generic one that does GET/POST through the firewall 2) no one has written any of this yet 3) prbably others Comments? Colin From owner-firewalls-outgoing Wed Apr 2 14:42:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA04964 for firewalls-outgoing; Wed, 2 Apr 1997 14:21:41 -0800 (PST) Received: from mailgate.Cadence.COM (mailgate.Cadence.COM [158.140.2.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id OAA04956 for ; Wed, 2 Apr 1997 14:21:36 -0800 (PST) Received: (from smap@localhost) by mailgate.Cadence.COM (8.6.8/8.6.8) id OAA01765 for ; Wed, 2 Apr 1997 14:22:25 -0800 Received: from jewels.cadence.com(158.140.32.165) by mailgate.cadence.com via smap (V1.0mjr) id sma860019744.001761; Wed Apr 2 14:22:24 1997 Received: (from julian@localhost) by jewels.Cadence.COM (8.6.8/8.6.8) id OAA24631 for firewalls@GreatCircle.COM; Wed, 2 Apr 1997 14:22:23 -0800 Date: Wed, 2 Apr 1997 14:22:23 -0800 From: Julian Gordon Message-Id: <199704022222.OAA24631@jewels.Cadence.COM> To: firewalls@GreatCircle.COM Subject: libraries Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: L2Nl9HFSI+4Cqsj6oH5p4w== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I am looking for solaris versions of the fwtk.a and auth.a libraries. Anyone have a spare copy floating around? Thanks, Julian *************************************************************** Julian Gordon Unix System Administration Present Contract: Permanent Address: Cadence Design Systems, Inc. ToLife Net (408) 428-5762 (408) 838-7036 julian@Cadence.COM jewels@well.com "Miracles are seen in Light" Course in Miracles From owner-firewalls-outgoing Wed Apr 2 14:59:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA06794 for firewalls-outgoing; Wed, 2 Apr 1997 14:39:12 -0800 (PST) Received: from sss00205.schwab.com (sss00205.schwab.com [162.93.15.188]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA06734 for ; Wed, 2 Apr 1997 14:38:59 -0800 (PST) Received: (from uucp@localhost) by sss00205.schwab.com (8.7.6/8.7.3) id OAA02933 for ; Wed, 2 Apr 1997 14:41:03 -0800 (PST) Received: from s0743dev(162.93.239.70) by sss00205.schwab.com via smap (V3.1.1) id xma002864; Wed, 2 Apr 97 14:40:27 -0800 Received: (from root@localhost) by s0743dev.schwab.com (8.8.2/8.7.3) id RAA06558 for firewalls@greatcircle.com; Wed, 2 Apr 1997 17:45:10 -0500 (EST) Received: from n1100smx.nt.schwab.com by s0743dev.schwab.com (8.8.2/SMI-SVR4) id RAA06534; Wed, 2 Apr 1997 17:45:08 -0500 (EST) Received: by n1100smx.nt.schwab.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC3F73.C983AC90@n1100smx.nt.schwab.com>; Wed, 2 Apr 1997 14:40:19 -0800 Message-ID: From: "Ricardo, Ray" To: "'firewalls@greatcircle.com'" Cc: "Ricardo, Ray" Subject: Port 781 Date: Wed, 2 Apr 1997 14:40:18 -0800 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've been seeing alert messages coming from my Internet router with a source port of 781. I'm not certain if it is UDP, TCP or ICMP messages. Does anyone know what this port is being used for? Thnaks. From owner-firewalls-outgoing Wed Apr 2 15:42:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13484 for firewalls-outgoing; Wed, 2 Apr 1997 15:35:08 -0800 (PST) Received: from noc.belwue.de (noc.BelWue.DE [129.143.2.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA13421 for ; Wed, 2 Apr 1997 15:34:53 -0800 (PST) Received: from ruscdrom.rus.uni-stuttgart.de (ruscdrom.rus.uni-stuttgart.de [129.69.235.40]) by noc.belwue.de (8.8.5/8.8.5) with SMTP id BAA07585; Thu, 3 Apr 1997 01:35:39 +0200 (MET DST) Received: by ruscdrom.rus.uni-stuttgart.de (AIX 3.2/UCB 5.64/4.03) id AA12193; Thu, 3 Apr 1997 01:35:21 +0200 Message-Id: <9704022335.AA12193@ruscdrom.rus.uni-stuttgart.de> Subject: Re: Port 781 To: Ray.Ricardo@Schwab.COM (Ricardo, Ray) Date: Thu, 3 Apr 1997 01:35:21 +0200 (MES) Cc: firewalls@GreatCircle.COM, Ray.Ricardo@Schwab.COM In-Reply-To: from "Ricardo, Ray" at Apr 2, 97 02:40:18 pm From: Helmut Springer Organization: Stuttgart University, FRG X-Pgp-Fingerprint: AE 42 C3 2C A1 3E 55 6D B3 AC 3C D2 F3 CF FF E7 X-Phone: +49 711 685-2003q X-Fax: +49 711 685-2043 X-Mailer: ELM [version 2.4 PL25 PGP6] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Ricardo, Ray wrote: > I've been seeing alert messages coming from my Internet router with a > source port of 781. I'm not certain if it is UDP, TCP or ICMP messages. > Does anyone know what this port is being used for? hp-collector 781/tcp # HP Perf. Data Collector hp-collector 781/udp # HP Perf. Data Collector enjoy delta -- helmut 'delta' springer Unix/Net Consulting, InfoSystems, StudBox delta@RUS.Uni-Stuttgart.DE Stuttgart University, FRG http://home.pages.de/~delta/ phone : +49 711 685-2003 "Freedom's just another word for FAX : +49 711 685-2043 nothing left to lose" Kris Kristofferson From owner-firewalls-outgoing Wed Apr 2 16:19:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA17842 for firewalls-outgoing; Wed, 2 Apr 1997 16:02:02 -0800 (PST) Received: from chaos.coredcs.com (chaos.coredcs.com [198.150.193.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA17834 for ; Wed, 2 Apr 1997 16:01:57 -0800 (PST) Received: (from jleu@localhost) by chaos.coredcs.com (8.8.5/8.6.12) id SAA17293 for firewalls@greatcircle.com; Wed, 2 Apr 1997 18:03:05 -0600 From: "James R. Leu" Message-Id: <199704030003.SAA17293@chaos.coredcs.com> Subject: port forwarding and masq To: firewalls@greatcircle.com Date: Wed, 2 Apr 1997 18:03:04 -0600 (CST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I was wondering if anyone would know if this following setup can be created with ipfwadm on Linux: A = Firewall B = Destination host within the firewall C = Source host outside of the firewall Valid Net Hidden Net addresses addresses |C|--------|A|------------|B| Incoming: --------- Host C sends a packet dest for Host A port 23. Host A translates the incoming request and forwards the packet to Host B port 23. Outgoing: --------- Host B sends a packet to Host C. Host A would masquerade for Host B. Jim -- James R. Leu Network Administrator CORE Digital Communication Services jleu@coredcs.com From owner-firewalls-outgoing Wed Apr 2 16:21:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA19311 for firewalls-outgoing; Wed, 2 Apr 1997 16:12:36 -0800 (PST) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA19228 for ; Wed, 2 Apr 1997 16:12:21 -0800 (PST) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id TAA30581; Wed, 2 Apr 1997 19:12:33 -0500 Date: Wed, 2 Apr 1997 19:12:32 -0500 (EST) From: Todd Graham Lewis To: Colin Campbell cc: firewalls@GreatCircle.COM Subject: Re: web servers, databases and firewalls - a solution? In-Reply-To: <199704022145.HAA12028@guru.citec.qld.gov.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 3 Apr 1997, Colin Campbell wrote: > The growing number of questions and lack of solutions regarding > firewalls between web servers and databases got me thinking. > > Why not put the CGI guts inside the firewall? (...) > This has a number of advantages: > > 1) independent of database at the firewall (no special proxies reqd) True enough. > 2) always connects at known port on firewall Why is this important? Wouldn't simply allowing web access through the firewall do the same thing? > 3) no external access to the database Hmm. tcp-wrapping access would do much the same thing, but this is a benefit. > 4) it's simple I don't always buy the "simpler ergo better" argument. > Disadvantages? > > 1) need to modify the external CGI scripts or replace them with a > generic one that does GET/POST through the firewall 4) CGIs are the single greatest security hole in modern IP servers. I, for one, would lean towards giving your web server limited access to the database (most of which have pretty decent ACL capabilities, even if their overall security, esp. in the network context, suckxs rocks), so you can give your CGI machine limited access into the database. If your CGI machine is compromised, then it has limited rights on the database. If it's behind the firewall, then if it's compromised then your hacker has access to your protected network. Snoop a few passwords as people log into the database (in cleartext, of course, groan) and bam, he has the keys to the kingdom. If you leave CGI outside, then the most significant security failure point has limited access to your goodies; ergo your exposure is limited. If you put CGI inside, then it serves as a conduit past your security controls; ergo your exposure is potentially unlimited. Sure, it's more complex to get database access through your firewall, but it's more secure. (Viz. my comment above about distrusting the "simpler is better" axiom.) I would reccommend the former course of action. __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Wed Apr 2 17:06:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id RAA27139 for firewalls-outgoing; Wed, 2 Apr 1997 17:00:25 -0800 (PST) Received: from f15.hotmail.com (F15.hotmail.com [207.82.250.26]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA26939 for ; Wed, 2 Apr 1997 16:59:55 -0800 (PST) Received: (from root@localhost) by f15.hotmail.com (8.7.5/8.7.3) id RAA27166; Wed, 2 Apr 1997 17:01:17 -0800 (PST) Date: Wed, 2 Apr 1997 17:01:17 -0800 (PST) Message-Id: <199704030101.RAA27166@f15.hotmail.com> Received: from 203.120.56.34 by www.hotmail.com with HTTP; Wed, 02 Apr 1997 17:01:16 PST X-Originating-IP: [203.120.56.34] From: " Martin Khoo" To: pdmallya@Inf.COM, firewalls@greatcircle.com Cc: jkerr2@csc.com Subject: Re: Firewall Architecture for Web, Database Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Date: Wed, 02 Apr 1997 10:22:20 +0530 >From: "Prabhakar D. Mallya" >To: firewalls@greatcircle.com >Cc: John Kerr >Subject: Re: Firewall Architecture for Web, Database >John Kerr wrote: >> >> A customer of ours has asked about setting up a security architecture >> with the Firewall being the main focus. They would like to allow access >> into their Database inside of the Firewall opposed to having a Database >> Server that would sit outside the Firewall. They seem to be okay with >> having a Web server sitting outside the Firewall, so I don't see that as >> a problem. The problem that they are trying to avoid is having to copy >> or replicate the data to the Database Server (too time consuming). What >> are the dangers with adding a third interface to the Firewall and >> putting the Database on a seperate DMZ. It would look like this: >> >> Internet >> | >> | ---------- --------- >> | -Database- - Web - >> | ---------- --------- >> --------- | | >> - FW ------------------------------ >> --------- >> | >> | >> | >> Internal >> Network >> >> Rules would be put on the firewall to only allow external access from >> the internet to the DMZ. We would not allow any access from the DMZ >> into the internal Network. >> Any suggestions would be appreciated. >> Thanks >> John > >Hi, > >I'm faced with similar requirements, and I'm evaluating alternatives. My >analysis, so far, of this situation: > >1. The database server and the Web server are open to attack, wherever >you place them, because you want to allow external users to access them. > >2. The rationale for placing these servers in the DMZ is that even if >they are compromised, the rest of your network is still protected by the >firewall; the damage is contained to these servers. > To ensure that, your rules on the firewall must not permit any access from the DMZ to the internal network. >3. You can use the firewall to protect your Web & Database servers by >configuring it to reject all traffic between the Internet and the DMZ, >except HTTP browser traffic with the Web Server. The DataBase Server >should be accessible from the Web Server and from the Internal network. >Perhaps you could increase protection to the database server by placing >it on a fourth network segment connected to the firewall. > > Internet > | > ---------- | --------- > -Database- | - Web - > ---------- | --------- > | --------- | > ----------------- FW ------------------------ > --------- > | > | > | > Internal > Network > >4. You still have to protect your Web server - e.g., against malicious >CGI scripts. I think TIS (http://www.tis.com) have a product for Web >server protection. > The product is called ForceField, it is actually a modified version of the TIS Firewall Toolkit (FWTK) and is available for evaluation. >5. You still have to protect your database server - e.g., you need to >ensure that users, especially from the Web server, who access the >database server cannot access data they are not authorized to access. > I would assume that direct access to the DB server is not permitted; all forms of access should be via the Web server. You can rely on the access control provided by the RDBMS but it can get sticky depending on the type of access required. If the Web server is only going to query the DB server then things would be cleaner; if write access is needed then you have to be careful. Perhaps you may consider only putting a subset of your entire DB to be accessible by the Web and not the entire DB. If direct access to the DB via the Net (eg. Telnet or FTP) is required then you have to consider strong authentication mechanism eg. token-based or OTP-based. Regards Martin Khoo Senior IT Architect (Security & Cryptography) Information Infrastructure Group National Computer Board martin@nii.ncb.gov.sg ** Comments above are my personnal opinion and does not reflect the opnion of my organisation ** >I would be interested in further views/analysis/security holes/solutions >on this topic. > >Regards >-- >Prabhakar D. Mallya >Infosys Technologies, Bangalore, India >http://www.inf.com/ >e-mail: pdmallya@inf.com >phone: 91-80-8520261 xtn 1156 >fax: 91-80-8520348 > --------------------------------------------------------- Get Your *Web-Based* Free Email at http://www.hotmail.com --------------------------------------------------------- From owner-firewalls-outgoing Wed Apr 2 19:21:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA06566 for firewalls-outgoing; Wed, 2 Apr 1997 19:14:40 -0800 (PST) Received: from relay.rv.tis.com (relay.rv.tis.com [204.254.155.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id TAA06559 for ; Wed, 2 Apr 1997 19:14:36 -0800 (PST) Received: by relay.rv.tis.com; id WAA25085; Wed, 2 Apr 1997 22:27:59 -0500 (EST) Received: from jethou.rv.tis.com(204.254.155.12) by relay.rv.tis.com via smap (3.2) id xmab25077; Wed, 2 Apr 97 22:27:37 -0500 Message-Id: <3.0.1.32.19970402210710.006d75d0@pop.rv.tis.com> X-Sender: rick@pop.rv.tis.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Wed, 02 Apr 1997 21:07:10 -0500 To: Julian Gordon From: Rick Murphy Subject: Re: libraries Cc: firewalls@GreatCircle.COM In-Reply-To: <199704022222.OAA24631@jewels.Cadence.COM> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 02:22 PM 4/2/97 -0800, Julian Gordon wrote: >I am looking for solaris versions of the fwtk.a and auth.a >libraries. Anyone have a spare copy floating around? Use the source; any copy you get from the net should be presumed to be a carrier of a trojan horse. -Rick From owner-firewalls-outgoing Wed Apr 2 19:38:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA07801 for firewalls-outgoing; Wed, 2 Apr 1997 19:35:08 -0800 (PST) Received: from dax.sai.com (dax.sai.com [207.95.117.66]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id TAA07784 for ; Wed, 2 Apr 1997 19:35:03 -0800 (PST) Received: from dax.sai.com by dax.sai.com with smtp (Smail3.1.29.1 #2) id m0wCdI5-003q5JC; Wed, 2 Apr 97 22:34 EST Date: Wed, 2 Apr 1997 22:34:21 -0500 (EST) From: Darryl Wagoner To: Todd Graham Lewis cc: Colin Campbell , firewalls@GreatCircle.COM Subject: Re: web servers, databases and firewalls - a solution? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Check out FastCGI (http://www.fastcgi.com) it can have the fcgi client outside the firewall and the fcgi server on the inside. The server is feed from the client fcgi only the standard cgi stuff and only accept connections from the web server. I think it is the best of both worlds. It is also wicked fast! Anyone know of any risk using this method? -- Darryl Wagoner darryl@sai.com http://www.sai.com/ Office: 603.672.0736 Fax: 603-672-4846 Beware of self-styled experts: an ex is a has-been, and a spurt is a drip under pressure. From owner-firewalls-outgoing Wed Apr 2 19:47:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA06278 for firewalls-outgoing; Wed, 2 Apr 1997 19:09:10 -0800 (PST) Received: from unix1.sysnet.net (unix1.sysnet.net [206.142.32.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id TAA06271 for ; Wed, 2 Apr 1997 19:09:04 -0800 (PST) Received: from [206.142.16.53] (cppp4.sysnet.net [206.142.16.53]) by unix1.sysnet.net (8.8.5/8.6.12) with SMTP id AAA22356 for ; Thu, 3 Apr 1997 00:05:17 -0500 (EST) Message-Id: <199704030505.AAA22356@unix1.sysnet.net> Subject: Re: web servers, databases and firewalls - a solution? Date: Wed, 2 Apr 97 22:10:27 -0400 x-sender: patton@mail.sysnet.net x-mailer: Claris Emailer 1.1 From: Matthew Patton To: Mime-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Ok, I'm going to add my bandwidth-chewing 2cents worth. I liked Colin Campbell's post and we do something similar with our installation. The product we use is NetDynamics from Spider Technologies which is a Java based application server environment for database access. Put simply the diagram is thus: Outside | FW - Web Server (with application stub) | Internal Net | |-- Farm of application servers | Oracle or other database servers The only 'hole' between the DMZ and the internal net is a single port for the ND application stub to talk to the application server farm controller. This way we don't have to worry about the bouncing SQL*Net ports in a multi-threaded Oracle listener environment. It also keeps our application runtimes (java) on the inside. The concerns include somebody possibly being able to compromise the web server and then send commands down the open pipe. I'm pretty confident in my NT box's setup but only if I could get the blasted localSystem account to behave... That's another reason for moving the application servers to the internal network. They're mighty hard to get to. I do not know how ND would handle a stream of garbage. Neither do I know if one is able to craft a URL to somehow tamper with the backend servers as the URL get's passed thru the communication channel and acted upon. I am not a very enthusiastic supporter of NetDynamics, the product is FULL of bugs and not very good in handling runaway processes. The memory footprint of the java apps are HUGE, too. I've gotten off topic enough.... From owner-firewalls-outgoing Wed Apr 2 23:39:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA19977 for firewalls-outgoing; Wed, 2 Apr 1997 23:21:51 -0800 (PST) Received: from passport.cadrus.fr (passport.cadrus.fr [194.51.236.33]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA19968 for ; Wed, 2 Apr 1997 23:21:40 -0800 (PST) Received: by passport.cadrus.fr; Thu, 3 Apr 1997 09:22:10 +0200 (MET DST) Date: Thu, 3 Apr 1997 09:22:10 +0200 (MET DST) From: Eric SPESSOTTO Message-Id: <199704030722.JAA22321@passport.cadrus.fr> To: firewalls@greatcircle.com Subject: Patch for TIS X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm looking for a patch for TIS . This parch is for using ports 20 and 21 with ftpd because by default ftpd use port 20 and anyone between 1024-65535. Who knows it ? Eric From owner-firewalls-outgoing Wed Apr 2 23:55:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA20139 for firewalls-outgoing; Wed, 2 Apr 1997 23:27:09 -0800 (PST) Received: from mail.glink.net.hk (mail.glink.net.hk [202.72.0.38]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA20132 for ; Wed, 2 Apr 1997 23:27:02 -0800 (PST) From: ronnieng@glink.net.hk Received: from earth.glink.net.hk (earth [202.72.0.46]) by mail.glink.net.hk (8.8.5/8.8.5) with ESMTP id PAA04590 for ; Thu, 3 Apr 1997 15:26:38 +0800 (HKT) Received: (from ronnieng@localhost) by earth.glink.net.hk (8.8.5/8.8.5) id PAA19777 for Firewalls@GreatCircle.COM; Thu, 3 Apr 1997 15:26:36 +0800 (HKT) Date: Thu, 3 Apr 1997 15:26:36 +0800 (HKT) Message-Id: <199704030726.PAA19777@earth.glink.net.hk> To: Firewalls@GreatCircle.COM Subject: Any UDP traffic between client/server of PB or Sybase Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi guys, Dose somebody know any UDP traffic between client/server of PowerBuilder and Sybase/Open Client applications? I wonder how I can allow UDP traffic with maximum security in the following config. Sybase/Open Client PowerBuilder/Sybase or ----> Firewall-1 ----> Servers PowerBuilder Appl client Best regards, Ronnie From owner-firewalls-outgoing Thu Apr 3 00:08:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA20585 for firewalls-outgoing; Wed, 2 Apr 1997 23:43:14 -0800 (PST) Received: from relay-11.mail.demon.net (relay-11.mail.demon.net [194.217.242.137]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id XAA20564 for ; Wed, 2 Apr 1997 23:43:08 -0800 (PST) Received: from ntyne.demon.co.uk ([158.152.82.1]) by relay-11.mail.demon.net id aa1100846; 3 Apr 97 8:42 BST Date: Wed, 2 Apr 1997 14:39:14 GMT From: Greg Taylor Reply-To: gtaylor@ntyne.demon.co.uk Message-Id: <1574@ntyne.demon.co.uk> To: Firewalls@greatcircle.com Subject: Re: Firewall Architecture for Web, Database X-Mailer: FIMail V0.9d Lines: 75 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My fourpenthworth (and my first mailing - no flames please!! :-) ) John Kerr wrote: > > A customer of ours has asked about setting up a security architecture > with the Firewall being the main focus. They would like to allow access > into their Database inside of the Firewall opposed to having a Database > Server that would sit outside the Firewall. They seem to be okay with > having a Web server sitting outside the Firewall, so I don't see that as > a problem. The problem that they are trying to avoid is having to copy > or replicate the data to the Database Server (too time consuming). What > are the dangers with adding a third interface to the Firewall and > putting the Database on a seperate DMZ. It would look like this: > > Internet > | > | ---------- --------- > | -Database- - Web - > | ---------- --------- > --------- | | > - FW ------------------------------ > --------- > | > | > | > Internal > Network > I have been working on a similar problem trying to form an outer "enemy" zone, a secure inner zone but to add sufficent security to the devices in the DMZ (WWW server, DNS) to avoid denial of service attacks etc. Initial idea was a multiple NIC firewall but this adds considerably to the complexity. Plan 2 is to have two firewalls as follows: Internet ---> Firewall A ---> DMZ ------> Firewall B --> Internal Network | | SHIVA MODEMS | Defender | | Own remote users Firewall A permits only WWW (Port 80) and SMTP (Port 24). Firewall B permits WWW (for our Intranet), SMTP, FTP and Telnet (we are shifting all own contractors' remote access through the same firewall). There are also screening routers in front of Firewall A and between the DMZ and the SHIVA Modems. We are still messing with the actual firewall software choice. Likelihood is a pair of Gauntlets but also being considered is Gauntlet/TIS Toolkit on B and Firewall-1 on A. Much of this decision is based on existing knowledge. We are using Unix because we have lots of experience and other Unix systems. I will say though that we have also considered using NT on Firewall A simply to provide a greater variety of targets to be attacked but this is on hold pending getting further experience and training. Hope this helps. Greg. -- Project management is easy, deliver it late, spend lots of money, make sure it doesn't work. At least I think that's the normal way!!! Greg Taylor MBCS, FIAP gtaylor@ntyne.demon.co.uk Open Systems Programme Leader North Tyneside Council From owner-firewalls-outgoing Thu Apr 3 00:37:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA25134 for firewalls-outgoing; Thu, 3 Apr 1997 00:18:54 -0800 (PST) Received: from us0229.nomura.co.uk (us0229.nomura.co.uk [194.223.136.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id AAA25039 for ; Thu, 3 Apr 1997 00:18:36 -0800 (PST) From: steve.gailey@nomura.co.uk Received: by us0229.nomura.co.uk; id AA04011; Thu, 3 Apr 97 09:25:07 BST Received: from mailhub by us0229.nomura.co.uk via smap (V3.1) id xma003977; Thu, 3 Apr 97 09:24:58 +0100 Received: from by nomura.co.uk (5.x/SMI-SVR4) id AA28578; Thu, 3 Apr 1997 09:19:15 +0100 X-Openmail-Hops: 2 Date: Thu, 3 Apr 97 09:18:19 +0100 Message-Id: In-Reply-To: <199704030722.JAA22321@passport.cadrus.fr> Subject: Re: Patch for TIS To: Eric.Spessotto@cadrus.fr, firewalls@greatcircle.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I presume you are refering to Gauntlet and not the toolkit. Gauntlet 3.2 fixes the problem so upgrade if that is an option, otherwise you can hard code it in the FTP proxy. Steve ______________________________ Reply Separator _________________________________ Subject: Patch for TIS Author: firewalls-owner (firewalls-owner@GreatCircle.COM) at unixmail Date: 4/3/97 7:22 AM I'm looking for a patch for TIS . This parch is for using ports 20 and 21 with ftpd because by default ftpd use po rt 20 and anyone between 1024-65535. Who knows it ? Eric From owner-firewalls-outgoing Thu Apr 3 01:22:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA29518 for firewalls-outgoing; Thu, 3 Apr 1997 01:05:05 -0800 (PST) Received: from passport.cadrus.fr (passport.cadrus.fr [194.51.236.33]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA29437 for ; Thu, 3 Apr 1997 01:04:27 -0800 (PST) Received: by passport.cadrus.fr; Thu, 3 Apr 1997 11:04:22 +0200 (MET DST) Date: Thu, 3 Apr 1997 11:04:22 +0200 (MET DST) From: Eric SPESSOTTO Message-Id: <199704030904.LAA07568@passport.cadrus.fr> To: steve.gailey@nomura.co.uk, firewalls@greatcircle.com Subject: Re: Patch for TIS X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >> > I presume you are refering to Gauntlet and not the toolkit. Gauntlet > 3.2 fixes the problem so upgrade if that is an option, otherwise you > can hard code it in the FTP proxy. I refering to toolkit not Gauntlet. Do you know this patch ?? Eric From owner-firewalls-outgoing Thu Apr 3 01:36:50 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA02586 for firewalls-outgoing; Thu, 3 Apr 1997 01:27:36 -0800 (PST) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id BAA02569 for ; Thu, 3 Apr 1997 01:27:30 -0800 (PST) Received: from Asia.Sun.COM ([129.158.1.1]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id BAA10923 for ; Thu, 3 Apr 1997 01:33:46 -0800 Received: from ruby5.Asia.Sun.COM by Asia.Sun.COM (SMI-8.6/SMI-5.3) id RAA08142; Thu, 3 Apr 1997 17:32:16 +0800 Received: from sunps2.Asia.Sun.COM by ruby5.Asia.Sun.COM (SMI-8.6/SMI-SVR4) id RAA25395; Thu, 3 Apr 1997 17:27:39 +0800 Received: by sunps2.Asia.Sun.COM (SMI-8.6/SMI-SVR4) id RAA09955; Thu, 3 Apr 1997 17:30:15 +0800 Date: Thu, 3 Apr 1997 17:30:15 +0800 From: Ronnie.Ng@Asia.Sun.COM (Ronnie Ng - Sun PS Project Engineer) Message-Id: <199704030930.RAA09955@sunps2.Asia.Sun.COM> To: firewalls-digest@GreatCircle.COM Subject: Any UDP traffic between client/server of PB or Sybase Cc: Ronnie.Ng@Asia.Sun.COM X-Sun-Charset: US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi guys, Dose somebody know any UDP traffic between client/server of PowerBuilder and Sybase/Open Client applications? I wonder how I can allow UDP traffic with maximum security in the following config. Sybase/Open Client PowerBuilder/Sybase or ----> Firewall-1 ----> Servers PowerBuilder Appl client Best regards, Ronnie From owner-firewalls-outgoing Thu Apr 3 02:57:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA13396 for firewalls-outgoing; Thu, 3 Apr 1997 02:41:51 -0800 (PST) Received: from wall.pwa.co.in ([206.103.11.183]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id CAA13388 for ; Thu, 3 Apr 1997 02:41:40 -0800 (PST) From: Sandeep_Talwar@INDIA.notes.pwa.co.in Received: from notes.pwa.co.in (notes.pwa.co.in [126.0.0.180]) by wall.pwa.co.in (8.6.12/8.6.12) with SMTP id UAA20137 for ; Wed, 2 Apr 1997 20:18:55 +0500 Received: by notes.pwa.co.in(Lotus SMTP MTA Release 1.0) id 6525646E.003B03EC ; Thu, 3 Apr 1997 16:14:36 +300500 X-Lotus-FromDomain: INDIA @ INTERNET To: Firewalls@GreatCircle.COM Message-ID: <6525646E:003A7F22.00@notes.pwa.co.in> Date: Thu, 3 Apr 1997 16:15:26 +300500 Subject: Re: Firewalls-Digest V6 #138 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a TIS tool-kit running on my Linux1.2.13 and I get thes messages repeatedly from kernal. my.hostname named[70] : recv from : Connection refused my.hostname inetd[68] : www/tcp server failing ( looping ), service terminated Could someone explain me what it means. secondly the http-proxy at the most caters to I presume upto three clients for proxy , others are told that server is down try contacting later. Thanks in advance From owner-firewalls-outgoing Thu Apr 3 03:06:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA14156 for firewalls-outgoing; Thu, 3 Apr 1997 02:56:25 -0800 (PST) Received: from relay.eunet.pt (relay.EUnet.pt [193.126.4.65]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA14122 for ; Thu, 3 Apr 1997 02:56:04 -0800 (PST) Received: from mail.bvl.pt (uucp@localhost) by relay.eunet.pt (8.7.5/8.7.3) with UUCP id LAA09170 for firewalls-digest@GreatCircle.COM; Thu, 3 Apr 1997 11:56:53 +0100 (WET DST) Received: from mail.bvl.pt by jessica.bvl.pt with SMTP id AA06214 (5.65c/IDA-1.4.4 for ); Thu, 3 Apr 1997 10:40:02 GMT Received: by mail.bvl.pt with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BC4025.2740D860@mail.bvl.pt>; Thu, 3 Apr 1997 11:49:57 +0100 Message-Id: From: =?iso-8859-1?Q?Ant=F3nio_Vasconcelos?= To: "'firewalls-digest@GreatCircle.COM'" , "'Ronnie.Ng@Asia.Sun.COM'" Subject: RE: Any UDP traffic between client/server of PB or Sybase Date: Thu, 3 Apr 1997 11:49:56 +0100 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >---------- >From: Ronnie.Ng@Asia.Sun.COM[SMTP:Ronnie.Ng@Asia.Sun.COM] >Sent: quinta-feira, 3 de abril de 1997 10:30 >To: firewalls-digest@GreatCircle.COM >Cc: Ronnie.Ng@Asia.Sun.COM >Subject: Any UDP traffic between client/server of PB or Sybase > >Hi guys, > >Dose somebody know any UDP traffic between client/server of = PowerBuilder and >Sybase/Open Client applications? There is *NO* UDP trafic. Open Client or PB access the Sybase server using a single TCP port. However, if your clients are using DNS to get the server's IP addr you'll have to open up the firewall to udp traffic. That or configure the client's Open Client with static IP addrs. --=20 Ant=F3nio Vasconcelos DTSI: Redes Locais e Comunica=E7=F5es BOLSA DE VALORES DE LISBOA | Tel: (+351) 1 790-0000 | Edf. da Bolsa | Fax: (+351) 1 795-2026 | R. Soeiro Pereira Gomes -------------------------- 1600 LISBOA PORTUGAL From owner-firewalls-outgoing Thu Apr 3 03:41:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA17520 for firewalls-outgoing; Thu, 3 Apr 1997 03:18:54 -0800 (PST) Received: from lexicon.ins.com (lexicon.ins.com [199.0.193.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA17010 for ; Thu, 3 Apr 1997 03:18:10 -0800 (PST) Received: from martin_d.ins.com (unknown-42-195.dialcall.com [170.206.42.195]) by lexicon.ins.com (8.7.5/8.7.3) with SMTP id DAA17378; Thu, 3 Apr 1997 03:19:02 -0800 (PST) Message-Id: <3.0.32.19970403061829.0069c1e8@lexicon.ins.com> X-Sender: martin_d@lexicon.ins.com X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 03 Apr 1997 06:18:32 -0500 To: "Ricardo, Ray" , "'firewalls@greatcircle.com'" From: "Darwin L. Martinez" Subject: Re: Port 781 Cc: "Ricardo, Ray" Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Port 781 is used by an app called hp-collector, which I believe is relevant to AIX. It can be UDP or TCP based. At 02:40 PM 4/2/97 -0800, Ricardo, Ray wrote: >I've been seeing alert messages coming from my Internet router with a >source port of 781. I'm not certain if it is UDP, TCP or ICMP messages. >Does anyone know what this port is being used for? > >Thnaks. > > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Darwin L. Martinez Client: 770-825-9783 Network Systems Engineer Pager: 888-346-1320 (Numeric) International Network Services Pager: 800-INS-1-INS (Text) SouthEast Region Office: 770-641-3660 0000,8080,8080Email: darwin_martinez@ins.com INS Website: 0000,8080,8080< "0000,8080,8080Providing the Power of Operable Networks" ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ From owner-firewalls-outgoing Thu Apr 3 04:06:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id EAA22609 for firewalls-outgoing; Thu, 3 Apr 1997 04:01:11 -0800 (PST) Received: from wall.pwa.co.in ([206.103.11.183]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id EAA22602 for ; Thu, 3 Apr 1997 04:01:01 -0800 (PST) From: Sandeep_Talwar@INDIA.notes.pwa.co.in Received: from notes.pwa.co.in (notes.pwa.co.in [126.0.0.180]) by wall.pwa.co.in (8.6.12/8.6.12) with SMTP id VAA21023 for ; Wed, 2 Apr 1997 21:38:15 +0500 Received: by notes.pwa.co.in(Lotus SMTP MTA Release 1.0) id 6525646E.004245CF ; Thu, 3 Apr 1997 17:33:52 +300500 X-Lotus-FromDomain: INDIA @ INTERNET To: Firewalls@GreatCircle.COM Message-ID: <6525646E:003A7F22.00@notes.pwa.co.in> Date: Thu, 3 Apr 1997 17:34:26 +300500 Subject: Firewalls-Digest V6 #138 Mime-Version: 1.0 Content-type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I have a TIS tool-kit running on my Linux1.2.13 and I get thes messages repeatedly from kernal. my.hostname named[70] : recv from : Connection refused my.hostname inetd[68] : www/tcp server failing ( looping ), service terminated Could someone explain me what it means. secondly the http-proxy at the most caters to I presume upto three clients for proxy , others are told that server is down try contacting later. Thanks in advance From owner-firewalls-outgoing Thu Apr 3 05:36:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA00300 for firewalls-outgoing; Thu, 3 Apr 1997 05:32:25 -0800 (PST) Received: from relay-7.mail.demon.net (relay-7.mail.demon.net [194.217.242.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id FAA00291 for ; Thu, 3 Apr 1997 05:32:16 -0800 (PST) Received: from ntyne.demon.co.uk ([158.152.82.1]) by relay-5.mail.demon.net id aa0509505; 3 Apr 97 14:17 BST Date: Thu, 3 Apr 1997 14:10:35 GMT From: Greg Taylor Reply-To: gtaylor@ntyne.demon.co.uk Message-Id: <1586@ntyne.demon.co.uk> To: firewalls@greatcircle.com Subject: Re: Firewall Architecture for Web, Database X-Mailer: FIMail V0.9d Lines: 77 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My fourpenthworth (and my first mailing - no flames please!! :-) ) John Kerr wrote: > > A customer of ours has asked about setting up a security architecture > with the Firewall being the main focus. They would like to allow access > into their Database inside of the Firewall opposed to having a Database > Server that would sit outside the Firewall. They seem to be okay with > having a Web server sitting outside the Firewall, so I don't see that as > a problem. The problem that they are trying to avoid is having to copy > or replicate the data to the Database Server (too time consuming). What > are the dangers with adding a third interface to the Firewall and > putting the Database on a seperate DMZ. It would look like this: > > Internet > | > | ---------- --------- > | -Database- - Web - > | ---------- --------- > --------- | | > - FW ------------------------------ > --------- > | > | > | > Internal > Network > I have been working on a similar problem trying to form an outer "enemy" zone, a secure inner zone but to add sufficent security to the devices in the DMZ (WWW server, DNS) to avoid denial of service attacks etc. Initial idea was a multiple NIC firewall but this adds considerably to the complexity. Plan 2 is to have two firewalls as follows: Internet ---> Firewall A ---> DMZ ------> Firewall B --> Internal Network | | SHIVA MODEMS | Defender | | Own remote users Firewall A permits only WWW (Port 80) and SMTP (Port 24). Firewall B permits WWW (for our Intranet), SMTP, FTP and Telnet (we are shifting all own contractors' remote access through the same firewall). There are also screening routers in front of Firewall A and between the DMZ and the SHIVA Modems. We are still messing with the actual firewall software choice. Likelihood is a pair of Gauntlets but also being considered is Gauntlet/TIS Toolkit on B and Firewall-1 on A. Much of this decision is based on existing knowledge. We are using Unix because we have lots of experience and other Unix systems. I will say though that we have also considered using NT on Firewall A simply to provide a greater variety of targets to be attacked but this is on hold pending getting further experience and training. Hope this helps. Greg. -- Project management is easy, deliver it late, spend lots of money, make sure it doesn't work. At least I think that's the normal way!!! Greg Taylor MBCS, FIAP gtaylor@ntyne.demon.co.uk Open Systems Programme Leader North Tyneside Council From owner-firewalls-outgoing Thu Apr 3 05:55:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA00473 for firewalls-outgoing; Thu, 3 Apr 1997 05:37:25 -0800 (PST) Received: from bastion.s-1.com (BASTION.FIVEPACES.COM [204.130.55.230]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA00456 for ; Thu, 3 Apr 1997 05:37:09 -0800 (PST) Received: from UNKNOWN [10.1.1.10] by bastion.s-1.com for id IAA02942; Thu Apr 3 08:37:51 1997 Received: from tick.s-1.com by wine.s-1.com with ESMTP (1.39.111.2/16.2) id AA106394568; Thu, 3 Apr 1997 08:36:08 -0500 Received: from wine.s-1.com (rlanders@localhost [127.0.0.1]) by tick.s-1.com (8.7.5/8.7.3) with ESMTP id IAA18626; Thu, 3 Apr 1997 08:37:24 -0500 Message-Id: <199704031337.IAA18626@tick.s-1.com> X-Mailer: exmh version 2.0gamma 1/24/96 Subject: Re: Microsoft ULS/ILS through a firewall In-Reply-To: Your message of "Tue, 01 Apr 1997 00:02:19 +0100." <97Apr1.000230gmt+0100.15235-5@fw.adm.nord.eunet.no> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 03 Apr 1997 08:37:23 -0500 To: Cato Antonsen From: Renee Landers Cc: firewalls@greatcircle.com, rlanders@s-1.com Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I researched this last fall, and this is what I figured out: Microsoft Net Meeting can be downloaded from http://www.microsoft.com. It runs on Windows 95 or Windows NT. Microsoft User Location Server can also be downloaded from http://www.microsoft.com. It runs only on Windows NT Server with IIS running. Net Meeting can be configured to use either TCP/IP or IPX. We tested it using TCP/IP. Net Meeting listens on TCP port 1503. When a connection is made from another client, all data is passed between clients using TCP except for audio data, which uses UDP. The ULS listens on port 522, and makes use of the http server (Microsoft's IIS) to transfer data to the Net Meeting client. We did not test the ULS application, nor did we connect to the existing ULS servers on the 'Net. When a Net Meeting client registers with a ULS, it apparently sends its information (the username, company name, etc) to the ULS, which dynamically keeps track of who is using Net Meeting (= who has registered with the ULS). When you log off, or end your Net Meeting session, presumably, your client sends a logout to the ULS, which removes it from its lists. The ULS is purely a user directory service. It does not proxy connections from one client to another. It merely provides clients with information on how to contact other clients. Net Meeting conferences can be conducted between clients with no intervention from a ULS. For the audio portion of NetMeeting to be proxied, you have to use a UDP proxy. We did not look at that. -------------- So, the short answer is: To proxy NetMeeting traffic, you have to pass TCP/IP connections on port 1503 through, probably in both directions, unless you want to restrict it so that connections can only be made FROM your internal network, or something like that. I believe that the UDP portion (audio data) also uses port 1503. To allow your internal clients to connect to a ULS you have to allow outbound traffic to TCP port 522. If you are running a ULS and want people to be able to connect to it, you have to allow inbound traffic on TCP port 522. Obviously, there are some pretty serious security issues, first with opening up another hole in the firewall/router, and second with the applications themselves. I haven't played with NetMeeting enough to have a tenable opinion on whether it's dangerous, although I suspect that it is. Renee -- *--------------------------------------------------------------------* | Renee Landers network security division | | Security Consultant Security First Technologies | | rlanders@s-1.com 3390 Peachtree Road, Suite 1700 | | (404) 812-6640 Atlanta, GA 30326-1108 | *--------------------------------------------------------------------* From owner-firewalls-outgoing Thu Apr 3 07:16:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA05743 for firewalls-outgoing; Thu, 3 Apr 1997 06:56:22 -0800 (PST) Received: from email.gcn.net.tw ([203.77.2.139]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA05735 for ; Thu, 3 Apr 1997 06:56:14 -0800 (PST) Received: from [203.65.191.104] by email.gcn.net.tw (AIX 4.1/UCB 5.64/4.03) id AA34076; Thu, 3 Apr 1997 22:55:33 +0800 Message-Id: <31614110.175D@email.gcn.net.tw> Date: Tue, 02 Apr 1996 23:00:32 +0800 From: Farmer Tien Reply-To: ftien@email.gcn.net.tw Organization: IBM Taiwan X-Mailer: Mozilla 3.01 (Win95; I) Mime-Version: 1.0 To: firewalls@greatcircle.com Subject: MS Netmeeting Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, all: How do we set the firewall configure to permit the NetMeeting traffic without any security issue !! Thanks -- Farmer Tien IBM Taiwan RS/6000 System Service Representative TEL: 886-2-7259359 FAX: 886-2-7201499 206, Sec. 1, Keelung Rd., Taipei Taiwan, R.O.C. From owner-firewalls-outgoing Thu Apr 3 07:40:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA05884 for firewalls-outgoing; Thu, 3 Apr 1997 06:58:04 -0800 (PST) Received: from sage.Tri-Sage.COM (tpa-206-41-182-5.ThoughtPort.COM [206.41.182.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA05857 for ; Thu, 3 Apr 1997 06:57:53 -0800 (PST) Received: from jon.cypher-sage.com by sage.Tri-Sage.COM with SMTP (?/BK-2.3.1) id IAA07406; Thu, 3 Apr 1997 08:56:45 -0600 Received: by jon.cypher-sage.com with Microsoft Mail id <01BC400B.CF411C60@jon.cypher-sage.com>; Thu, 3 Apr 1997 08:48:32 -0600 Message-ID: <01BC400B.CF411C60@jon.cypher-sage.com> From: Jon Tegethoff To: "firewalls@greatCircle.com" Subject: RE: NT security Date: Thu, 3 Apr 1997 08:48:31 -0600 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Sight correction. The url should be http://www.iss.net Jon ---------- From: David Harvey-George[SMTP:david@threewiz.demon.co.uk] Sent: Tuesday, April 01, 1997 1:02 PM To: firewalls@greatCircle.com; Valery Brasseur Subject: Re: NT security ISS seems quite good (http://www.iss.com/) but doesn't include a lot of the recent NT holes. You could check out http://www.ntsecurity.net and http://www.ntsecurity.com (two different sites). regards, David From owner-firewalls-outgoing Thu Apr 3 08:51:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA14785 for firewalls-outgoing; Thu, 3 Apr 1997 08:14:10 -0800 (PST) Received: from emout11.mail.aol.com (emout11.mx.aol.com [198.81.11.26]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA14771 for ; Thu, 3 Apr 1997 08:14:06 -0800 (PST) From: BPobric@aol.com Received: (from root@localhost) by emout11.mail.aol.com (8.7.6/8.7.3/AOL-2.0.0) id LAA13422; Thu, 3 Apr 1997 11:14:56 -0500 (EST) Date: Thu, 3 Apr 1997 11:14:56 -0500 (EST) Message-ID: <970403111453_-736413622@emout11.mail.aol.com> To: ntsecurity@iss.net cc: firewalls@greatcircle.com Subject: PWDump and NTCrack20 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi there, I have attempted to use PWDump utilities. It did work but I have no idea where did it put the file and what is the file name. As far as I know, I need to know this file name in order to run NT Crack 2.0 . I would appreciate any help. Thanks Braco Pobric bpobric@aol.com From owner-firewalls-outgoing Thu Apr 3 08:58:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA15305 for firewalls-outgoing; Thu, 3 Apr 1997 08:19:42 -0800 (PST) Received: from halon.sybase.com (halon.sybase.com [192.138.151.33]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA15295 for ; Thu, 3 Apr 1997 08:19:36 -0800 (PST) Received: from smtp1.sybase.com (sybgate.sybase.com [130.214.220.35]) by halon.sybase.com (8.8.4/8.8.4) with SMTP id IAA02855 for ; Thu, 3 Apr 1997 08:23:24 -0800 (PST) Received: from notesgw2.sybase.com by smtp1.sybase.com (4.1/SMI-4.1/SybH3.5-030896) id AA25115; Thu, 3 Apr 97 08:21:18 PST Received: (from unixsvr1@localhost) by notesgw2.sybase.com (8.8.4/8.8.4) id IAA15377 for @sybgate.sybase.com:firewalls-digest@GreatCircle.COM; Thu, 3 Apr 1997 08:19:53 -0800 (PST) Message-Id: <199704031619.IAA15377@notesgw2.sybase.com> Received: by SybaseNotes (Lotus Notes Mail Gateway for SMTP V1.1) id D86CC969656CAF6D8825646E005A219B; Thu, 3 Apr 97 08:19:43 EDT To: =?iso-8859-1?Q?Ant=F3nio_Vasconcelos?= Cc: "'firewalls-digest@GreatCircle.COM'" , "'Ronnie.Ng@Asia.Sun.COM'" From: Ryan Russell/SYBASE Date: 3 Apr 97 8:25:42 EDT Subject: RE: Any UDP traffic between client/server of PB or Sybase X-Lotus-Type: Reply All Mime-Version: 1.0 Content-Type: Text/Plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I can confirm that. Ryan Russell Sybase Corporate Datacomunications ---------- Previous Message ---------- To: firewalls-digest, Ronnie.Ng cc: From: vasco @ mail.bvl.pt (=?iso-8859-1?Q?Ant=F3nio_Vasconcelos?=) @ smtp Date: 04/03/97 11:49:56 AM Subject: RE: Any UDP traffic between client/server of PB or Sybase >---------- >From: Ronnie.Ng@Asia.Sun.COM[SMTP:Ronnie.Ng@Asia.Sun.COM] >Sent: quinta-feira, 3 de abril de 1997 10:30 >To: firewalls-digest@GreatCircle.COM >Cc: Ronnie.Ng@Asia.Sun.COM >Subject: Any UDP traffic between client/server of PB or Sybase > >Hi guys, > >Dose somebody know any UDP traffic between client/server of PowerBuilder and >Sybase/Open Client applications? There is *NO* UDP trafic. Open Client or PB access the Sybase server using a single TCP port. However, if your clients are using DNS to get the server's IP addr you'll have to open up the firewall to udp traffic. That or configure the client's Open Client with static IP addrs. -- Antsnio Vasconcelos DTSI: Redes Locais e Comunicaîues BOLSA DE VALORES DE LISBOA | Tel: (+351) 1 790-0000 | Edf. da Bolsa | Fax: (+351) 1 795-2026 | R. Soeiro Pereira Gomes -------------------------- 1600 LISBOA PORTUGAL From owner-firewalls-outgoing Thu Apr 3 12:32:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA07167 for firewalls-outgoing; Thu, 3 Apr 1997 12:01:44 -0800 (PST) Received: from emout06.mail.aol.com (emout06.mx.aol.com [198.81.11.97]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA07141 for ; Thu, 3 Apr 1997 12:01:26 -0800 (PST) From: BPobric@aol.com Received: (from root@localhost) by emout06.mail.aol.com (8.7.6/8.7.3/AOL-2.0.0) id PAA14982; Thu, 3 Apr 1997 15:02:10 -0500 (EST) Date: Thu, 3 Apr 1997 15:02:10 -0500 (EST) Message-ID: <970403150134_-1537081752@emout06.mail.aol.com> To: pdmallya@inf.com cc: firewalls@greatcircle.com Subject: Re: Firewall Architecture for Web, Database Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Why dodn't you have database Server talk NetBui with Web Server. Install NetBui only, if possible, on the database server. Braco Pobric bpobric@aol.com From owner-firewalls-outgoing Thu Apr 3 12:32:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA07955 for firewalls-outgoing; Thu, 3 Apr 1997 12:12:00 -0800 (PST) Received: from exp2.is.xpark.pmh.org (exphub.is.xpark.pmh.org [198.215.78.104]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA07880 for ; Thu, 3 Apr 1997 12:11:37 -0800 (PST) Received: from localhost by exp2.is.xpark.pmh.org (AIX 3.2/UCB 5.64/4.03) id AA41397; Thu, 3 Apr 1997 14:12:07 -0600 Message-Id: <33440F17.353C@exphub.pmh.org> Date: Thu, 03 Apr 1997 14:12:07 -0600 From: "Cary Conover(IS) 13897" Organization: Parkland Memorial Hospital X-Mailer: Mozilla 3.01Gold (X11; I; AIX 2) Mime-Version: 1.0 To: Ziv Dascalu Cc: firewalls@GreatCircle.COM, mmozes@fujitsu.ca Subject: Re: RealAudio References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Ziv Dascalu wrote: > > --- On Mon, 31 Mar 97 10:36:00 PST mmozes@fujitsu.ca wrote: > > > > >Does anyone know the port number for RealAudio? > > > >Thanks, > > -----------------End of Original Message----------------- > > realAudio is 7070 TCP > > /ZIv > /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ > | A B I R N E T Active Network Protection http://www.AbirNet.com | > \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ Yes and the UDP return ports are 6970 - 7170. -- Cary D. Conover AIX Systems Administrator Senior Systems Analyst Parkland Health and Hospital System Dallas, Texas cconov@parknet.pmh.org (Work) carydc@why.net (Home) 817-571-6694 Home Voice / Ans. Mach. 817-571-6793 Home Data/Fax 817-360-8572 Mobile/Voice Mail/Pager 214-590-0244 Work Voice 214-786-0282 Pager 214-590-0202 Work Fax The views I express are mine and do not represent my employer. From owner-firewalls-outgoing Thu Apr 3 12:37:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA09130 for firewalls-outgoing; Thu, 3 Apr 1997 12:23:21 -0800 (PST) Received: from ce2usm.valparaiso.cl (ce2usm.valparaiso.cl [200.1.18.30]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA09113 for ; Thu, 3 Apr 1997 12:23:11 -0800 (PST) Received: (from edo@localhost) by ce2usm.valparaiso.cl (8.8.5/8.8.5edo+patch) id QAA22347; Thu, 3 Apr 1997 16:31:40 -0400 From: "Eduardo Romero U." Message-Id: <199704032031.QAA22347@ce2usm.valparaiso.cl> Subject: Re: Firewalls-Digest V6 #138 To: Sandeep_Talwar@INDIA.notes.pwa.co.in Date: Thu, 3 Apr 1997 16:31:39 -0400 (CST) Cc: firewalls@greatcircle.com In-Reply-To: <6525646E:003A7F22.00@notes.pwa.co.in> from "Sandeep_Talwar@INDIA.notes.pwa.co.in" at Apr 3, 97 05:34:26 pm Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > > > > > I have a TIS tool-kit running on my Linux1.2.13 and I get thes messages > repeatedly from kernal. > > my.hostname named[70] : recv from : Connection refused > my.hostname inetd[68] : www/tcp server failing ( looping ), service > terminated Check that the named is running in slave or master [ forward to another dns?] , and the www is probably that the http-proxy is the same with the www port [ try to call this port itself ] . I'm not sure , but could be a possibility. > > Could someone explain me what it means. > > secondly the http-proxy at the most caters to I presume upto three > clients for proxy , others are told that server is down try contacting > later. mmm.. proxy loops with web port.. > Thanks in advance > > Edo. Ren~aca - Chile From owner-firewalls-outgoing Thu Apr 3 13:01:27 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA01233 for firewalls-outgoing; Thu, 3 Apr 1997 12:57:27 -0800 (PST) Received: from dns1.tc.net (dns1.tc.net [208.205.78.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA01212 for ; Thu, 3 Apr 1997 12:57:20 -0800 (PST) Received: from UNKNOWN [208.205.78.200] by dns1.tc.net for id PAA12335; Thu Apr 3 15:55:38 1997 Received: (from doug@localhost) by ono.tc.net (8.7.6/8.7.3) id PAA22145; Thu, 3 Apr 1997 15:50:05 -0500 Subject: Measuring latency through a proxy firewall--tools? Date: 03 Apr 1997 15:50:05 -0500 Message-ID: Lines: 11 X-Mailer: Gnus v5.2.39/Emacs 19.34 To: firewalls@greatcircle.com From: Douglas McNaught Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I've been asked to provide a measurement of the additional packet latency imposed by our proxying firewall. Anybody know of some tools for this purpose, before I go and hack up some custom code? Free source code for Unix preferred... -Doug -- Doug McNaught Senior Network Engineer Premiere Communications Inc ----- doug@tc.net ----- ----- http://www.premierecomm.com/ ----- From owner-firewalls-outgoing Thu Apr 3 13:15:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA02033 for firewalls-outgoing; Thu, 3 Apr 1997 13:08:12 -0800 (PST) Received: from Axil.wave.co.nz (Axil.wave.co.nz [202.49.46.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA02026 for ; Thu, 3 Apr 1997 13:08:02 -0800 (PST) Received: from csespl.cse.co.nz (csespl.cse.co.nz [202.49.33.64]) by Axil.wave.co.nz (8.6.12/version) with SMTP id JAA20175 for ; Fri, 4 Apr 1997 09:03:59 +1200 Message-Id: <2.2.32.19970403210351.00efce1c@wave.co.nz> X-Sender: stevel@wave.co.nz X-Mailer: Windows Eudora Pro Version 2.2 (32) Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 04 Apr 1997 09:03:51 +1200 To: "firewalls@greatCircle.com" From: Steve Lang Subject: ICMP Source Quench and Port Unreachable attacks. Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi. I'm looking for information about current ICMP Source Quench, and Port Unreachable attacks that may be going on out there. Is there any information floating around?? Cheers - Steve Lang, Wave internet services, Hamilton Fax: +64-7-838-0977 Voice: +64-7-839-1291 or 0800-80-9283 EMail: stevel@cse.co.nz or slang@wave.co.nz From owner-firewalls-outgoing Thu Apr 3 13:34:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA02459 for firewalls-outgoing; Thu, 3 Apr 1997 13:12:42 -0800 (PST) Received: from netcom22.netcom.com (netcom22.netcom.com [192.100.81.136]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA02451 for ; Thu, 3 Apr 1997 13:12:36 -0800 (PST) Received: (from mwallace@localhost) by netcom22.netcom.com (8.6.13/Netcom) id NAA00447; Thu, 3 Apr 1997 13:10:48 -0800 Date: Thu, 3 Apr 1997 13:10:48 -0800 (PST) From: Matt Wallace Subject: Re: sendmail on firewall To: Todd Graham Lewis cc: Jon Spencer , Firewalls Mailing List In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Ditto. I've never heard of anyone using a kernel bug to compromise a system. I've heard of some buffer overrun problems at places in kernels, but it invariable corrupts everything and the machine crashes. On Wed, 19 Mar 1997, Todd Graham Lewis wrote: > What exactly do you mean by "the base" here? I can recall fairly few > instances where security on a unix system has been compromised due to > kernel bugs, per se. (Actually, I can think of none, but that's just me. > > > 3) The basic functions of an operating system, including the functions upon > > which firewall functionality is based, must be very high assurance, In theory, yes, this is all true. But it's very easy to poke holes in security as it is today, and not have anything else to replace it. For almost every company I've ever seen, it's not worth implementing a proprietary O/S, and multi-level security, in exchange for eliminating the "weaknesses" of the O/S. > > A firewall is a > > very complex thing, ESPECIALLY if you want it to really work. > > So, if a firewall is to work, it has to be complex? Bah. The more complex it is, the more holes you'll find. Simplicity is a good thing. > > Look for a very famous US gov't security agency to be going online with > > exactly this configuration this spring or early summer (using guess > > who's OS? :-) > > I seem to recall the famous US gov't doing many things. The wrenches in > my garage didn't cost $4,000, and they aren't made of titanium. They're > steel, and I bought them at a hardware store. You know what? My skill as > a mechanic and a 19-year-old airman's skill as a mechanic are still the > single most important factors in how well our machines run. Yes, and my hammer is not a "Manually Powered Hand-held Forcible Insertion Device". (Which may explain why the government's costs $40k) > I doubt that a mainstream firewall, call it Gauntlet or even the FWTK, if > properly configured by a competent administrator, could be broken. I'm > willing to set one up if someone else wants to try. This entire debate, > however, is becoming moot as, increasingly, it's much easier to lure > protected machines into downloading an ActiveX-based packet sniffer which > mails the results of its sniffing back through the firewall. It's always the same thing. Years ago, before firewalls were quite so mainstream, one of the easiest ways to get into a secure standalone system was still to mail a user a file, tell them it was a cool gif, and let them run it and load a listening socket with a shell behind it on a nice unpriveleged port. Why crack a machine when they'll open it up for you? > I really think that a lot of people are wasting a lot of money if they put > a B2 machine (or whatever) as their internet firewall. Turning off port > 80 will buy you a whole lot more security, and it's a lot cheaper. We're so dead set on advancing multimedia and having cute counter applets and scrolling bars, that we'll throw away security to rush into one little gimmick after another at breakneck speed. And you'll hear the whole time how it is "necessary" for half the people in a company to be able to get ActiveX sports scores. :P __ Matt Wallace From owner-firewalls-outgoing Thu Apr 3 14:34:27 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA08676 for firewalls-outgoing; Thu, 3 Apr 1997 14:01:34 -0800 (PST) Received: from gemcon.com (DNS2.GEMCON.COM [205.223.239.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA08623 for ; Thu, 3 Apr 1997 14:01:08 -0800 (PST) Received: by dns2.gemcon.com id <55334>; Thu, 3 Apr 1997 17:00:56 -0500 From: "Webb, Dean" To: BPobric@aol.com, pdmallya@inf.com Cc: firewalls@GreatCircle.COM Subject: RE: Firewall Architecture for Web, Database Date: Thu, 3 Apr 1997 16:59:10 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Message-Id: <97Apr3.170056est.55334@dns2.gemcon.com> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk NetBEUI is nice on a small LAN, but not on a big one. How big is the network being protected? If it's huge and/or subnetted, NetBEUI may not be feasible. IPX/SPX might actually be a good choice, as it is a routable, non-TCP/IP protocol. Unfortunately for both NetBEUI and IPX/SPX is that most businesses are going over to TCP/IP as the protocol of choice for the corporate network. If that's the case on this solution, then switching protocols would not be an option, appealing though it seems. (True, some readers may be thinking "file this stuff under DUH!" but I feel the need to respond with kindness and compassion.) Hope this helps, Dean Webb dwebb@capgemini.com > -----Original Message----- > From: BPobric@aol.com [SMTP:BPobric@aol.com] > Sent: Thursday, April 03, 1997 2:02 PM > To: pdmallya@inf.com > Cc: firewalls@GreatCircle.COM > Subject: Re: Firewall Architecture for Web, Database > > > Why dodn't you have database Server talk NetBui with Web Server. > Install > NetBui only, if possible, on the database server. > > Braco Pobric > bpobric@aol.com From owner-firewalls-outgoing Thu Apr 3 14:39:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA13087 for firewalls-outgoing; Thu, 3 Apr 1997 14:28:10 -0800 (PST) Received: from dns.wye.com ([38.219.43.43]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA13078 for ; Thu, 3 Apr 1997 14:28:04 -0800 (PST) Received: from wyent.wyepriv.com (wyent.wyepriv.com [192.168.0.25]) by dns.wye.com (8.8.5/8.8.5) with ESMTP id RAA12407 for ; Thu, 3 Apr 1997 17:25:43 -0500 Received: by wyent.wyepriv.com with Internet Mail Service (5.0.1457.3) id <2107XJ7Y>; Thu, 3 Apr 1997 17:26:30 -0500 Message-ID: <714A163EDA9ED01194DB0040339040C6010C42@wyent.wyepriv.com> From: Gregory Wilkins To: firewalls@GreatCircle.COM Subject: POP Server Date: Thu, 3 Apr 1997 17:26:28 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk How does one setup the firewall to accept a POP protocol. I have a POP Server on the inside of my firewall on a "private" network, and want my users to be able to use Eudora or something to connect to my POP server. I can not move the POP server to the outside of the firewall, since it is an NT Server that is utilized for file and print services. Now the tricky part...my external DNS knows NOTHING about my internal network and it's hosts...so if I can get a POP protcol to pass thru the firewall, how will Eudora know where to find the popserver w/o DNS lookup, since the IP Addresses on the internal network is "bogus"? Help???? From owner-firewalls-outgoing Thu Apr 3 15:09:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA13177 for firewalls-outgoing; Thu, 3 Apr 1997 14:28:42 -0800 (PST) Received: from gateway.interdyn.com (gateway.interdyn.com [205.226.36.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id OAA13120 for ; Thu, 3 Apr 1997 14:28:26 -0800 (PST) From: eristone@earthlink.net Message-Id: <199704032228.OAA13120@honor.greatcircle.com> Comments: Authenticated sender is >From: eristone@earthlink.net To: Steve Lang Date: Thu, 3 Apr 1997 14:30:33 -0800 MIME-Version: 1.0 Content-transfer-encoding: 7BIT Subject: Re: ICMP Source Quench and Port Unreachable attacks CC: firewalls@greatcircle.com X-mailer: Pegasus Mail for Win32 (v2.42) Received: from earthlink.net by gateway.interdyn.com; Thu, 3 Apr 1997 14:28 PST Content-Type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Hi. > >I'm looking for information about current ICMP Source Quench, and Port >Unreachable attacks that may be going on out there. > >Is there any information floating around?? Hi Steve, There's a program called "WinNewk" that has been floating around various irc circles now for the past couple of months - it's Windows based, and single-click. It makes it so that even your typical hacker-wanna-be can attack a system. (I'm surprised more info hasn't shown up in this list about this one). If you want, I can send you a copy of the program, so you can take a look at it. The defense against it (I think) is to filter icmp packets at the router... (hey - I'm not a security or networking expert - yet I'm not sure exactly how feasible that'd be to do, and I'm almost positive that someone here'll correct me [please flame at a low temperature, for 2-3 hours until golden brown] if I'm wrong). -- Mike "Eristone" Bryant II eristone@earthlink.net "All questions must be submitted in writing. Thank you for calling." - Willy Wonka From owner-firewalls-outgoing Thu Apr 3 15:23:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA18872 for firewalls-outgoing; Thu, 3 Apr 1997 15:09:39 -0800 (PST) Received: from speedy.burnt-sand.com (NS.BURNT-SAND.COM [204.209.115.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id PAA18801 for ; Thu, 3 Apr 1997 15:09:24 -0800 (PST) Received: by speedy.burnt-sand.com (950413.SGI.8.6.12/951211.SGI) for id QAA00931; Thu, 3 Apr 1997 16:03:26 -0700 Received: from ithilien(192.168.115.3) by speedy via smap (3.1) id xma000888; Thu, 3 Apr 97 16:03:05 -0700 Received: from oxygen ([192.168.115.136]) by ithilien.burnt-sand.com (Netscape Mail Server v2.02) with SMTP id AAA2681 for ; Thu, 3 Apr 1997 16:07:31 -0700 Message-ID: <3344379E.4A7B@burnt-sand.com> Date: Thu, 03 Apr 1997 15:05:02 -0800 From: "Thomas E. Alex" Organization: Burnt Sand Solutions Inc. X-Mailer: Mozilla 3.01SGoldC-SGI (X11; I; IRIX 6.3 IP32) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: PPTP Through Gauntlet Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Greetings, Has anyone attempted to configure a PPTP plug gateway throught Gauntlet? Does PPTP require udp traffic in addition to the tcp traffic? Thanks. -- Thomas Alex Burnt Sand Solutions Inc. Systems Specialist Phone: 403-262-3330 715, 734 7th Ave. S.W. thomas@burnt-sand.com Fax: 403-264-2044 Calgary, Alberta T2P 3P8 From owner-firewalls-outgoing Thu Apr 3 15:46:16 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA22683 for firewalls-outgoing; Thu, 3 Apr 1997 15:34:30 -0800 (PST) Received: from ra.nso.org (ra.nso.org [207.30.58.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA22655 for ; Thu, 3 Apr 1997 15:34:23 -0800 (PST) Received: from osiris (osiris.nso.org [207.30.58.40]) by ra.nso.org (post.office MTA v1.9.3 ID# 0-13592) with SMTP id AAA472 for ; Thu, 3 Apr 1997 18:35:40 -0500 Message-Id: <3.0.32.19970403183527.00954cd0@nso.org> X-Sender: noc@nso.org X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 03 Apr 1997 18:35:28 -0500 To: firewalls@greatcircle.com From: noc@nso.org (Network Operations Center) Subject: ISR Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk f.y.i. Internet Security Review is now accepting subscriptions (free) at http://www.isr.net The journal appears monthly. regards Bert From owner-firewalls-outgoing Thu Apr 3 16:18:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA29804 for firewalls-outgoing; Thu, 3 Apr 1997 16:10:33 -0800 (PST) Received: from fw2.mwcia.org (fw2.mwcia.org [206.9.85.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA29795 for ; Thu, 3 Apr 1997 16:10:24 -0800 (PST) Received: from pc (dialin1_local.mwcia.org [192.138.165.169]) by fw2.mwcia.org (8.8.5/8.8.5) with SMTP id SAA16021; Thu, 3 Apr 1997 18:12:39 -0600 Message-Id: <3.0.32.19970403181019.00954db0@fw2.mwcia.org> X-Sender: rwh@fw2.mwcia.org X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 03 Apr 1997 18:10:38 -0600 To: Gregory Wilkins , firewalls@GreatCircle.COM From: Richard Hoffbeck Subject: Re: POP Server Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 05:26 PM 4/3/97 -0500, Gregory Wilkins wrote: >How does one setup the firewall to accept a POP protocol. > >I have a POP Server on the inside of my firewall on a "private" network, >and want my users to be able to use Eudora or something to connect to my >POP server. > >I can not move the POP server to the outside of the firewall, since it >is an NT Server that is utilized for file and print services. > >Now the tricky part...my external DNS knows NOTHING about my internal >network and it's hosts...so if I can get a POP protcol to pass thru the >firewall, how will Eudora know where to find the popserver w/o DNS >lookup, since the IP Addresses on the internal network is "bogus"? Get the TIS fwtk and set up a plug-gw proxy. It can be configured to take any incoming traffic on port 110 on the firewall and pass it on the the internal server. Then set the external mail clients to use the firewall as the pop server. If you don't restrict it otherwise, and you have folks with laptops that need access from both inside and outside, the proxy will reflect the internal connections back to the NT pop server when they are 'at home'. We just finished testing this for our folks that travel, but we finally decided to use ssh to forward the connections through the firewall. That keeps the pop-mail passwords safe and also allows us to set up access for telnet, sql*net and so on. --rick +-----------------------------------------------------------------+ | Richard Hoffbeck phone: 612.636.4249 | | fax: 612.624.2196 | | Finger rwh@visi.com for PGP key : | | Fingerprnt = 1C DD 13 FB 11 1D E7 73 2F A1 9B 52 86 0F A2 2B | +-----------------------------------------------------------------+ From owner-firewalls-outgoing Thu Apr 3 16:30:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA29728 for firewalls-outgoing; Thu, 3 Apr 1997 16:09:58 -0800 (PST) Received: from haystack.com (mailserv.haystack.com [207.13.48.60]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id QAA29689 for ; Thu, 3 Apr 1997 16:09:46 -0800 (PST) Received: from satya.haystack.com by haystack.com (SMI-8.6/SMI-SVR4) id SAA08393; Thu, 3 Apr 1997 18:05:44 -0600 Received: from yabba by satya.haystack.com (SMI-8.6/SMI-SVR4) id SAA03086; Thu, 3 Apr 1997 18:07:34 -0600 Message-Id: <3.0.32.19970403175434.006c462c@satya> X-Sender: alisa@satya X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Thu, 03 Apr 1997 17:54:35 -0600 To: firewalls@greatcircle.com From: Alisa Nessler Subject: Haystack info Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Stuart Johnson's "tabloid" email yesterday is evidence that you can say anything you want without regard to truth or substance on the 'net! Here are the facts: Yes, there have been many changes at Haystack Labs. Most of this information is public and up on our Web site (www.haystack.com). Steve Smaha is still CEO of Haystack Labs. There's been no "removing" of him by the board (Steve's the Chairman). We issued a press release several weeks ago announcing that Jim Geary, former VP/marketing for Security Dynamics has joined HLI as president to augment our sales and marketing capabilities. I've also just joined the company as VP of marketing, and I'm located in Austin with our outstanding development and support staff. Haystack already has offices in California, New York, and Colorado, and we expect to add a Boston office this year too. As with many thriving software companies, we're always looking to augment our technical staff. (Fax your resume to 512-918-1265 if you think you're good!) I can't comment on issues with the Wheelgroup. Other comments relating to Steve Smaha threatening everyone are nonsense. Of all the incorrect items in this posting, it's the uninformed misrepresentation of our code that is most offensive. We have an excellent software architecture (thanks to Steve) based on Haystack's patented technology and an innovative development staff. Our Stalker product remains the premier audit trail management and analysis tool for the UNIX environment. Stalker v 2.1 is scheduled for release within 30 days. Our WebStalker product was initially released in August '96, and the NT version was released in February 97. It has received glowing reviews (see our website). Extended WebStalker Pro response capabilities are slated for this quarter. I hope this helps to provide some clarification for your readers. Feel free to contact me directly if you have any questions. Alisa Nessler VP of Marketing Haystack Labs, Inc. alisa@haystack.com From owner-firewalls-outgoing Thu Apr 3 16:45:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA03237 for firewalls-outgoing; Thu, 3 Apr 1997 16:37:30 -0800 (PST) Received: from ncb.gov.sg ([203.120.56.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id QAA03222 for ; Thu, 3 Apr 1997 16:37:22 -0800 (PST) Received: by ncb.gov.sg (4.1/SMI-4.1) id AA16070; Fri, 4 Apr 97 08:34:35 SST Date: Fri, 4 Apr 1997 08:34:35 +0800 (SST) From: Martin Khoo Boon Hock Subject: DMZ setup for Gauntlet To: firewalls@greatcircle.com Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, I am trying to setup Gauntlet to accept a 3rd interface to serve as a DMZ. What do I need to do to the netperm-table to make it accept another interface ? Do I need to define another 'policy' besdie the given 'policy-inside' & 'policy-outside'. Thanks & have a nice day Martin Khoo Senior IT Architect (Security & Cryptography) Information Infrastructure Group National Computer Board martin@nii.ncb.gov.sg From owner-firewalls-outgoing Thu Apr 3 17:00:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA04509 for firewalls-outgoing; Thu, 3 Apr 1997 16:49:50 -0800 (PST) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA04494 for ; Thu, 3 Apr 1997 16:49:44 -0800 (PST) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id TAA05197; Thu, 3 Apr 1997 19:47:10 -0500 Date: Thu, 3 Apr 1997 19:47:08 -0500 (EST) From: Todd Graham Lewis To: Steve Lang cc: "firewalls@greatCircle.com" Subject: Re: ICMP Source Quench and Port Unreachable attacks. In-Reply-To: <2.2.32.19970403210351.00efce1c@wave.co.nz> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 4 Apr 1997, Steve Lang wrote: > Hi. > > I'm looking for information about current ICMP Source Quench, and Port > Unreachable attacks that may be going on out there. > > Is there any information floating around?? RFC792 __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Thu Apr 3 19:06:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA15592 for firewalls-outgoing; Thu, 3 Apr 1997 18:52:06 -0800 (PST) Received: from jehova.owl.de (jehova.owl.de [194.121.202.132]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id SAA15585 for ; Thu, 3 Apr 1997 18:51:57 -0800 (PST) Received: from fiction.pb.owl.de (root@fiction.pb.owl.de [193.174.12.5]) by jehova.owl.de (8.8.5/8.8.5) with SMTP id EAA26331 for ; Fri, 4 Apr 1997 04:50:17 +0200 (MET DST) Received: from squirrel.owl.de by fiction.pb.owl.de with bsmtp id m0wCz3w-00002lC; Fri, 4 Apr 97 04:49 MET DST Received: (qmail 1374 invoked by uid 300); 4 Apr 1997 01:02:13 -0000 Date: 4 Apr 1997 01:02:13 -0000 Message-ID: <19970404010213.1373.qmail@squirrel.owl.de> From: Stuart Johnson To: firewalls@greatcircle.com Subject: Haystack info (Steve Smaha) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk About a month ago, I inquired about Haystack and Wheelgroup. I received an email from someone at Haystack that did not want to disclose their identity but revealed a lot of information about the company. I believe this information to be true, but would like to find out to the contrary. >From the inside information, apparently the founder and CEO of Haystack, Steve Smaha has been removed because he was a control freak and raving lunatic inside the company. Haystack is in decay because the Stalker family was a complete misdesign and failure. Also the source said that Steve Smaha was threatening to sue his own investors, partners, and customers. This seems kind of extreme to me, but the confirmation about Haystack suing Wheelgroup leaves this as a definite possibility. Some of the customers for Haystack have emailed me saying they have not received an update for some of the Stalker family in over 3 years. I wouldn't be suprised if Steve Smaha does not get sued himself if this is true. The investors, that removed Steve Smaha, brought in a new CEO. He is currently moving the company to Boston due to the lack of engineering talent in the former Austin HQ of Haystack. The new CEO is trying to recruit engineers that can decipher the source code because it lacked any structure and comments to understand it. I would have probably ignored this email except I am interested in monitoring tools and this seems like a legitimate insider giving me details. I have tried to contact Steve Smaha but have not been able to reach him. I am looking for someone who might know the company better than me to confirm these facts. Stuart From owner-firewalls-outgoing Thu Apr 3 19:15:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA16566 for firewalls-outgoing; Thu, 3 Apr 1997 19:13:38 -0800 (PST) Received: from sgi.sgi.com (SGI.COM [192.48.153.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id TAA16554 for ; Thu, 3 Apr 1997 19:13:30 -0800 (PST) Received: from odin.corp.sgi.com (odin.corp.sgi.com [192.26.51.194]) by sgi.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id TAA27887 for <@external-mail-relay.sgi.com:firewalls-digest@GreatCircle.COM>; Thu, 3 Apr 1997 19:11:55 -0800 Received: from sgigz.guangzhou.sgi.com by odin.corp.sgi.com via ESMTP (951211.SGI.8.6.12.PATCH1502/951211.SGI) for <@fddi-odin.corp.sgi.com:firewalls-digest@GreatCircle.COM> id TAA12160; Thu, 3 Apr 1997 19:11:53 -0800 Received: from sgigz by sgigz.guangzhou.sgi.com via SMTP (940816.SGI.8.6.9/930416.SGI) for id IAA07193; Fri, 4 Apr 1997 08:59:40 +0800 Message-ID: <3344527C.41C6@guangzhou.sgi.com> Date: Fri, 04 Apr 1997 08:59:40 +0800 From: James Liang X-Mailer: Mozilla 2.01S (X11; I; IRIX 5.3 IP22) MIME-Version: 1.0 To: firewalls-digest@GreatCircle.COM Subject: UDP through Gauntlet? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, We have a VOD server behind a Guantlet firewall which uses UDP to send video/audio streams. Is there a way for the users outside to access the VOD server without compromising the security ? James Liang james@guangzhou.sgi.com From owner-firewalls-outgoing Thu Apr 3 19:45:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA18163 for firewalls-outgoing; Thu, 3 Apr 1997 19:31:59 -0800 (PST) Received: from dg-rtp.dg.com (dg-rtp.rtp.dg.com [128.222.1.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id TAA17937 for ; Thu, 3 Apr 1997 19:31:10 -0800 (PST) Received: from splinter.rtp.dg.com by dg-rtp.dg.com (5.4R3.10/dg-rtp-v02) id AA16543; Thu, 3 Apr 1997 22:29:15 -0500 Received: by splinter.rtp.dg.com (8.6.10/200.15.1.2) id WAA12583; Thu, 3 Apr 1997 22:25:56 -0500 From: spencerj@dg-rtp.dg.com (Jon Spencer) Message-Id: <199704040325.WAA12583@splinter.rtp.dg.com> Subject: Re: combo internal/external web servers To: kkost@intermec.com (Kathy Kost) Date: Thu, 3 Apr 1997 22:25:53 -0500 (EST) Cc: firewalls@greatcircle.com In-Reply-To: <9704011916.AA00517@intermec.com> from "Kathy Kost" at Apr 1, 97 11:16:33 am X-Mailer: ELM [version 2.4 PL23] Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > > A company I'm doing some work for is trying to decide on having > separate internal and external web servers or having them both on > one machine, with some proxy or firewall software keeping them separate. > I have only implemented them separately. > > What is the current feeling on this these days? Is it possible to have > them both co-exist on the same box without risking the internal web site? > Any suggestions as to the best security software to use (public domain or > not)? Or pointers to reference information on the subject? > > Thanks a bunch, > > Kathy Kost Sigh .... Sorry to repeat myself, but ... B2 DG/UX provides the basis for doing this. CYBERSHIELD, Oracle Web Server and Open Market (OMI) Webservers and related product families (as well as Mosaic, Apachee, etc.) run on B2 DG/UX. The various environments can be isolated or intermixed, classes of data can be allowed in or out or disallowed in or out, subnets can be isolated or restricted, (scores more features but why list them again). Many organizations (both commercial and gov't) are and will be using the platform in just such a manner (internal web server, external web server, and firewall all on the same host or set of hosts) NSA among them. See www.dg.com. -- Jon F. Spencer spencerj@rtp.dg.com (uunet!rtp.dg.com!spencerj) Data General Corp. Phone : (919)248-6246 62 T.W. Alexander Dr, MS #119 FAX : (919)248-6108 Research Triangle Park, NC 27709 Office RTP 121/9 Reality is an illusion - perception is what counts. No success can compensate for failure in the home. President David O. McKay ***** UCC 1-207 ******** From owner-firewalls-outgoing Thu Apr 3 20:30:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA23617 for firewalls-outgoing; Thu, 3 Apr 1997 20:15:34 -0800 (PST) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id UAA23606 for ; Thu, 3 Apr 1997 20:15:27 -0800 (PST) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55553-1>; Fri, 4 Apr 1997 05:12:22 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Fri, 04 Apr 1997 06:13:31 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id HAA03743; Fri, 4 Apr 1997 07:15:25 +0200 Date: Fri, 4 Apr 1997 06:15:24 +0100 From: "Magossa'nyi A'rpa'd" To: Matt Wallace CC: Todd Graham Lewis , Jon Spencer , Firewalls Mailing List Subject: Re: sendmail on firewall In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 3 Apr 1997, Matt Wallace wrote: > Ditto. I've never heard of anyone using a kernel bug to compromise a > system. I've heard of some buffer overrun problems at places in kernels, > but it invariable corrupts everything and the machine crashes. >=20 There is an exploit for Linux kernels from the stone age (1.2.x). I had actually used it to make a joke on a friend. --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Thu Apr 3 20:45:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA25684 for firewalls-outgoing; Thu, 3 Apr 1997 20:41:08 -0800 (PST) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id UAA25677 for ; Thu, 3 Apr 1997 20:41:01 -0800 (PST) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55553-1>; Fri, 4 Apr 1997 05:37:59 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Fri, 04 Apr 1997 06:39:02 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id HAA03840; Fri, 4 Apr 1997 07:40:57 +0200 Date: Fri, 4 Apr 1997 06:40:57 +0100 From: "Magossa'nyi A'rpa'd" To: "James R. Leu" CC: firewalls@GreatCircle.COM Subject: Re: port forwarding and masq In-Reply-To: <199704030003.SAA17293@chaos.coredcs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk It sounds like plug-gw. Either I didn't read your letter carefully enough, or You failed to do the same with the ipfwadm documentation ^) On Thu, 3 Apr 1997, James R. Leu wrote: > I was wondering if anyone would know if this following setup can be creat= ed > with ipfwadm on Linux: >=20 > A =3D Firewall > B =3D Destination host within the firewall > C =3D Source host outside of the firewall >=20 > Valid Net Hidden Net > addresses addresses > |C|--------|A|------------|B| >=20 > Incoming: > --------- > Host C sends a packet dest for Host A port 23. Host A translates the inc= oming > request and forwards the packet to Host B port 23. >=20 > Outgoing: > --------- > Host B sends a packet to Host C. Host A would masquerade for Host B. >=20 > Jim > --=20 > James R. Leu > Network Administrator > CORE Digital Communication Services > jleu@coredcs.com >=20 --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Thu Apr 3 21:46:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA01731 for firewalls-outgoing; Thu, 3 Apr 1997 21:42:43 -0800 (PST) Received: from dallas-cs-000.novare.net (dallas-cs-000.novare.net [205.229.104.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id VAA01714 for ; Thu, 3 Apr 1997 21:42:37 -0800 (PST) Received: from muggles (mark@muggles.novare.net [205.229.105.72]) by dallas-cs-000.novare.net (8.7.6/8.6.9) with SMTP id XAA02555 for ; Thu, 3 Apr 1997 23:46:49 -0600 Message-ID: <334494EC.6EEB16E5@novare.net> Date: Thu, 03 Apr 1997 23:43:16 -0600 From: m* Organization: Novare' International Information Systems X-Mailer: Mozilla 3.0Gold (X11; I; Linux 2.0.27 i586) MIME-Version: 1.0 To: firewalls Subject: Re: Measuring latency through a proxy firewall--tools? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Douglas McNaught wrote: > > I've been asked to provide a measurement of the additional packet > latency imposed by our proxying firewall. Anybody know of some tools > for this purpose, before I go and hack up some custom code? Free > source code for Unix preferred... how about bing? while it's averages may be experimental, can it effectively estimate firewall throughput? m* -- "The Shining One" -- From owner-firewalls-outgoing Thu Apr 3 22:00:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA02552 for firewalls-outgoing; Thu, 3 Apr 1997 21:57:03 -0800 (PST) Received: from swinc.com (swinc.com [198.252.182.233]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id VAA02545 for ; Thu, 3 Apr 1997 21:56:57 -0800 (PST) Received: from grail.austin.swinc.com ([204.107.173.67]) by anthrax.swinc.com with ESMTP id <17025-1>; Thu, 3 Apr 1997 23:55:02 -0600 Received: by grail.austin.swinc.com with Internet Mail Service (5.0.1457.3) id ; Thu, 3 Apr 1997 23:59:57 -0600 Message-ID: <41242F632110D0118B4500A024BF7EB008AA40@grail.austin.swinc.com> From: "Webb, Andy" To: "'firewalls@greatcircle.com'" Subject: RE: Haystack info (Steve Smaha) Date: Thu, 3 Apr 1997 23:59:55 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This is all bulls**t. What's your agenda? What's your point? Steve is still around and in the same position. A new exec has been brought in to add to the strength - not replace. Austin is still the headquarters. Austin has plenty of engineering talent (yep, I'm biased, but it's true). Had a couple Haystack folks in my office last week who are very happy with the company and prospects for continued success. Try to do a little better research before smearing a company like this. Andy ====================================================== Andy Webb "The clue meter is reading zero." - Dilbert awebb@swinc.com Simpler-Webb, Inc. Austin, TX ====================================================== > -----Original Message----- > From: Stuart Johnson [SMTP:sjohnson@weasel.owl.de] > Sent: Thursday, April 03, 1997 7:02 PM > To: firewalls@greatcircle.com > Subject: Haystack info (Steve Smaha) > > About a month ago, I inquired about Haystack and Wheelgroup. I > received an email from someone at Haystack that did not want to > disclose their identity but revealed a lot of information about the > company. I believe this information to be true, but would like to find > out to the contrary. > > From the inside information, apparently the founder and CEO of > Haystack, Steve Smaha has > been removed because he was a control freak and raving lunatic inside > the company. > Haystack is in decay because the Stalker family was a complete > misdesign and failure. > > Also the source said that Steve Smaha was threatening to sue his own > investors, partners, and customers. This seems kind of extreme to me, > but the confirmation about Haystack suing Wheelgroup leaves this as a > definite possibility. Some of the customers for Haystack have > emailed me saying they have not received an update for some of the > Stalker family in over 3 years. I wouldn't be suprised if Steve Smaha > does not get sued himself if this is true. > > The investors, that removed Steve Smaha, brought in a new CEO. He is > currently moving the company to Boston due to the lack of engineering > talent in the former Austin HQ of Haystack. > The new CEO is trying to recruit engineers that can decipher the > source code because it lacked any structure and comments to understand > it. > > I would have probably ignored this email except I am interested in > monitoring tools and this > seems like a legitimate insider giving me details. I have tried to > contact Steve Smaha but have not been able to reach him. I am looking > for someone who might know the company better than me to confirm these > facts. > > Stuart From owner-firewalls-outgoing Thu Apr 3 23:05:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id WAA06935 for firewalls-outgoing; Thu, 3 Apr 1997 22:49:28 -0800 (PST) Received: from flex.flex.ro (flex.flex.ro [193.230.255.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id WAA06895 for ; Thu, 3 Apr 1997 22:49:15 -0800 (PST) Received: from viorel.forum.com (dial03.flex.ro [193.230.255.103]) by flex.flex.ro (8.7.5/8.7.3) with ESMTP id KAA31847 for ; Fri, 4 Apr 1997 10:38:44 +0300 Message-Id: <199704040738.KAA31847@flex.flex.ro> From: "Viorel Dehelean" To: Subject: NT 4.0 Inet Server Date: Fri, 4 Apr 1997 09:48:58 +0300 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk So , i am bothering you again ... Since this is my first time with NT4.0 , i have installed Internet Server. But from other computers (on lan) i can only connect using the ip adress not the dns name. Why ? I know is bad configured , and i hope to get some answers. Thanx Best Regards , Viorel Dehelean AKA Powerman - Risc Team vdehelean@flex.ro powerm@usa.net http://www.flex.ro/RISC Tel. Home : 039-615151 Tel. Work : 039-641841 From owner-firewalls-outgoing Thu Apr 3 23:45:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA12342 for firewalls-outgoing; Thu, 3 Apr 1997 23:40:11 -0800 (PST) Received: from server3.syd.mail.ozemail.net (server3.syd.mail.ozemail.net [203.108.7.41]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA12319 for ; Thu, 3 Apr 1997 23:40:04 -0800 (PST) Received: from oznet07.ozemail.com.au (oznet07.ozemail.com.au [203.2.192.122]) by server3.syd.mail.ozemail.net (8.8.4/8.6.12) with ESMTP id RAA17460 for ; Fri, 4 Apr 1997 17:38:30 +1000 (EST) Received: from LOCALNAME (slcan5p45.ozemail.com.au [203.108.193.61]) by oznet07.ozemail.com.au (8.8.4/8.6.12) with SMTP id RAA25413 for ; Fri, 4 Apr 1997 17:38:28 +1000 (EST) Message-ID: <3345AD17.29DB@ozemail.com.au> Date: Fri, 04 Apr 1997 17:38:31 -0800 From: "Gerard A. Joseph" Reply-To: gerard@ozemail.com.au X-Mailer: Mozilla 3.0 (Win16; I) MIME-Version: 1.0 To: firewalls@GreatCircle.COM Subject: Re: ISR References: <3.0.32.19970403183527.00954cd0@nso.org> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The site looks interesting, but it seems anomalous for a security-oriented site to ask for such details as name, email address, physical address, and password to be transmitted in the clear over the Internet. Gerard Network Operations Center wrote: > > f.y.i. > > Internet Security Review is now accepting > subscriptions (free) at http://www.isr.net > The journal appears monthly. > > regards > > Bert From owner-firewalls-outgoing Fri Apr 4 00:04:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA11836 for firewalls-outgoing; Thu, 3 Apr 1997 23:36:02 -0800 (PST) Received: from central.webforum.de (central.webforum.de [193.141.169.166]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA11829 for ; Thu, 3 Apr 1997 23:35:56 -0800 (PST) Received: (from uucp@localhost) by central.webforum.de (8.7.6/8.7.6-webforum) id JAA08060; Fri, 4 Apr 1997 09:29:18 +0100 Received: from localhost by gaston.m.ISAR.de with smtp (/\oo/\ Smail3.1.29.1 #29.2 #2) id m0wD4MV-00184xC; Fri, 4 Apr 97 09:28 WET DST Date: Fri, 4 Apr 1997 09:28:43 +0100 (WET DST) From: Klaus Lichtenwalder To: Sandeep_Talwar@INDIA.notes.pwa.co.in cc: Firewalls@GreatCircle.COM Subject: Re: Firewalls-Digest V6 #138 In-Reply-To: <6525646E:003A7F22.00@notes.pwa.co.in> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Thu, 3 Apr 1997 Sandeep_Talwar@INDIA.notes.pwa.co.in wrote: > I have a TIS tool-kit running on my Linux1.2.13 and I get thes messages > repeatedly from kernal. > > my.hostname named[70] : recv from : Connection refused > my.hostname inetd[68] : www/tcp server failing ( looping ), service > terminated Well, it means you're running httpd from inetd and get too many requests per time unit. You might consider running httpd standalone or add an number > 40 after the nowait (in my configuration it's 40 connections per second, YMMV, man inetd) Klaus ________________________________________________________________________ Klaus Lichtenwalder, Dipl. Inform., PGP Key: email to key@Four11.com Lichtenwalder@ACM.org, http://www.wp.com/Klaus, fax: +49-89-91072699 Need a (virtual) vacation? Go check: http://www.bavaria.com Unsolicited e-mail advertising and spam will not be tolerated From owner-firewalls-outgoing Fri Apr 4 00:16:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA14001 for firewalls-outgoing; Thu, 3 Apr 1997 23:55:11 -0800 (PST) Received: from darkstar.sysinfo.com (darkstar.sysinfo.com [204.246.65.62]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA13994 for ; Thu, 3 Apr 1997 23:55:05 -0800 (PST) Received: from parka.winternet.com (dufresne@parka.winternet.com [198.174.169.9]) by darkstar.sysinfo.com (8.8.2/8.8.2) with SMTP id BAA01044; Fri, 4 Apr 1997 01:56:06 -0600 Date: Fri, 4 Apr 1997 01:53:20 -0600 (CST) From: Ron DuFresne To: m* cc: firewalls Subject: Re: Measuring latency through a proxy firewall--tools? In-Reply-To: <334494EC.6EEB16E5@novare.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm surprised no one has yet mentioned either tcpspray nor tcpblast: darkstar:/usr/local/sbin# tcpblast -t parka 100 read SO_SNDBUF = 65535 Sending non-random TCP data using 1024 B blocks. .................................................................................................... 100 KB in 14251 msec = 57483.7 b/s = 7185.5 B/s = 7.0 KB/s darkstar:/usr/local/sbin# darkstar:/usr/local/sbin# tcpspray parka Transmitted 102400 bytes in 14.221252 seconds (7.032 kbytes/s) darkstar:/usr/local/sbin# Now, for the testing of firewall proxies, combined with netcat, I think tcpblast is prolly more flexible...though with netcat by hobbit, both may well suit the bill... Later, Ron DuFresne On Thu, 3 Apr 1997, m* wrote: > Douglas McNaught wrote: > > > > I've been asked to provide a measurement of the additional packet > > latency imposed by our proxying firewall. Anybody know of some tools > > for this purpose, before I go and hack up some custom code? Free > > source code for Unix preferred... > > how about bing? > > while it's averages may be experimental, can it effectively > estimate firewall throughput? > > m* > > -- > "The Shining One" > -- > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything. From owner-firewalls-outgoing Fri Apr 4 02:15:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA25364 for firewalls-outgoing; Fri, 4 Apr 1997 01:56:40 -0800 (PST) Received: from sic.se (mailbox.sic.se [194.236.7.200]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA25355 for ; Fri, 4 Apr 1997 01:56:32 -0800 (PST) Received: from pamela.sic.se (pamela [194.236.7.44]) by sic.se (8.7.5/8.7.2) with SMTP id LAA09529 for ; Fri, 4 Apr 1997 11:54:25 +0200 (MET DST) From: "Stefan Berg" X-Mailer: InterCon tcpCONNECT4 4.0.2 (Macintosh) MIME-Version: 1.0 Message-Id: <9704041155.AA16445@pamela.sic.se> Date: Fri, 4 Apr 1997 11:55:16 +0100 To: firewalls@GreatCircle.com Subject: Changeroot telnet daemon? Content-Type: Text/Plain; charset=US-ASCII Content-Disposition: Inline Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, is there such a thing as a change root telnet daemon for solaris 2.4.x or 2.5.x? Might be a stupid question, but I am in need of one.. /Stefan -- _______________________________________________________ Stefan Berg Computing Science Student University of Uppsala, Sweden. s93sbe@csd.uu.se http://www.csd.uu.se/~s93sbe _______________________________________________________ Hmm.. What do batteries run on?? From owner-firewalls-outgoing Fri Apr 4 02:20:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA25006 for firewalls-outgoing; Fri, 4 Apr 1997 01:48:37 -0800 (PST) Received: from relay.eunet.pt (relay.EUnet.pt [193.126.4.65]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA24996 for ; Fri, 4 Apr 1997 01:48:17 -0800 (PST) Received: from mail.bvl.pt (uucp@localhost) by relay.eunet.pt (8.7.5/8.7.3) with UUCP id KAA29962 for firewalls@GreatCircle.COM; Fri, 4 Apr 1997 10:46:44 +0100 (WET DST) Received: from mail.bvl.pt by jessica.bvl.pt with SMTP id AA12821 (5.65c/IDA-1.4.4 for ); Fri, 4 Apr 1997 10:19:31 GMT Received: by mail.bvl.pt with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BC40E1.F6876960@mail.bvl.pt>; Fri, 4 Apr 1997 10:21:30 +0100 Message-Id: From: =?iso-8859-1?Q?Ant=F3nio_Vasconcelos?= To: "'firewalls@GreatCircle.COM'" , "'Gregory Wilkins'" Subject: RE: POP Server Date: Fri, 4 Apr 1997 10:21:30 +0100 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >---------- >From: Gregory Wilkins[SMTP:greg@wye.com] >Sent: quinta-feira, 3 de abril de 1997 23:26 >To: firewalls@GreatCircle.COM >Subject: POP Server > >How does one setup the firewall to accept a POP protocol. > >I have a POP Server on the inside of my firewall on a "private" network, >and want my users to be able to use Eudora or something to connect to my >POP server. > >I can not move the POP server to the outside of the firewall, since it >is an NT Server that is utilized for file and print services. > >Now the tricky part...my external DNS knows NOTHING about my internal >network and it's hosts...so if I can get a POP protcol to pass thru the >firewall, how will Eudora know where to find the popserver w/o DNS >lookup, since the IP Addresses on the internal network is "bogus"? > >Help???? > Assuming that your firewall soft have something like TIS's plug-gw all you have to do is setup a plug connecting port 110 of the firewall to port 110 of your pop server. The users would call the external ip addr of the firewall, so no DNS proble here. Hope this helps... From owner-firewalls-outgoing Fri Apr 4 02:45:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA27935 for firewalls-outgoing; Fri, 4 Apr 1997 02:31:11 -0800 (PST) Received: from shoukui.pku.edu.cn (shoukui.pku.edu.cn [162.105.127.171]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id CAA27924 for ; Fri, 4 Apr 1997 02:31:02 -0800 (PST) Received: (from ccdzh@localhost) by shoukui.pku.edu.cn (8.6.12/8.6.9) id SAA01069; Fri, 4 Apr 1997 18:31:17 +0800 Date: Fri, 4 Apr 1997 18:31:17 +0800 (GMT+0800) From: Duan Zhenhai To: firewalls@greatcircle.com Subject: statistic of Network incidents Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hello, Everyone, I want to know some statistic of the Internet security incidents, such as there are how many security incidents every year, where can I find them? Thank you in advance! ////////////////////////////////////////////////////////////////// Duan Zhenhai Room 1105,BLDG.47 ccdzh@pku.edu.cn Peking University Beijing 100871 P.R.China URL: http://shoukui.pku.edu.cn/duan From owner-firewalls-outgoing Fri Apr 4 03:00:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA01124 for firewalls-outgoing; Fri, 4 Apr 1997 02:55:47 -0800 (PST) Received: from coyote.tech.telepac.pt (bdshack.telepac.pt [194.65.3.124]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA01073 for ; Fri, 4 Apr 1997 02:55:27 -0800 (PST) Received: from torquemada ([194.65.3.123]) by coyote.tech.telepac.pt (8.8.4/8.8.4) with SMTP id MAA07302 for ; Fri, 4 Apr 1997 12:52:19 +0100 Message-Id: <3.0.1.32.19970404115500.00928370@mail.tech.telepac.pt> X-Sender: jbf@mail.tech.telepac.pt X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Fri, 04 Apr 1997 11:55:00 +0100 To: firewalls@GreatCircle.COM From: Joao Brazao Ferreira Subject: RE: POP Server In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----BEGIN PGP SIGNED MESSAGE----- At 10:21 04-04-1997 +0100, you wrote: >>How does one setup the firewall to accept a POP protocol. >> >>I have a POP Server on the inside of my firewall on a "private" network, >>and want my users to be able to use Eudora or something to connect to my >>POP server. >> >>I can not move the POP server to the outside of the firewall, since it >>is an NT Server that is utilized for file and print services. >> >>Now the tricky part...my external DNS knows NOTHING about my internal >>network and it's hosts...so if I can get a POP protcol to pass thru the >>firewall, how will Eudora know where to find the popserver w/o DNS >>lookup, since the IP Addresses on the internal network is "bogus"? >> >>Help???? >> > >Assuming that your firewall soft have something like TIS's plug-gw all >you have to do is setup a plug connecting port 110 of the firewall to >port 110 of your pop server. >The users would call the external ip addr of the firewall, so no DNS >proble here. > Assuming that your firewall soft doesn't have something like TIS's plug-gw, but has Address Translation, you can map a static address to your POP bogus address, so the server can be recognized. Joao Brazao Ferreira -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: cp850 iQCVAwUBM0TsEfQQmRsxJAS5AQHzQwQAw9PChA8bnmGTgz7GDgZoOY2OmZ2uPUrg wRNf7jvTsBGxIhfpEe+XHJS1NPdDpNV4YxNj8i0t55WK5bfBTX7c/ElHeeL/D9fS gIoZXUDJeWJ5jxio3Z42Mpn2MydaeJsiNutaAoZynUbd1fPBDRuAAD/q0W0qqr8w kx8ZxxbqEJc= =DXRT -----END PGP SIGNATURE----- +------------------------------------------------------------------+ | Consultadoria e Desenvolvimento de Servicos | | Telepac - Servicos de Telecomunicacoes, S.A. | | PGP Public Key: http://www-swiss.ai.mit.edu/~bal/pks-toplev.html | +------------------------------------------------------------------+ From owner-firewalls-outgoing Fri Apr 4 06:21:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA12889 for firewalls-outgoing; Fri, 4 Apr 1997 06:00:32 -0800 (PST) Received: from netcomm.NetComm.IE (csh069.emirates.net.ae [194.170.124.69]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA12877 for ; Fri, 4 Apr 1997 06:00:23 -0800 (PST) Received: from [129.156.240.33] (kevin-mac [129.156.240.33]) by netcomm.NetComm.IE (8.8.0/8.7) with ESMTP id RAA05882; Fri, 4 Apr 1997 17:13:14 +0400 X-Sender: kevinbr@129.156.240.1 Message-Id: In-Reply-To: References: <334494EC.6EEB16E5@novare.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Fri, 4 Apr 1997 17:23:09 +0300 To: Ron DuFresne From: Kevin Brown Subject: Re: Measuring latency through a proxy firewall--tools? Cc: m* , firewalls Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Don't forget bing, aa bandwidth "ping" tool........simple but effective Kevin At 10:53 +0300 4/4/97, Ron DuFresne wrote: >I'm surprised no one has yet mentioned either tcpspray nor tcpblast: > >darkstar:/usr/local/sbin# tcpblast -t parka 100 >read SO_SNDBUF = 65535 >Sending non-random TCP data using 1024 B blocks. >............................................................................... >..................... >100 KB in 14251 msec = 57483.7 b/s = 7185.5 B/s = 7.0 KB/s >darkstar:/usr/local/sbin# > >darkstar:/usr/local/sbin# tcpspray parka > >Transmitted 102400 bytes in 14.221252 seconds (7.032 kbytes/s) >darkstar:/usr/local/sbin# > >Now, for the testing of firewall proxies, combined with netcat, I think >tcpblast is prolly more flexible...though with netcat by hobbit, both may >well suit the bill... > >Later, > >Ron DuFresne > >On Thu, 3 Apr 1997, m* wrote: > >> Douglas McNaught wrote: >> > >> > I've been asked to provide a measurement of the additional packet >> > latency imposed by our proxying firewall. Anybody know of some tools >> > for this purpose, before I go and hack up some custom code? Free >> > source code for Unix preferred... >> >> how about bing? >> >> while it's averages may be experimental, can it effectively >> estimate firewall throughput? >> >> m* >> >> -- >> "The Shining One" >> -- >> > >~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ >"Cutting the space budget really restores my faith in humanity. It >eliminates dreams, goals, and ideals and lets us get straight to the >business of hate, debauchery, and self-annihilation." -- Johnny Hart > ***testing, only testing, and damn good at it too!*** > >OK, so you're a Ph.D. Just don't touch anything. //////////////////////////////////////////////////////////// Kevin Brown | N \ We operate in Ireland, UK NetComm | e / and the Middle East Internet Training, | t \ --DUBAI-- Consultancy and Networking | C / Voice: +971-4-491476 | o \ Fax: +971-4-492957 Sun Microsystems | m / Internet Associate | m \ | / The Internet | \ email: kevinbr@netcomm.ie Experts | / info@netcomm.ie | \ http://www.netcomm.ie \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ From owner-firewalls-outgoing Fri Apr 4 06:46:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA13630 for firewalls-outgoing; Fri, 4 Apr 1997 06:30:27 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA13619 for ; Fri, 4 Apr 1997 06:30:20 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.8.5/8.6.5) with SMTP id JAA21461 for ; Fri, 4 Apr 1997 09:28:18 -0500 (EST) Message-Id: <199704041428.JAA21461@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@GreatCircle.COM Date: Fri, 4 Apr 1997 09:31:32 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: inetd looping in toolkit Reply-to: mjr@clark.net X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Sandeep_Talwar@INDIA.notes.pwa.co.in writes: > my.hostname named[70] : recv from : Connection refused > my.hostname inetd[68] : www/tcp server failing ( looping ), service Inetd will terminate a process that respawns too fast, as the http-gw does under load. What you need to do is use the "beta" version of the toolkit and instead of starting the proxy from inetd.conf, start it in rc.local with the -daemon portnumber flag. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From owner-firewalls-outgoing Fri Apr 4 06:49:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA13538 for firewalls-outgoing; Fri, 4 Apr 1997 06:27:26 -0800 (PST) Received: from niprnet_gw.bragg.army.mil ([158.5.7.72]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA13531 for ; Fri, 4 Apr 1997 06:27:22 -0800 (PST) Received: by niprnet_gw.bragg.army.mil with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5) id <01BC40DA.3E9EE460@niprnet_gw.bragg.army.mil>; Fri, 4 Apr 1997 09:26:15 -0500 Message-ID: From: Than Maung To: "'FIrewalls@GreatCircle.com'" , "'Viorel Dehelean'" Subject: RE: NT 4.0 Inet Server Date: Fri, 4 Apr 1997 09:26:13 -0500 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.993.5 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk 1) Are the other computers on the lan configured to use DNS? 2) Is your IS in your DNS database? 3) Are the netbios name and the DNS name are the same for your IS? Than >---------- >From: Viorel Dehelean[SMTP:vdehelean@flex.ro] >Sent: Friday, April 04, 1997 1:48 AM >To: FIrewalls@GreatCircle.com >Subject: NT 4.0 Inet Server > >So , i am bothering you again ... >Since this is my first time with NT4.0 , i have installed Internet Server. >But from other computers (on lan) i can only connect using the ip adress >not the dns name. >Why ? >I know is bad configured , and i hope to get some answers. > >Thanx > >Best Regards , >Viorel Dehelean AKA Powerman - Risc Team >vdehelean@flex.ro powerm@usa.net >http://www.flex.ro/RISC >Tel. Home : 039-615151 >Tel. Work : 039-641841 > From owner-firewalls-outgoing Fri Apr 4 07:31:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA15793 for firewalls-outgoing; Fri, 4 Apr 1997 07:04:51 -0800 (PST) Received: from lab58-12.ims.advantis.com (pony-express.ims.advantis.com [192.231.11.167]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA15786 for ; Fri, 4 Apr 1997 07:04:45 -0800 (PST) Received: (from uucp@localhost) by lab58-12.ims.advantis.com (8.6.9/95.10.11) id JAA09853 for ; Fri, 4 Apr 1997 09:57:50 -0500 Received: from carfax.ims.advantis.com(164.120.32.46) by lab58_12 via smap (V1.3) id sma008057; Fri Apr 4 09:57:47 1997 Received: by carfax.ims.advantis.com (8.6.9/4.03) id KAA120818; Fri, 4 Apr 1997 10:12:23 -0500 Date: Fri, 4 Apr 1997 10:12:22 -0500 (EST) From: Peter Yau To: firewalls@GreatCircle.com Subject: SATAN in Linux OS Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Can someone tell me if they have run SATAN under the Linux OS? Each time I invoke satan, nothing appears to occur. I've worked with SATAN under x86 Solaris w/o any hitch. Are there special considerations under Linux? Thank you all in advance. From owner-firewalls-outgoing Fri Apr 4 07:33:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA13792 for firewalls-outgoing; Fri, 4 Apr 1997 06:33:49 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA13785 for ; Fri, 4 Apr 1997 06:33:43 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.8.5/8.6.5) with SMTP id JAA22879 for ; Fri, 4 Apr 1997 09:31:56 -0500 (EST) Message-Id: <199704041431.JAA22879@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@GreatCircle.COM Date: Fri, 4 Apr 1997 09:35:10 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Measuring latency through a proxy firewall--tools? Reply-to: mjr@clark.net X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Douglas McNaught writes: > I've been asked to provide a measurement of the additional packet > latency imposed by our proxying firewall. Anybody know of some tools > for this purpose, before I go and hack up some custom code? Free > source code for Unix preferred... Check out the work Andrew Molitor from NSC did for the firewalls performance project: http://www.clark.net/pub/mjr/pubs/fwperf/index.htm It includes source code for a workload generator and some basic measurement tools. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From owner-firewalls-outgoing Fri Apr 4 07:43:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA14148 for firewalls-outgoing; Fri, 4 Apr 1997 06:41:08 -0800 (PST) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA14123 for ; Fri, 4 Apr 1997 06:40:49 -0800 (PST) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.8.5/8.6.5) with SMTP id JAA25441 for ; Fri, 4 Apr 1997 09:38:55 -0500 (EST) Message-Id: <199704041438.JAA25441@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@GreatCircle.COM Date: Fri, 4 Apr 1997 09:42:09 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: haystack info Reply-to: mjr@clark.net X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Stuart Johnson writes: > I have tried to contact Steve Smaha but have not been able to reach > him. Have you tried a telephone?? The number on their web page works fine and last time I called Steve he answered on the second ring. He's still running the show there and (though I may not be the right person to judge) he's no raving lunatic. On the other hand, one has to wonder what motivates someone to post something like Stuart did to a public mailing list. Bit of the old smear campaign? Which of Haystack's competitors do you work for, Stuart? mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From owner-firewalls-outgoing Fri Apr 4 07:45:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA20048 for firewalls-outgoing; Fri, 4 Apr 1997 07:43:35 -0800 (PST) Received: from emout01.mail.aol.com (emout01.mx.aol.com [198.81.11.92]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA20041 for ; Fri, 4 Apr 1997 07:43:30 -0800 (PST) From: BPobric@aol.com Received: (from root@localhost) by emout01.mail.aol.com (8.7.6/8.7.3/AOL-2.0.0) id KAA27275; Fri, 4 Apr 1997 10:42:01 -0500 (EST) Date: Fri, 4 Apr 1997 10:42:01 -0500 (EST) Message-ID: <970404104159_-1335939100@emout01.mail.aol.com> To: DWebb@capgemini.com cc: pdmallya@inf.com, firewalls@greatcircle.com Subject: Re: Firewall Architecture for Web, Database Sender: firewalls-owner@GreatCircle.COM Precedence: bulk In a message dated 97-04-03 19:30:52 EST, you write: << pdmallya@inf.com CC: firewalls@GreatCircle.COM >> Hi Dean, Thanks a lot for your response. What I meant was to use NetBui only between Database server and Web server. This way nobody from the ouitside should be able to attack their Database Server. This would be the case if they do not need to talk to their Database server from the network. If they do, like you said they prabobly need to run TCP/IP. What do you think? Braco Pobric bpobric@aol.com From owner-firewalls-outgoing Fri Apr 4 07:59:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA15539 for firewalls-outgoing; Fri, 4 Apr 1997 07:01:14 -0800 (PST) Received: from earth.usa.net (earth.usa.net [192.156.196.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA15506 for ; Fri, 4 Apr 1997 07:01:04 -0800 (PST) Received: (from grey@localhost) by earth.usa.net (8.8.4/8.8.4) id HAA05383 for firewalls@greatcircle.com; Fri, 4 Apr 1997 07:59:31 -0700 (MST) From: Donald Martin Message-Id: <199704041459.HAA05383@earth.usa.net> Subject: VPN Info Desired To: firewalls@greatcircle.com Date: Fri, 4 Apr 1997 07:59:30 -0700 (MST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm certain that I remember discussions about VPN on this list before, but I have a couple simple questions I'm hoping to get help with. Has anybody on the list implemented VPN using the Xylogics or Bay Networks remote annex hardware? Can someone please provide me with a short & sweet technical overview of VPN and implementation tactics please? After a conversation with a fairly talented engineer at Bay Networks who mentioned to me this new SuperISP setup whereas an ISP can offer dialup services in a specific part of the country or world and pipe a network connection to a corporate network or to another ISP in a different part of the country or world via frame relay, I'm wondering if this is precisely the same scenario as setting up a VPN. I don't recall the word 'encryption' coming up in the conversation at all, but instead, we talked about setting up routers and ip filters to avoid possible security issues. Authentication would be performed on the remote network via Radius, the annex being used simply for the modem and local phone line. A menu would be presented to the user dialing in, providing a choice of networks with which to connect, and then the session is piped to that network and the user is authenticated via the Radius server. Hmmm. Is anybody actually setting up something like this? Bye Bye phone companies, hello ISP??? -- Donald R. Martin New Edge Technologies email: grey@usa.net web : www.usa.net/~grey/ From owner-firewalls-outgoing Fri Apr 4 08:32:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA25505 for firewalls-outgoing; Fri, 4 Apr 1997 08:18:35 -0800 (PST) Received: from explorer.csc.com (explorer.csc.com [20.1.10.27]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id IAA25411 for ; Fri, 4 Apr 1997 08:18:12 -0800 (PST) Received: from tc24750(really [205.128.247.50]) by explorer.csc.com via smtpd with smtp id for ; Fri, 4 Apr 1997 11:14:16 -0500 (EST) (Smail-3.2.0.92 1997-Feb-9 #2 built 1997-Mar-11) Message-ID: <33452806.6479@csc.com> Date: Fri, 04 Apr 1997 11:10:46 -0500 From: Joe Loiacono Organization: Computer Sciences Corporation X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m) MIME-Version: 1.0 To: Viorel Dehelean CC: FIrewalls@GreatCircle.com Subject: Re: NT 4.0 Inet Server References: <199704040738.KAA31847@flex.flex.ro> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Viorel Dehelean wrote: > > So , i am bothering you again ... > Since this is my first time with NT4.0 , i have installed Internet Server. > But from other computers (on lan) i can only connect using the ip adress > not the dns name. > Why ? > I know is bad configured , and i hope to get some answers. Sounds like the host name has not been entered into the DNS files yet. Joe -- In theory, theory and practice are the same; In practice, they're not even close! From owner-firewalls-outgoing Fri Apr 4 08:48:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA28714 for firewalls-outgoing; Fri, 4 Apr 1997 08:43:03 -0800 (PST) Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA28707 for ; Fri, 4 Apr 1997 08:42:55 -0800 (PST) Received: from netevolve.com by relay6.UU.NET with SMTP (peer crosschecked as: [206.136.48.11]) id QQcjvm27634; Fri, 4 Apr 1997 11:41:29 -0500 (EST) Received: from lazar (ws8.netevolve.com) by netevolve.com (4.1/SMI-4.1) id AA17433; Fri, 4 Apr 97 11:44:32 EST Message-Id: <3.0.1.32.19970404113029.00854d00@netevolve.com> X-Sender: lazar@netevolve.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Fri, 04 Apr 1997 11:30:29 -0500 To: firewalls@greatcircle.com From: Irwin Lazar Subject: Dead Web Sites Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi All, I just noticed that the ping of death page at http://prospect.epresence.com/ping/ and Dan Farmer's Internet Security Survey at http://www.trouble.org are both dead. Does anyone know if they have moved or have been taken down for any reason? Thanks, Irwin Lazar <><><><><><><><><><><><><><><><><><><><><><> Irwin Lazar IP Networking References - Network Evolutions, Inc. http://www.netevolve.com/lazar http://www.netevolve.com lazar@netevolve.com From owner-firewalls-outgoing Fri Apr 4 09:45:59 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA05580 for firewalls-outgoing; Fri, 4 Apr 1997 09:36:49 -0800 (PST) Received: from dtcro002.apogee-com.fr (firewall.apogee-com.fr [194.2.187.130]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA05569 for ; Fri, 4 Apr 1997 09:36:42 -0800 (PST) Received: by dtcro002.apogee-com.fr; id TAA29781; Fri, 4 Apr 1997 19:45:04 +0200 (MET DST) Received: from dtcxs001.apogee-com.fr(10.129.16.1) by firewall.apogee-com.fr via smap (3.2) id xma029776; Fri, 4 Apr 97 19:44:42 +0200 Received: from ingpc001.apogee-com.fr by (4.1/SMI-4.1) id AA01435; Fri, 4 Apr 97 19:33:02 +0200 Message-Id: <33453B7D.6034@apogee-com.fr> Date: Fri, 04 Apr 1997 19:33:49 +0200 From: Jean-Francois Zwobada Reply-To: zwobada@apogee-com.fr Organization: APOGEE Communications X-Mailer: Mozilla 4.0b2 (Win95; I) Mime-Version: 1.0 To: James Liang Cc: firewalls-digest@GreatCircle.COM Subject: Re: UDP through Gauntlet? X-Priority: 3 (Normal) References: <3344527C.41C6@guangzhou.sgi.com> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk James Liang wrote: > > Hi, > > We have a VOD server behind a Guantlet firewall which uses UDP to send > video/audio streams. Is there a way for the users outside to access the > VOD server without compromising the security ? > > James Liang > james@guangzhou.sgi.com A solution exists but is not supported by TIS. The best way is to use udprelay to relay udp as "sessions" with a tcp_wrapper scheme. We did some successful experiments here. Hope this helps Jean-Francois -- _____ Jean-Francois Zwobada (mailto:zwobada@apogee-com.fr) _______ Apogee Communications - Parc Club Orsay Universite - 28, rue Jean Rostand 91893 ORSAY Cedex Tel: +33 1 69.85.56.47 Fax: +33 1 69.85.56.48 ___________ This guy is powered by a Z81 running CP/M ____________ From owner-firewalls-outgoing Fri Apr 4 10:00:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA07484 for firewalls-outgoing; Fri, 4 Apr 1997 09:58:13 -0800 (PST) Received: from servant (servant.mccaw-stg.com [205.172.10.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA07468 for ; Fri, 4 Apr 1997 09:58:07 -0800 (PST) Received: from radiatore.mccaw-stg.com by servant (SMI-8.6/SMI-SVR4) id JAA23335; Fri, 4 Apr 1997 09:56:35 -0800 Received: by radiatore.mccaw-stg.com (SMI-8.6/SMI-SVR4) id JAA11537; Fri, 4 Apr 1997 09:56:35 -0800 Date: Fri, 4 Apr 1997 09:56:35 -0800 From: peter.gregory-unix@mccaw-stg.com (Peter Gregory) Message-Id: <199704041756.JAA11537@radiatore.mccaw-stg.com> To: firewalls@greatcircle.com, lazar@netevolve.com Subject: Re: Dead Web Sites Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: mtxZiGV3ZOkbz2QFgJpYXQ== Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Hi All, > I just noticed that the ping of death page at > http://prospect.epresence.com/ping/ and Dan Farmer's Internet Security > Survey at http://www.trouble.org are both dead. > > Does anyone know if they have moved or have been taken down for any reason? The ping site appears to be down, but www.trouble.org appears to be alive and well. -pg -- Peter Gregory [NICname PG11] peter.gregory@attws.com IT Manager, AT&T Wireless Services, Strategic Technologies Group From owner-firewalls-outgoing Fri Apr 4 10:16:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA06887 for firewalls-outgoing; Fri, 4 Apr 1997 09:51:35 -0800 (PST) Received: from mail1 (mail1.ci.chi.il.us [199.177.48.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA06870 for ; Fri, 4 Apr 1997 09:51:28 -0800 (PST) Received: by mail1 (SMI-8.6/SMI-SVR4) id LAA16047; Fri, 4 Apr 1997 11:44:34 -0600 From: minaba@mail1.ci.chi.il.us (Mark Inaba) Message-Id: <199704041744.LAA16047@mail1> Subject: Re: New Security Technology (fwd) To: firewalls@GreatCircle.COM Date: Fri, 4 Apr 1997 11:44:33 -0600 (CST) X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Forwarded message: > This may actually _not_ be April Fool's joke. As for pornography, I > would say that it is definitely possible. The likeliest way they could > have done it is genetic algorithms applied to neural networks. The > description of how it works is not relevant to this forum, but it > basically involves randomly trying solutions, choosing which one is > best, combining top nn solutions until you get an acceptable result. > THEY probably didn't invent any algorithms themselves, and probably > don't know how their neural network does this. I hasten to add that > neural networks have proven successful in pattern recognition, eg > recognizing male - female faces. It involves a lot of CPU time and > power, and they felt that not many people would view balack&white > pornography, so they probably decided not to waste money on that. > Neural networks and some other advanced AI techniques may have been > applied to make unknown intrusion patterns recognizable through > categorized generalization. > maybe it's just a dumb program that looks for a lot of fleshtones being displayed. using line extractors and neural nets for face recognition might be overkill..and then there's the possibility that faces are not the primary feature in pornography (heheh) :) -Mark From owner-firewalls-outgoing Fri Apr 4 10:30:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA10996 for firewalls-outgoing; Fri, 4 Apr 1997 10:27:03 -0800 (PST) Received: from gate1.grandmet.com (gate1.grandmet.com [199.254.239.189]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA10922 for ; Fri, 4 Apr 1997 10:26:50 -0800 (PST) From: DSAWYER@PILLSBURY.COM Received: by gate1.grandmet.com; id AA201818558; Fri, 4 Apr 1997 12:29:18 -0600 Received: from urmph07.grandmet.com(153.13.7.1) by gate1.grandmet.com via smap (3.2) id xma020156; Fri, 4 Apr 97 12:29:14 -0600 X400-Originator: DSAWYER@PILLSBURY.COM X400-Recipients: firewalls@greatcircle.com X400-Mts-Identifier: [/PRMD=PILLSBURY/ADMD=ATTMAIL/C=US/;0035600002046493000002] X400-Content-Type: P2-1988 (22) Message-Id: <0035600002046493000002*@MHS> To: "firewalls(a)greatcircle.com" Subject: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 12:51:20 -0600 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Gauntlet firewall (TIS) fundamentally does not allow udp based services through the firewall. We really only need it for synchronization, however somebody got the idea of getting time from the Internet and here we are. How can you make xntpd work? In order to reduce the bouncing that could go on, here is what I already know. -Run xntpd on the firewall, chroot it, use authentication, and have it be your highest level stratum server. -Have your second level of time servers poll your time server on the firewall. -Have those second level stratums broadcast to other devices. In a nutshell what I need to know is how do I get udp based packets on port 123 through the firewall? Anybody have any ideas? Thanks in advance- Douglas R. Sawyer From owner-firewalls-outgoing Fri Apr 4 10:46:15 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA13125 for firewalls-outgoing; Fri, 4 Apr 1997 10:42:10 -0800 (PST) Received: from endeavor.flash.net (endeavor.flash.net [208.194.223.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA13112 for ; Fri, 4 Apr 1997 10:42:03 -0800 (PST) Received: from logicon.flash.net (aush2-143.flash.net [207.181.231.143]) by endeavor.flash.net (8.8.5/8.8.5) with SMTP id MAA12753; Fri, 4 Apr 1997 12:36:40 -0600 (CST) Message-ID: <3345644F.397B@flash.net> Date: Fri, 04 Apr 1997 12:27:59 -0800 From: Vern Williams Organization: Locicon, Inc X-Mailer: Mozilla 2.02 (Win95; I; 16bit) MIME-Version: 1.0 To: inskeep_chris@geologics.com CC: mam , mmozes@fujitsu.ca, firewalls@GreatCircle.COM Subject: Re: Frame Relay References: <33407C1F.7362@geologics.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Chris Inskeep wrote: > > mam wrote: > > > > On Mon, 31 Mar 1997 mmozes@fujitsu.ca wrote: > > > > > > > > Can someone tell me how secure Frame Relay network is? > > > > How secure do you believe the telco's network is? To exploite the frame > > you need switch level access (or someone who does). > > > > Mike > > ( ( | ( Mike Malik (mam@ssds.com) > > ) ) (| ), inc. 9841 Broken Land Parkway,Suite 100 > > business driven Columbia, MD 21046 > > technology solutions 410-381-4313 FAX: 410-381-2170 > A really good point is raised in this observation. We put firewalls in > place to protect our networks, but tend to forget about the public > networks that carry our data between firewalls. Does anyone remember > the MCI case a couple of years ago? I am less than sanguine about the > security of the telco people -- after all security is a cost and they > are after a profit. Has anyone put security reqs with real penalties > into their contracts with the telcos? AND the results? I suspect > there would be a fair number of no-bids....which makes a compelling > argurment for encryption -- but for the people who are uncomfortable > with commercially available encryption, how much of a comfort is that? > > Cheers, > C. Inskeep There are several solutions to encryption across WAN links including Frame Relay. The Cisco routers have a software option with for the 11.2.4 IOS that gives you either 40 (not secure) or 56 bit DES encryption and secure router authentication and key ditribution. The info on the 56 bit key length is that is takes 19 days and $500,000 to do a brute force attack. As the $ increases, the time goes down. The other consideration is what % of the info needs security. If only 2-4% is valuable to the snooper then it becomes cost prohibitive ( unless it is extremely valuable) to break all of your traffic to get at that piece. The other option is a stand alone encryptor between your router and the wan. The company I am familiar with in this arena is Cylink out of San Jose Ca. Good luck, Vern Williams From owner-firewalls-outgoing Fri Apr 4 11:12:38 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA15225 for firewalls-outgoing; Fri, 4 Apr 1997 10:58:04 -0800 (PST) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA15203 for ; Fri, 4 Apr 1997 10:57:53 -0800 (PST) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55561-1>; Fri, 4 Apr 1997 19:54:47 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Fri, 04 Apr 1997 20:55:58 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id VAA00650; Fri, 4 Apr 1997 21:57:52 +0200 Date: Fri, 4 Apr 1997 20:57:52 +0100 From: "Magossa'nyi A'rpa'd" To: Peter Yau CC: firewalls@GreatCircle.COM Subject: Re: SATAN in Linux OS In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 4 Apr 1997, Peter Yau wrote: > Date: Fri, 4 Apr 1997 16:12:22 +0100 > From: Peter Yau > To: firewalls@GreatCircle.COM > Subject: SATAN in Linux OS >=20 > Can someone tell me if they have run SATAN under the Linux OS? Each time= I > invoke satan, nothing appears to occur. I've worked with SATAN under x86 > Solaris w/o any hitch. Are there special considerations under Linux? > Thank you all in advance. >=20 Satan tries to run a web browser for its user interface. I could use it wit= h Mosaic. I guess the problem's source was that my other browsers (lynx and Netscape ) had been configured to use proxy. First I've found Satan pretty useless. After I've written the following line: /offers \S+/ $text into rules/services, and changed the facts file as to warn for _every_ version of sendmail, the situation had improved. Anyone has other good rules to improve Satan? It comes with pretty useless set of rules for vulnerability warnings, and can figure out only some operating system. I'm sure, it _can_ be configured to be a very powerful tool. --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Fri Apr 4 11:17:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA16467 for firewalls-outgoing; Fri, 4 Apr 1997 11:10:30 -0800 (PST) Received: from polaris.pacificnet.net (polaris.pacificnet.net [207.171.0.250]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA16442 for ; Fri, 4 Apr 1997 11:10:22 -0800 (PST) Received: from default (pm3b-29.pacificnet.net [207.171.18.78]) by polaris.pacificnet.net (8.6.11/8.6.11) with SMTP id LAA11011; Fri, 4 Apr 1997 11:04:36 -0800 Message-ID: <3345524D.783@pacificnet.net> Date: Fri, 04 Apr 1997 11:11:09 -0800 From: Osiris Organization: Abode of the Dead X-Mailer: Mozilla 3.01Gold (Win95; I) MIME-Version: 1.0 To: Irwin Lazar CC: firewalls@GreatCircle.COM Subject: Re: Dead Web Sites References: <3.0.1.32.19970404113029.00854d00@netevolve.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Irwin Lazar wrote: > > Hi All, > I just noticed that the ping of death page at > http://prospect.epresence.com/ping/ and Dan Farmer's Internet Security > Survey at http://www.trouble.org are both dead. > Not true, at least in the second case. You have pointed to Dan's top-level page, which has nothing more than a cool quote by Hunter Thompson. Go here instead: http://www.trouble.org/survey/ From owner-firewalls-outgoing Fri Apr 4 12:16:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA23182 for firewalls-outgoing; Fri, 4 Apr 1997 12:09:12 -0800 (PST) Received: from proxy3.ba.best.com (proxy3.ba.best.com [206.184.139.14]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA23144 for ; Fri, 4 Apr 1997 12:09:03 -0800 (PST) Received: from kgibbs.realogic.com ([204.240.200.36]) by proxy3.ba.best.com (8.8.5/8.8.3) with ESMTP id MAA02111; Fri, 4 Apr 1997 12:00:07 -0800 (PST) Message-Id: <199704042000.MAA02111@proxy3.ba.best.com> Reply-To: From: "Kelly E. Gibbs" To: , "Irwin Lazar" Subject: Re: Dead Web Sites Date: Fri, 4 Apr 1997 13:55:29 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Irwin: Interesting this happened. Also, quick question, I've been trying to post a message to the firewalls@greatcircle.com group. Do I send my article to majordomo@greatcircle.com or to firewalls@greatcircle.com????? Kelly From owner-firewalls-outgoing Fri Apr 4 12:42:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA23617 for firewalls-outgoing; Fri, 4 Apr 1997 12:12:13 -0800 (PST) Received: from twinds.com (eagle.twinds.com [206.153.22.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA23583 for ; Fri, 4 Apr 1997 12:12:05 -0800 (PST) Received: by twinds.com; id PAA23063; Fri, 4 Apr 1997 15:10:26 -0500 (EST) Received: from hawk.twinds.com(207.2.239.3) by eagle.twinds.com via smap (3.2) id xma023056; Fri, 4 Apr 97 15:10:15 -0500 Date: Fri, 4 Apr 1997 15:10:15 -0500 ("EST) From: Arley Carter X-Sender: ac@hawk.twinds.com To: DSAWYER@PILLSBURY.COM cc: "firewalls(a)greatcircle.com" Subject: Re: xntpd and gauntlet 3.2 In-Reply-To: <0035600002046493000002*@MHS> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 4 Apr 1997 DSAWYER@PILLSBURY.COM wrote: > > In a nutshell what I need to know is how do I get udp based packets on > port 123 through the firewall? > > Anybody have any ideas? > > Thanks in advance- > Douglas R. Sawyer > Bad Idea. Setup the firewall to be the auhtoritative time source for the domain using xntpd to the outside world. Set the firewall to broadcast time to the networks you want. Have the inside machines listen to time broadcasts from the firewall. No need to pass udp through the firewall. Cheers: -arc Arley Carter Tradewinds Technologies, Inc. Winston-Salem, NC USA email: ac@twinds.com www: http://www.twinds.com From owner-firewalls-outgoing Fri Apr 4 12:56:19 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA25996 for firewalls-outgoing; Fri, 4 Apr 1997 12:31:19 -0800 (PST) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA25971 for ; Fri, 4 Apr 1997 12:31:07 -0800 (PST) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id PAA30793; Fri, 4 Apr 1997 15:29:30 -0500 (EST) Received: by zandar.judge.org with Microsoft Mail id <01BC410C.8EADD060@zandar.judge.org>; Fri, 4 Apr 1997 15:26:24 -0500 Message-ID: <01BC410C.8EADD060@zandar.judge.org> From: Joseph Judge To: "firewalls(a)greatcircle.com" , "'DSAWYER@PILLSBURY.COM'" Subject: RE: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 15:26:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk 1- Buy a GPS time source (couple hundred US dollars?) and plug it in somewhere: -- on a firewall machine, company can sync against you -- on an internal machine, the firewall can sync against it I'm aiming to get off my butt and pay for a GPS clock soon ... just some higher priority items in the queue first :-) or (what I'm doing now) 2- put xntp on your firewall systems. I haven't heard anyone chroot-ing it. Sync time against some sources out on the Internet (there is a list somewhere) ... just "client" against them. Then, folks inside your firewall can "client" against you. You get time from tick.usno.navy.mil (and tock), which are, say, stratum 1s ... then your firewall systems are stratum 2 ... and you can hierarchically set up the rest of the company from there. (I've had the company name servers and routers client against the firewall ... then just published info to folks on how to set themselves up as clients against their local routers and/or name servers) -- -joe ---------- From: DSAWYER@PILLSBURY.COM[SMTP:DSAWYER@PILLSBURY.COM] Sent: Friday, April 04, 1997 1:51 PM To: firewalls(a)greatcircle.com Subject: xntpd and gauntlet 3.2 Gauntlet firewall (TIS) fundamentally does not allow udp based services through the firewall. We really only need it for synchronization, however somebody got the idea of getting time from the Internet and here we are. How can you make xntpd work? In order to reduce the bouncing that could go on, here is what I already know. -Run xntpd on the firewall, chroot it, use authentication, and have it be your highest level stratum server. -Have your second level of time servers poll your time server on the firewall. -Have those second level stratums broadcast to other devices. In a nutshell what I need to know is how do I get udp based packets on port 123 through the firewall? Anybody have any ideas? Thanks in advance- Douglas R. Sawyer From owner-firewalls-outgoing Fri Apr 4 13:01:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA26130 for firewalls-outgoing; Fri, 4 Apr 1997 12:32:41 -0800 (PST) Received: from brimstone.rnb.com (brimstone.rnb.com [204.178.80.14]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA26113 for ; Fri, 4 Apr 1997 12:32:32 -0800 (PST) Received: by brimstone.rnb.com; id PAA16012; Fri, 4 Apr 1997 15:30:54 -0500 Received: from relay.rnb.com(199.99.101.2) by brimstone.rnb.com via smap (3.2) id xma015964; Fri, 4 Apr 97 15:30:50 -0500 Received: from monarch.rnb.com (monarch [150.1.33.146]) by relay.rnb.com (8.8.4/8.8.4) with SMTP id PAA13262; Fri, 4 Apr 1997 15:30:49 -0500 (EST) Comments: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Comments: Internet Message: Sender identity is not verified. Comments: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Message-ID: X-Mailer: XFMail 1.1-alpha [p0] on Solaris Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 8bit MIME-Version: 1.0 In-Reply-To: <0035600002046493000002*@MHS> Date: Fri, 04 Apr 1997 15:18:46 -0500 (EST) Organization: Republic National Bank From: Ken Kempster To: DSAWYER@PILLSBURY.COM Subject: RE: xntpd and gauntlet 3.2 Cc: "firewalls(a)greatcircle.com" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On 04-Apr-97 DSAWYER@PILLSBURY.COM wrote: > Gauntlet firewall (TIS) fundamentally does not allow udp based > services through the firewall. We really only need it for > synchronization, however somebody got the idea of getting time from > the Internet and here we are. How can you make xntpd work? In order > to reduce the bouncing that could go on, here is what I already know. > > -Run xntpd on the firewall, chroot it, use authentication, and have it > be your highest level stratum server. > > -Have your second level of time servers poll your time server on the > firewall. > > -Have those second level stratums broadcast to other devices. > > In a nutshell what I need to know is how do I get udp based packets on > port 123 through the firewall? I use that exact configuration here. configuring your firewall as an ntp time server you do not need to pass udp between interfaces. The firewall will keep time sync. with your internet hosts via the outside interface and then you configure an inside host to be your internal time server which syncs. with the firewall. So if you sync. with a stratum 1 server on the net to your firewall, the firewall will be stratum 2. Then your internal server will sync. with the firewall becoming a stratum 3 server. Then have all your inside hosts which you want to time sync., sync. with your new internal time server. in this config, there is no need to pass UDP between interfaces. > > Anybody have any ideas? > > Thanks in advance- > Douglas R. Sawyer |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | Ken Kempster kempster@monarch.rnb.com | | Network Systems Engineer _\|/_ | | Republic National Bank (o o) | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~oOO-(_)-OOo~~~~~~~~~~~~~~ From owner-firewalls-outgoing Fri Apr 4 13:19:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA00762 for firewalls-outgoing; Fri, 4 Apr 1997 13:10:44 -0800 (PST) Received: from simtel.Coast.NET (simtel.coast.net [205.149.128.6]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA00750 for ; Fri, 4 Apr 1997 13:10:37 -0800 (PST) Received: from dojo.mi.org by simtel.Coast.NET (Smail3.1.28.1 #12) id m0wDGEP-0000sOC; Fri, 4 Apr 97 16:09 EST Date: Fri, 4 Apr 1997 16:09:07 -0500 (EST) To: firewalls@greatcircle.com (Firewalls Mailing List) Subject: RE: xntpd and gauntlet 3.2 From: "Mike O'Connor" Reply-To: "Mike O'Connor" X-Organization: :noitazinagrO-X Message-Id: <970404160907.mjo@dojo.mi.org> Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk :2- put xntp on your firewall systems. I haven't heard anyone :chroot-ing it. Sync time against some sources out on the :Internet (there is a list somewhere) ... just "client" against :them. Then, folks inside your firewall can "client" against :you. You get time from tick.usno.navy.mil (and tock), which :are, say, stratum 1s ... then your firewall systems are :stratum 2 ... and you can hierarchically set up the rest :of the company from there. : :(I've had the company name servers and routers client against :the firewall ... then just published info to folks on how to :set themselves up as clients against their local routers :and/or name servers) On a somewhat related note, has anyone seen problems with smartcard authentication mechanisms clashing with NTP from the Internet? How sensitive is some of the stuff "out there" to time changes? -- Michael J. O'Connor | WWW: http://dojo.mi.org/~mjo/ | Email: mjo@dojo.mi.org InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 810-848-4481 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "I assert my Fifth Amendment privilege." -Mark Fuhrman From owner-firewalls-outgoing Fri Apr 4 13:30:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA01230 for firewalls-outgoing; Fri, 4 Apr 1997 13:14:46 -0800 (PST) Received: from bncc1.incirlik.af.mil (bncc1.incirlik.af.mil [132.27.209.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA01181 for ; Fri, 4 Apr 1997 13:14:38 -0800 (PST) Received: from localhost by bncc1.incirlik.af.mil with SMTP (1.37.109.15/16.2) id AA072238381; Fri, 4 Apr 1997 23:13:01 +0200 Date: Fri, 4 Apr 1997 23:13:01 +0200 (EET) From: Jason Price To: firewalls@greatcircle.com Subject: MS Exchange thru FWTK. How ? Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, Anyone proxied MS Exchange or found a secure way to pass it through the firewall ? Thanks ! Jason |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | Sra Jason Price | | | 39CS/SCBBN | "If you lose your connection with the | | Incirlik AB, Turkey | technology you manage, then you are | | Jason.Price@incirlik.af.mil | stumbling through the world blindly. | | pricej@bncc1.incirlik.af.mil | You may get lucky for a while, but | | Network Security Officer | luck always runs out." | | Unix and Web Administrator | | |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMwP7wSPXhzPUoylNAQGv5QQAlQEf20unFw4mkzfvNBE/hyPY1AzfB5Fr Sn0QDriMXWVA881RJR3z/xtSxvlR6ADV0mXi5D+6dOqAGgNHTCS5P5GDyvi4F8DM mzJkCnQpuY2MUGHwz9va4ImeO6PvoXk+E79poz6NWdkQH88EYkD8DlLXyOCJYLwu ezywheYyfuY= =llEB -----END PGP SIGNATURE----- From owner-firewalls-outgoing Fri Apr 4 13:48:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA04260 for firewalls-outgoing; Fri, 4 Apr 1997 13:37:40 -0800 (PST) Received: from lammashta.oai.org (lammashta.oai.org [199.218.110.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA04213 for ; Fri, 4 Apr 1997 13:37:29 -0800 (PST) Received: (from fsgreen@localhost) by lammashta.oai.org (8.8.5/8.8.5) id QAA07966; Fri, 4 Apr 1997 16:41:43 -0500 (EST) Date: Fri, 4 Apr 1997 16:41:43 -0500 (EST) From: Doug Greenwald To: Firewalls Subject: OAI - address translation and checkpoint - pointer please? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk howdy, if there's anyone out there that would be willing to donate some of their precious time, please contact me privately. i'm trying to figure out if my network translation is working (using checkpoint firewall-1 version 2.1 on sun sparc running solaris 2.5.1). i either don't have the static routes set right, or it's working and i just can't verify it. thanx. doug. Doug Greenwald DougGreenwald@oai.org Internet Information Systems Manager (216) 962 3145 Ohio Aerospace Institute ICOMP - NASA Lewis Research Center http://www.oai.org/ http://www.lerc.nasa.gov/ From owner-firewalls-outgoing Fri Apr 4 14:00:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA03844 for firewalls-outgoing; Fri, 4 Apr 1997 13:33:17 -0800 (PST) Received: from relay6.UU.NET (relay6.UU.NET [192.48.96.16]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA03815 for ; Fri, 4 Apr 1997 13:33:09 -0800 (PST) Received: from netevolve.com by relay6.UU.NET with SMTP (peer crosschecked as: [206.136.48.11]) id QQcjwg10271; Fri, 4 Apr 1997 16:31:58 -0500 (EST) Received: from lazar (ws8.netevolve.com) by netevolve.com (4.1/SMI-4.1) id AA18171; Fri, 4 Apr 97 16:34:58 EST Message-Id: <3.0.1.32.19970404162057.00843a70@netevolve.com> X-Sender: lazar@netevolve.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Fri, 04 Apr 1997 16:20:57 -0500 To: firewalls@greatcircle.com From: Irwin Lazar Subject: Re: Dead Web Sites Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This explains why the ping of death page is down: > >Connectivity problems (alexis) Fri Apr 4 06:56:29 1997 > > Since very early Thursday, panix customers have been unable to reach any > site connected to the net via ANS. This includes AOL and CNN. Even name > service is failing. > > This is due to a routing policy failure between MCI and ANS. They are both > aware of it, and MCI has told me that they expect things to start working > again "soon" (as of 7AM Friday morning). There is a good chance that that's > true, but it's also possible that it could take them as much as the rest > of the day to get things back to normal. > > We're sorry for the trouble this has caused people but it's strictly > beyond our control- we can only harass the offending parties into correcting > their problem. > I've got a link to a mirror up on our IP references site. Irwin. <><><><><><><><><><><><><><><><><><><><><><> Irwin Lazar IP Networking References - Network Evolutions, Inc. http://www.netevolve.com/lazar http://www.netevolve.com lazar@netevolve.com From owner-firewalls-outgoing Fri Apr 4 14:30:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA09363 for firewalls-outgoing; Fri, 4 Apr 1997 14:28:29 -0800 (PST) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA09336 for ; Fri, 4 Apr 1997 14:28:15 -0800 (PST) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55583-1>; Fri, 4 Apr 1997 23:25:12 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Sat, 05 Apr 1997 00:26:19 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id BAA01478; Sat, 5 Apr 1997 01:28:13 +0200 Date: Sat, 5 Apr 1997 00:28:13 +0100 From: "Magossa'nyi A'rpa'd" To: Stefan Berg CC: firewalls@GreatCircle.COM Subject: Re: Changeroot telnet daemon? In-Reply-To: <9704041155.AA16445@pamela.sic.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 4 Apr 1997, Stefan Berg wrote: > Hi, >=20 > is there such a thing as a change root telnet daemon > for solaris 2.4.x or 2.5.x? >=20 > Might be a stupid question, but I am in need of one.. >=20 Some possibilities I can think of: - do a chroot wrapper, like: main(){chroot("/some/where");system("/real/telnetd");} and use it instead of your original telnetd. - there is a free chroot utility somewhere (seems it came from 4.4BSD-Lite) just found on my linux box. I guess it does basically the same thing. CHROOT(8) UNIX System Manager's Manual NAME chroot - change root directory SYNOPSIS chroot newroot [command] DESCRIPTION The chroot command changes its root directory to the supplied director= y newroot and exec's command, if supplied, or an interactive copy of you= r shell. -grab the source of some free telnetd, and insert a chroot somewhere in the beginning. DISCLAIMER: I haven't tried any of them, just done a quick lookup. QUESTION: Is it safe to use system() with fixed string, or is it also harmful? --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Fri Apr 4 14:45:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA10492 for firewalls-outgoing; Fri, 4 Apr 1997 14:37:50 -0800 (PST) Received: from gemcon.com (DNS2.GEMCON.COM [205.223.239.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA10420 for ; Fri, 4 Apr 1997 14:37:36 -0800 (PST) Received: by dns2.gemcon.com id <55338>; Fri, 4 Apr 1997 17:25:58 -0500 From: "Webb, Dean" To: BPobric@aol.com Cc: pdmallya@inf.com, firewalls@GreatCircle.COM Subject: RE: Firewall Architecture for Web, Database Date: Fri, 4 Apr 1997 17:24:55 -0500 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Message-Id: <97Apr4.172558est.55338@dns2.gemcon.com> Sender: firewalls-owner@GreatCircle.COM Precedence: bulk How about this? NetBEUI between Firewall and Database NIC #1: No TCP/IP bound to it. TCP/IP between Database NIC #2 and rest of network if they need TCP/IP access to the DB server. This way, the DB can't be touched via the Internet, but is still available to the rest of the company's TCP/IP LAN. The catch is that it has to have the two network cards with different, exclusive bindings. Does this work for y'all? (I'm from Texas...) > << pdmallya@inf.com > CC: firewalls@GreatCircle.COM >> > Hi Dean, > > Thanks a lot for your response. > What I meant was to use NetBui only between Database server and Web > server. > This way nobody from the ouitside should be able to attack their > Database > Server. This would be the case if they do not need to talk to their > Database > server from the network. If they do, like you said they prabobly need > to run > TCP/IP. > > What do you think? > > Braco Pobric > bpobric@aol.com > From owner-firewalls-outgoing Fri Apr 4 15:30:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA11336 for firewalls-outgoing; Fri, 4 Apr 1997 14:45:05 -0800 (PST) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA11295 for ; Fri, 4 Apr 1997 14:44:54 -0800 (PST) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id RAA05318; Fri, 4 Apr 1997 17:43:26 -0500 (EST) Received: by zandar.judge.org with Microsoft Mail id <01BC411F.45519F60@zandar.judge.org>; Fri, 4 Apr 1997 17:40:22 -0500 Message-ID: <01BC411F.45519F60@zandar.judge.org> From: Joseph Judge To: Firewalls Mailing List , "'Mike O'Connor'" Subject: RE: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 17:40:20 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk If you are using a time-based token thing (SecurID alike) then you are at risk of being locked out if ... the time on the card and the time on the system drift far enough apart. I would think putting a time sync on your system would be good ... except at that initial time when you first implement it and the clock gets fixed up. Then the cards might die. But ... my answer is not to use time as a basis for your authentication :-) -- joe ---------- From: Mike O'Connor[SMTP:mjo@dojo.mi.org] Sent: Friday, April 04, 1997 11:09 AM To: Firewalls Mailing List Subject: RE: xntpd and gauntlet 3.2 :2- put xntp on your firewall systems. I haven't heard anyone :chroot-ing it. Sync time against some sources out on the :Internet (there is a list somewhere) ... just "client" against :them. Then, folks inside your firewall can "client" against :you. You get time from tick.usno.navy.mil (and tock), which :are, say, stratum 1s ... then your firewall systems are :stratum 2 ... and you can hierarchically set up the rest :of the company from there. : :(I've had the company name servers and routers client against :the firewall ... then just published info to folks on how to :set themselves up as clients against their local routers :and/or name servers) On a somewhat related note, has anyone seen problems with smartcard authentication mechanisms clashing with NTP from the Internet? How sensitive is some of the stuff "out there" to time changes? -- Michael J. O'Connor | WWW: http://dojo.mi.org/~mjo/ | Email: mjo@dojo.mi.org InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 810-848-4481 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "I assert my Fifth Amendment privilege." -Mark Fuhrman From owner-firewalls-outgoing Fri Apr 4 15:40:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA12727 for firewalls-outgoing; Fri, 4 Apr 1997 14:55:12 -0800 (PST) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA12700 for ; Fri, 4 Apr 1997 14:55:05 -0800 (PST) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id RAA05000; Fri, 4 Apr 1997 17:53:37 -0500 (EST) Received: by zandar.judge.org with Microsoft Mail id <01BC4120.B3B0D240@zandar.judge.org>; Fri, 4 Apr 1997 17:50:36 -0500 Message-ID: <01BC4120.B3B0D240@zandar.judge.org> From: Joseph Judge To: Firewalls Mailing List , "'Mike O'Connor'" Subject: RE: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 17:50:35 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I just wandered past an old firewall posting about time and tokens and risk, whilst looking for something else (serendipitous eh?) http://www.netsys.com/firewalls/firewalls-9508/0019.html -- joe ---------- From: Mike O'Connor[SMTP:mjo@dojo.mi.org] Sent: Friday, April 04, 1997 11:09 AM To: Firewalls Mailing List Subject: RE: xntpd and gauntlet 3.2 :2- put xntp on your firewall systems. I haven't heard anyone :chroot-ing it. Sync time against some sources out on the :Internet (there is a list somewhere) ... just "client" against :them. Then, folks inside your firewall can "client" against :you. You get time from tick.usno.navy.mil (and tock), which :are, say, stratum 1s ... then your firewall systems are :stratum 2 ... and you can hierarchically set up the rest :of the company from there. : :(I've had the company name servers and routers client against :the firewall ... then just published info to folks on how to :set themselves up as clients against their local routers :and/or name servers) On a somewhat related note, has anyone seen problems with smartcard authentication mechanisms clashing with NTP from the Internet? How sensitive is some of the stuff "out there" to time changes? -- Michael J. O'Connor | WWW: http://dojo.mi.org/~mjo/ | Email: mjo@dojo.mi.org InterNIC WHOIS: MJO | (has my PGP & Geek Code info) | Phone: +1 810-848-4481 =--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--==--= "I assert my Fifth Amendment privilege." -Mark Fuhrman From owner-firewalls-outgoing Fri Apr 4 15:48:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13906 for firewalls-outgoing; Fri, 4 Apr 1997 15:03:17 -0800 (PST) Received: from xyzzy.plugh.edmonton.ab.ca (xyzzy.plugh.edmonton.ab.ca [198.161.22.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id PAA13877 for ; Fri, 4 Apr 1997 15:03:06 -0800 (PST) Received: (from uucp@localhost) by xyzzy.plugh.edmonton.ab.ca (8.6.12/8.6.9) id QAA05532; Fri, 4 Apr 1997 16:01:28 -0700 Received: from snouts-gw.obtuse.com(192.168.30.61), claiming to be "snouts.obtuse.com" via SMTP by mailhost.plugh.edmonton.ab.ca, id smtpd05530aaa; Fri Apr 4 16:01:26 1997 Received: (from beck@localhost) by snouts.obtuse.com (8.7.5/8.7.3) id QAA15649; Fri, 4 Apr 1997 16:01:36 -0700 From: Bob Beck Message-Id: <199704042301.QAA15649@snouts.obtuse.com> Subject: Re: Changeroot telnet daemon? To: s93sbe@csd.uu.se (Stefan Berg) Date: Fri, 4 Apr 1997 16:01:34 -0700 (MST) Cc: firewalls@GreatCircle.COM In-Reply-To: <9704041155.AA16445@pamela.sic.se> from "Stefan Berg" at Apr 4, 97 11:55:16 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Do you mean a daemon that runs chrooted? I don't know of one, but I've put them togther. I don't modify the daemon, but rather put the daemon and anything it needs inside a directory to be used as a chrooted hole or "sandbox" and then invoke it with /usr/sbin/chroot. It's easiest to do with a staticly linked daemon so that you avoid the need for shared libraries, which complicate the issue both security-wise and from the point of view of setting it up. As for what It needs, in the sandbox, If I don't know, I ususally find out when I want to set it up by running the command to start the daemon (includeing the chroot) under your faviorite tracing tool, such as truss on solaris. Personally, I'd suggest grabbing either the telnetd from Wietse Venema's "logdaemon" package, or one of the SSLeay enabled telnet daemons from the SSLapps dir on your favorite SSLeay site or mirror. These have worked well for me. If you want the log records via your standard syslog from one of these, grab our utils package from ftp://ftp.obtuse.com/pub/utils/, and look at "holelogd". -Bob > > > Hi, > > is there such a thing as a change root telnet daemon > for solaris 2.4.x or 2.5.x? > > Might be a stupid question, but I am in need of one.. > > /Stefan > > > -- > _______________________________________________________ > Stefan Berg > Computing Science Student > University of Uppsala, Sweden. > s93sbe@csd.uu.se http://www.csd.uu.se/~s93sbe > _______________________________________________________ > Hmm.. What do batteries run on?? > From owner-firewalls-outgoing Fri Apr 4 16:30:45 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA19403 for firewalls-outgoing; Fri, 4 Apr 1997 15:48:28 -0800 (PST) Received: from TGIEXCH.terraglyph.com (tgiexch.terraglyph.com [206.138.89.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA18980 for ; Fri, 4 Apr 1997 15:45:58 -0800 (PST) Received: by TGIEXCH with Internet Mail Service (5.0.1457.3) id <2JPSNP6T>; Fri, 4 Apr 1997 17:44:45 -0600 Message-ID: <418DB33991ACD011899800A0C9008E756DFA@TGIEXCH> From: Mike Topalovich To: firewalls@greatcircle.com Subject: RE: MS Exchange thru FWTK. How ? Date: Fri, 4 Apr 1997 17:44:43 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk For what type of connectors? Just the straight SMTP IMC/IMS, or a site connector? Mike Topalovich TerraGlyph Interactive Studios Topalovich@terraglyph.com > ---------- > From: Jason Price[SMTP:pricej@bncc1.incirlik.af.mil] > Sent: Friday, April 04, 1997 3:13 PM > To: firewalls@greatcircle.com > Subject: MS Exchange thru FWTK. How ? > > Hi, > > Anyone proxied MS Exchange or found a secure way to pass it through > the > firewall ? > > Thanks ! > > Jason > > |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =| > | Sra Jason Price | | > | 39CS/SCBBN | "If you lose your connection with the > | > | Incirlik AB, Turkey | technology you manage, then you are > | > | Jason.Price@incirlik.af.mil | stumbling through the world blindly. > | > | pricej@bncc1.incirlik.af.mil | You may get lucky for a while, but > | > | Network Security Officer | luck always runs out." | > | Unix and Web Administrator | | > |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =| > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMwP7wSPXhzPUoylNAQGv5QQAlQEf20unFw4mkzfvNBE/hyPY1AzfB5Fr > Sn0QDriMXWVA881RJR3z/xtSxvlR6ADV0mXi5D+6dOqAGgNHTCS5P5GDyvi4F8DM > mzJkCnQpuY2MUGHwz9va4ImeO6PvoXk+E79poz6NWdkQH88EYkD8DlLXyOCJYLwu > ezywheYyfuY= > =llEB > -----END PGP SIGNATURE----- > From owner-firewalls-outgoing Fri Apr 4 16:43:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA21523 for firewalls-outgoing; Fri, 4 Apr 1997 15:58:15 -0800 (PST) Received: from swinc.com (swinc.com [198.252.182.233]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA21510 for ; Fri, 4 Apr 1997 15:58:07 -0800 (PST) Received: from grail.austin.swinc.com ([204.107.173.67]) by anthrax.swinc.com with ESMTP id <17026-1>; Fri, 4 Apr 1997 17:56:41 -0600 Received: by grail.austin.swinc.com with Internet Mail Service (5.0.1457.3) id ; Fri, 4 Apr 1997 18:00:47 -0600 Message-ID: <41242F632110D0118B4500A024BF7EB008AA4D@grail.austin.swinc.com> From: "Webb, Andy" To: "'Jason Price'" Cc: "'firewalls@greatcircle.com'" Subject: RE: MS Exchange thru FWTK. How ? Date: Fri, 4 Apr 1997 18:00:45 -0600 X-Priority: 3 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1457.3) Content-Type: text/plain Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I'm not a FWTK expert, but here's where to find the Exchange information: Source: MS KB Article Q148732 http://www.microsoft.com/kb/articles/q148/7/32.htm Andy ======================================================= Andy Webb awebb@swinc.com www.swinc.com Simpler-Webb, Inc. Austin, TX 512-322-0071 "The clue meter is reading zero..." - Dilbert ======================================================= > -----Original Message----- > From: Jason Price [SMTP:pricej@bncc1.incirlik.af.mil] > Sent: Friday, April 04, 1997 3:13 PM > To: firewalls@greatcircle.com > Subject: MS Exchange thru FWTK. How ? > > Hi, > > Anyone proxied MS Exchange or found a secure way to pass it through > the > firewall ? > > Thanks ! > > Jason > > |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =| > | Sra Jason Price | | > | 39CS/SCBBN | "If you lose your connection with the > | > | Incirlik AB, Turkey | technology you manage, then you are > | > | Jason.Price@incirlik.af.mil | stumbling through the world blindly. > | > | pricej@bncc1.incirlik.af.mil | You may get lucky for a while, but > | > | Network Security Officer | luck always runs out." | > | Unix and Web Administrator | | > |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > =| > -----BEGIN PGP SIGNATURE----- > Version: 2.6.2 > > iQCVAwUBMwP7wSPXhzPUoylNAQGv5QQAlQEf20unFw4mkzfvNBE/hyPY1AzfB5Fr > Sn0QDriMXWVA881RJR3z/xtSxvlR6ADV0mXi5D+6dOqAGgNHTCS5P5GDyvi4F8DM > mzJkCnQpuY2MUGHwz9va4ImeO6PvoXk+E79poz6NWdkQH88EYkD8DlLXyOCJYLwu > ezywheYyfuY= > =llEB > -----END PGP SIGNATURE----- From owner-firewalls-outgoing Fri Apr 4 17:01:14 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA15440 for firewalls-outgoing; Fri, 4 Apr 1997 15:11:39 -0800 (PST) Received: from pse01.pios.com (PSE01.PIOS.COM [199.33.129.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id PAA15318 for ; Fri, 4 Apr 1997 15:11:17 -0800 (PST) Received: by pse01.pios.com; (5.65v3.2/1.3/10May95) id AA16828; Fri, 4 Apr 1997 18:09:43 -0500 Received: from vaxa.PIOS.COM (vaxa.PIOS.COM) by gemini.pios.com (PMDF V5.0-6 #18985) id <01IHBEZJ5QSW90OKQA@gemini.pios.com> for firewalls@greatcircle.com; Fri, 04 Apr 1997 18:10:55 -0500 (EST) Received: from cal_177.sanjose (192.168.14.177) by PIOS.PIOS.COM (PMDF V5.0-6 #18984) id <01IHBEX6ZI0W8Y5MYK@PIOS.PIOS.COM> for firewalls@greatcircle.com; Fri, 04 Apr 1997 18:09:03 -0500 (EST) Date: Fri, 04 Apr 1997 15:09:06 -0800 From: Bill Stout Subject: Tunnels and Security policy X-Sender: stoutb@192.168.0.83 To: firewalls@greatcircle.com Message-Id: <2.2.32.19970404230906.006d3ae0@192.168.0.83> Mime-Version: 1.0 X-Mailer: Windows Eudora Pro Version 2.2 (32) Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7BIT Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Question: Can someone give me an example of how security policies are modified when tunnels are implemented? Train of thought: I see more companies actively using tunnels (VPNs) or adding encrypted access into their systems. I see people using tunnels for the following, where admins only have local policy control; o to create a path through a firewall between internal networks and 'partner' networks. o from home PCs/private ISP account to internal network through firewall. o between branches of the same company. AFAIK, tunnels allow _all_ port traffic between a range of hosts in 'network A' to reach a range of hosts in 'network B'. If you use a firewall to protect your network from the internet, and you tunnel through that to a tunnel server either on the firewall or past it, you can't protect against the tunneled traffic without layered firewalls, which gets complex since some proxies don't cascade well. Once an intruder gets past your firewall, he's everywhere. {Net A}--+-FW--{internet}--FW-+--{Net B} | | Tunnel Server Tunnel Server Another reason I ask, Company X requests a quote for a firewall from my or other company, whittles down the price to fit the budget (original estimate of the admin), then adds the tunneling requirement. Not much budget is left for a secondary firewall layer, and I hesitate to say that if you buy a tunnel, you need two firewalls. #include Bill Stout, 'Consultant', Pioneer Standard, San Jose, CA (408)321-0645 www.pios.com (Industrial Distributor for Computer systems, components) Digital-HP-IBM-Intel-MTI-Netframe-NAT-Network_General-Cisco-3COM-Network_Sys tems-Apple-SGI-Tadpole-Cray_Communications-Liebert-Tektronix-QMS-etc,etc. From owner-firewalls-outgoing Sat Apr 5 08:00:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA08815 for firewalls-outgoing; Sat, 5 Apr 1997 07:55:07 -0800 (PST) Received: from akasha.tic.com (akasha.tic.com [192.135.128.129]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA08797 for ; Sat, 5 Apr 1997 07:55:00 -0800 (PST) From: smoot@tic.com Received: from xfrsparc.tic.com by akasha.tic.com (8.7.5/akasha.1.31) id JAA21945; Sat, 5 Apr 1997 09:53:36 -0600 (CST) Received: from localhost by xfrsparc.tic.com (8.7.1/sub.1.6) id JAA03181; Sat, 5 Apr 1997 09:53:36 -0600 (CST) Message-Id: <199704051553.JAA03181@xfrsparc.tic.com> To: Firewalls Mailing List Subject: Re: xntpd and gauntlet 3.2 In-reply-to: Your message of "Fri, 04 Apr 97 17:40:20 EST." <01BC411F.45519F60@zandar.judge.org> Date: Sat, 05 Apr 97 09:53:32 -0600 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >If you are using a time-based token thing (SecurID alike) >then you are at risk of being locked out if ... the time >on the card and the time on the system drift far enough >apart. SecurID is pretty good about keeping the cards synced with the server. I have a system with a SecureID server which is also running xntpd and I've never had a problem with clock synchronization between the cards and the server. At worst the server asks the client for the card's next token which resynchronizes the card and the server. From owner-firewalls-outgoing Sat Apr 5 08:39:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA10097 for firewalls-outgoing; Sat, 5 Apr 1997 08:20:41 -0800 (PST) Received: from palrel1.hp.com (palrel1.hp.com [15.253.72.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA10062 for ; Sat, 5 Apr 1997 08:20:28 -0800 (PST) Received: from rush.nsr.hp.com (rush.nsr.hp.com [15.17.36.5]) by palrel1.hp.com with ESMTP (8.7.5/8.7.3) id IAA01545; Sat, 5 Apr 1997 08:19:10 -0800 (PST) Received: from localhost by rush.nsr.hp.com with SMTP (1.39.111.2/16.2) id AA234606946; Sat, 5 Apr 1997 08:15:46 -0800 Date: Sat, 5 Apr 1997 08:15:45 -0800 (PST) From: Kevin Steves To: Adam Shostack Cc: firewalls@GreatCircle.COM Subject: Re: Getting DNS through a firewall. In-Reply-To: <199704012208.RAA02252@homeport.org> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Tue, 1 Apr 1997, Adam Shostack wrote: > If you don't let dns through, then a dns-gw would be a good > idea. Cheswick talked about one at SANS 96(?), and I'm wondering why > its not part of any commercial product yet. You may be referring to dnsproxy; see http://cm.bell-labs.com/who/ches/dnsproxy.html. Raptor Eagle 4.0 has a dnsd, but I don't know any details about it. From owner-firewalls-outgoing Sat Apr 5 08:45:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA11387 for firewalls-outgoing; Sat, 5 Apr 1997 08:36:07 -0800 (PST) Received: from proxy2.ba.best.com (proxy2.ba.best.com [206.184.139.13]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA11378 for ; Sat, 5 Apr 1997 08:36:00 -0800 (PST) Received: from kgibbs.vip.best.com (kgibbs.vip.best.com [206.86.92.105]) by proxy2.ba.best.com (8.8.5/8.8.3) with ESMTP id IAA02171; Sat, 5 Apr 1997 08:31:03 -0800 (PST) Message-Id: <199704051631.IAA02171@proxy2.ba.best.com> From: "Kelly Gibbs" To: "Bill Stout" Cc: Subject: Re: Tunnels and Security policy Date: Sat, 5 Apr 1997 07:51:36 -0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi Bill: I installed Firewalls/VPN's for Digital and can help you out on this one. I don't know which tunnel product you have but if it's like Digitals Tunnel which is Firewall and hardware independent, you can set the routes to enable a form of security. For example, lets say at each end you have a group tunnel. Group A is in New York and group B is in San Jose. When A establishes a VPN to B, B assigns A a virtual IP. You control what range of IP's are distributed by their group key configuration. If you give them say a 10.2.1.x range, you set the routes that 10.2.1.x takes. This may require a change also in the routers since 10.2.1.x isn't part of your 10.1.1.x network. This appears to work very well for a large site I installed last year. +--------------------------------------------------------------------------+ | Kelly E. Gibbs, Sr. Internet/UNIX Consultant Realogic, Inc. | | Security architecture, design, implementation, auditing, and | | penetration testing. UNIX, Microsoft Windows NT, and VMS | | Realtime programming, TCP/IP, telephony systems, embedded systems. | | San Francisco, CA 415-956-1300 London, UK (+)44 (1)71 233 07 44 | +--------------------------------------------------------------------------+ ---------- > From: Bill Stout > To: firewalls@GreatCircle.COM > Subject: Tunnels and Security policy > Date: Friday, April 04, 1997 3:09 PM > > Question: Can someone give me an example of how security policies are > modified when tunnels are implemented? > > Train of thought: I see more companies actively using tunnels (VPNs) or > adding encrypted access into their systems. I see people using tunnels for > the following, where admins only have local policy control; > > o to create a path through a firewall between internal networks and > 'partner' networks. > > o from home PCs/private ISP account to internal network through firewall. > > o between branches of the same company. > > AFAIK, tunnels allow _all_ port traffic between a range of hosts in 'network > A' to reach a range of hosts in 'network B'. If you use a firewall to > protect your network from the internet, and you tunnel through that to a > tunnel server either on the firewall or past it, you can't protect against > the tunneled traffic without layered firewalls, which gets complex since > some proxies don't cascade well. Once an intruder gets past your firewall, > he's everywhere. > > {Net A}--+-FW--{internet}--FW-+--{Net B} > | | > Tunnel Server Tunnel Server > > Another reason I ask, Company X requests a quote for a firewall from my or > other company, whittles down the price to fit the budget (original estimate > of the admin), then adds the tunneling requirement. Not much budget is left > for a secondary firewall layer, and I hesitate to say that if you buy a > tunnel, you need two firewalls. > > #include > Bill Stout, 'Consultant', Pioneer Standard, San Jose, CA (408)321-0645 > www.pios.com (Industrial Distributor for Computer systems, components) > Digital-HP-IBM-Intel-MTI-Netframe-NAT-Network_General-Cisco-3COM-Network_Sys > tems-Apple-SGI-Tadpole-Cray_Communications-Liebert-Tektronix-QMS-etc,etc. > > From owner-firewalls-outgoing Sat Apr 5 12:04:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA21480 for firewalls-outgoing; Sat, 5 Apr 1997 11:49:37 -0800 (PST) Received: from threewiz.demon.co.uk (threewiz.demon.co.uk [158.152.116.88]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA21473 for ; Sat, 5 Apr 1997 11:49:27 -0800 (PST) Received: from monaco (unverified [192.168.3.254]) by monaco.kimble.co.uk (EMWAC SMTPRS 0.83) with SMTP id ; Sat, 05 Apr 1997 20:16:45 +0100 Message-ID: From: "David Harvey-George" To: Cc: Subject: Steelhead / Eraserhead ? Date: Sat, 5 Apr 1997 20:16:45 +0100 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, Has anyone tried Microsoft's 'steelhead' router and packet filtering software. It's currently in beta and I've been attempting to build a packet filtering firewall around it using an NT sp2 box. My experiences suggest that there are a few deficiencies that MS need to address in the area of packet filtering. Although it is possible to filter on inbound or outbound interface there is no option to filter based on the TCP flag fields. Okay, maybe not such a big deal. More significant, you can't allow or deny on a range of ports. I have the following filter for HTTP access for my internal network clients: Source Address Destination Address Protocol Source Port Destination Port rule1 192.168.3.0 Any TCP Any 80 rule2 Any 192.168.3.0 TCP 80 Any The intention of this rule is to permit internal clients (net 192.168.3.0) to access Web servers and to permit replies from said servers. However without the ability to either check the ACK flag or add a destination port range in rule 2 this rule is open to someone binding a client to port 80 and contacting any of my internal servers. MS imply that 'steelhead' can be used to build firewall capabilities but I think not, at least not in its present incarnation. Sievehead is currently available in beta 2 from their Website. regards, David From owner-firewalls-outgoing Sat Apr 5 12:15:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA21617 for firewalls-outgoing; Sat, 5 Apr 1997 11:57:20 -0800 (PST) Received: from homeport.org (lighthouse.homeport.org [205.136.65.198]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA21602 for ; Sat, 5 Apr 1997 11:57:11 -0800 (PST) Received: (adam@localhost) by homeport.org (8.8.5/8.6.9) id OAA24719; Sat, 5 Apr 1997 14:53:39 -0500 (EST) From: Adam Shostack Message-Id: <199704051953.OAA24719@homeport.org> Subject: Re: combo internal/external web servers In-Reply-To: <9704011916.AA00517@intermec.com> from Kathy Kost at "Apr 1, 97 11:16:33 am" To: kkost@intermec.com (Kathy Kost) Date: Sat, 5 Apr 1997 14:53:38 -0500 (EST) Cc: firewalls@GreatCircle.COM X-Mailer: ELM [version 2.4ME+ PL27 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk What happens if the external server is comprimised? If its in its own chrooted partition, possibly not a lot (if you trust chroot). What happens if you misconfigure your internal server? Are you exposing the information to the outside world? Is that an acceptable risk? What happens if the machine is comprimised through some other mechanism? Could an attacker reconfigure things so that the outside world can get to the internal server? You can build a defense in depth to make this harder/more obvious. I'd suggest going with two machines. You can get a nice pc system with plenty of horses to run a small to medium web server for $1000 or less. The cost & effort to administrate two machines isn't that much greater than one, and you're providing strong compartmentalization. Adam Kathy Kost wrote: | A company I'm doing some work for is trying to decide on having | separate internal and external web servers or having them both on | one machine, with some proxy or firewall software keeping them separate. | I have only implemented them separately. | | What is the current feeling on this these days? Is it possible to have | them both co-exist on the same box without risking the internal web site? | Any suggestions as to the best security software to use (public domain or | not)? Or pointers to reference information on the subject? -- "It is seldom that liberty of any kind is lost all at once." -Hume From owner-firewalls-outgoing Sat Apr 5 17:49:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id RAA06566 for firewalls-outgoing; Sat, 5 Apr 1997 17:37:21 -0800 (PST) Received: from challenger.atc.fhda.edu (challenger.atc.fhda.edu [153.18.200.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id RAA06525 for ; Sat, 5 Apr 1997 17:37:10 -0800 (PST) Received: from localhost (manek@localhost) by challenger.atc.fhda.edu (8.8.0/8.7.3) with SMTP id RAA28896; Sat, 5 Apr 1997 17:35:53 -0800 (PST) Date: Sat, 5 Apr 1997 17:35:52 -0800 (PST) From: "Sameer R. Manek" To: Kathy Kost cc: firewalls@GreatCircle.COM Subject: Re: combo internal/external web servers In-Reply-To: <199704051953.OAA24719@homeport.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk One idea I really like, though i haven't had the opportunity to try it out. This combination involves 2 boxes in addition to your firewall. Since running a web server on a firewall isn't considered a wise idea in general. Basicly what you do is having two boxes, a web server and a file server. the web server mounts nfs mounts read only /webserver/htdocs from the file server. The web server's only service is httpd, and maybe ftpd which isn't very cpu intensive, so a low end pentium and *bsd or linux will do. In addition because the webserver doesnt have the pages you don't have to give accounts to folks who may not do security concious things, such as the web page development groups. They can have accounts on machines less visible to the public. So you can close of network logins or run sshd. Some have suggested using either a zip drive (with the write protect tab notched) or a writeable cdrom, but i don't think these methords are practical, aside from the fact that zip and cdrom drives are slower. These things are what i call 'making work', they make you, the admin, do things like burn cds, change cds, remount it. My opinion is that the admin is respondsible for maintaining the service, which is time consuming enough, not to create more work. If you put the responsiblity of maintaining the pages, putting them on the server, etc as close to the people who write the pages as possible that is a good thing. Making the system secure and ensuring ease use is our respondsiblity. Your dedicated web page file server can even run something like net-a-talk or samba so they can author the pages directly from the NT/95 or Mac workstations. From owner-firewalls-outgoing Sat Apr 5 19:04:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA10212 for firewalls-outgoing; Sat, 5 Apr 1997 18:56:33 -0800 (PST) Received: from jehova.owl.de (jehova.owl.de [194.121.202.132]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id SAA10098 for ; Sat, 5 Apr 1997 18:55:37 -0800 (PST) Received: from fiction.pb.owl.de (root@fiction.pb.owl.de [193.174.12.5]) by jehova.owl.de (8.8.5/8.8.5) with SMTP id EAA19253 for ; Sun, 6 Apr 1997 04:54:21 +0200 (MET DST) Received: from squirrel.owl.de by fiction.pb.owl.de with bsmtp id m0wDi4X-000032C; Sun, 6 Apr 97 04:52 MET DST Received: (qmail 1037 invoked by uid 300); 6 Apr 1997 00:51:13 -0000 Date: 6 Apr 1997 00:51:13 -0000 Message-ID: <19970406005113.1036.qmail@squirrel.owl.de> From: Stuart Johnson To: firewalls@greatcircle.com Subject: Monitoring Info Sender: firewalls-owner@GreatCircle.COM Precedence: bulk As regard to the Haystack information, my message was not intended to be "tabloid". Obviously, it is the marketing managers' responsibility to paint a pretty picture. But I am only interested in finding out why an insider at Haystack would share this information in confidence. Many of the private emails I received confirm others' lack of confidence in Haystack and the fact that many people are leaving due to the turmoil. Is this deniable? I only want to make the best choice for my company. With the enquiry about Haystack and Wheelgroup, I received some email from Marcus Ranum. He is someone I have respected from many of his posts. But his email has suprised me and I have had some doubts about whether he was objectively replying or only trying to sell some new product he is building and denigrate the choices that I am reviewing. I also received email's from others suggesting Marcus' new company as an alternative, but from those messages it is clear he has decided to get out of V-One and thought it was a total failure without direction. This concerns me because he has used V-one to fund this company and I assume they are the majority owners of it. Has anyone actually implemented this stuff or is it just vaporware? I kind of question what kind of business man Marcus is based on what I had overheard at a conference where a small group of people talking, including one of the speakers for NCSA (I believe Dr. Tippett). They were talking about the firewall consortium and someone had asked about Marcus. The speaker from the NCSA said that they removed Marcus from any more influence on the certification process due to his continuous attempts to self promote his own selfish interests and not those of the security community. The second concern about the integrity of Marcus' company is the fact that the Founder and CEO of a competing monitoring company (Steve Smaha of Haystack) is on his board. This is like a CEO of Netscape sitting on Microsoft's board. Obviously, Steve Smaha does notbelieve NetStalker is a competitive product or he wouldn't sit on a competitor's board, or would he? Does this seem fishy? I am not just looking for good technology, I want to do business with people with integrity. Stuart From owner-firewalls-outgoing Sat Apr 5 20:09:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA13206 for firewalls-outgoing; Sat, 5 Apr 1997 19:40:46 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id TAA13175 for firewalls@greatcircle.com; Sat, 5 Apr 1997 19:40:36 -0800 (PST) Received: from trifork.gu.net (trifork.gu.net [194.93.190.194]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA27421 for ; Fri, 4 Apr 1997 08:32:40 -0800 (PST) Received: from localhost (localhost.gu.kiev.ua [127.0.0.1]) by trifork.gu.net (8.8.5/8.8.5) with SMTP id TAA02082; Fri, 4 Apr 1997 19:31:04 +0300 (EEST) Date: Fri, 4 Apr 1997 19:31:04 +0300 (EEST) From: Andrew Stesin Reply-To: stesin@gu.net To: "Gerard A. Joseph" cc: firewalls@GreatCircle.COM Subject: Re: ISR In-Reply-To: <3345AD17.29DB@ozemail.com.au> Message-ID: X-NCC-RegID: ua.gu MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi Gerard, despite of the thingies you noticed, I'll probably subscribe. (Neither of the pieces you noticed are so much protected and/or classified, anyway :) Though you are right -- and they (ISR) aren't. On Fri, 4 Apr 1997, Gerard A. Joseph wrote: > Date: Fri, 04 Apr 1997 17:38:31 -0800 > From: "Gerard A. Joseph" > To: firewalls@GreatCircle.COM > Subject: Re: ISR > > The site looks interesting, but it seems anomalous for a > security-oriented site to ask for such details as name, email address, > physical address, and password to be transmitted in the clear over the > Internet. > > Gerard > > Network Operations Center wrote: > > > > f.y.i. > > > > Internet Security Review is now accepting > > subscriptions (free) at http://www.isr.net > > The journal appears monthly. > > > > regards > > > > Bert > Best regards, Andrew Stesin nic-hdl: ST73-RIPE From owner-firewalls-outgoing Sat Apr 5 20:09:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA13339 for firewalls-outgoing; Sat, 5 Apr 1997 19:42:26 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id TAA13329 for firewalls@greatcircle.com; Sat, 5 Apr 1997 19:42:23 -0800 (PST) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA13786 for ; Fri, 4 Apr 1997 15:02:10 -0800 (PST) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id SAA05687; Fri, 4 Apr 1997 18:00:27 -0500 (EST) Received: by zandar.judge.org with Microsoft Mail id <01BC4121.A7B03340@zandar.judge.org>; Fri, 4 Apr 1997 17:57:26 -0500 Message-ID: <01BC4121.A7B03340@zandar.judge.org> From: Joseph Judge To: "'patrick_scannell@mail.fws.gov'" Cc: "'Firewalls Mailing List'" Subject: RE: RE: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 17:57:24 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The NTP archive at ftp://louie.udel.edu/pub/ntp or=20 somewhere ... have some information on time sources (radio, modem, , GPS and otherwise). The comp.protocols.ntp (??) or such also does. The http://www.eecis.udel.edu/~ntp/database/faq.html=20 NTP FAQ file has some information, also. I don't want to sound vague... but that is the best I have now. I have always gotten time from an Internet source. I am just about to get a Geo Positional Systemthing (GPS) which bounces off satellites and figures out exactly where you are .... which incidently means you better have VERY=20 accurate time to do those calculations. =20 My company's UK firewall has a GPS time source in their firewall ...and I will just probably follow what they are doing after some analysis. The NTP FAQ lists a bunch of units under $5K dollars. I really want to find out what my UK folks are doing so inexpensively. I will be more than happy to post a how-to as soon as=20 I know what I'm doing. --- joe ---------- From: patrick_scannell@mail.fws.gov[SMTP:patrick_scannell@mail.fws.gov] Sent: Friday, April 04, 1997 3:20 PM To: Joseph Judge Subject: Re:RE: xntpd and gauntlet 3.2 Could you please reply to the list with a little more detail about a GPS time source? I have the same problem, and this sounds like a great = solution. Is this a specialized item, or just a navigational GPS that allows one = to query time via serial interface? Clearly I'm groping, where should I look = for more info? Thanks, Patrick ____________________Reply Separator____________________ Subject: RE: xntpd and gauntlet 3.2 Author: Joseph Judge Date: 4/4/97 2:41 PM 1- Buy a GPS time source (couple hundred US dollars?) and=20 plug it in somewhere: -- on a firewall machine, company can sync against you -- on an internal machine, the firewall can sync against it I'm aiming to get off my butt and pay for a GPS clock=20 soon ... just some higher priority items in the queue first :-) or (what I'm doing now) 2- put xntp on your firewall systems. I haven't heard anyone chroot-ing it. Sync time against some sources out on the=20 Internet (there is a list somewhere) ... just "client" against them. Then, folks inside your firewall can "client" against=20 you. You get time from tick.usno.navy.mil (and tock), which are, say, stratum 1s ... then your firewall systems are stratum 2 ... and you can hierarchically set up the rest of the company from there.=20 (I've had the company name servers and routers client against the firewall ... then just published info to folks on how to=20 set themselves up as clients against their local routers=20 and/or name servers) -- -joe ---------- From: DSAWYER@PILLSBURY.COM[SMTP:DSAWYER@PILLSBURY.COM] Sent: Friday, April 04, 1997 1:51 PM To: firewalls(a)greatcircle.com Subject: xntpd and gauntlet 3.2 Gauntlet firewall (TIS) fundamentally does not allow udp based services through the firewall. We really only need it for synchronization, however somebody got the idea of getting time from the Internet and here we are. How can you make xntpd work? In = order to reduce the bouncing that could go on, here is what I already = know. -Run xntpd on the firewall, chroot it, use authentication, and have = it be your highest level stratum server. -Have your second level of time servers poll your time server on = the firewall. -Have those second level stratums broadcast to other devices. In a nutshell what I need to know is how do I get udp based packets = on port 123 through the firewall? Anybody have any ideas? Thanks in advance- Douglas R. Sawyer =20 Received: from relay1.UU.NET by mail.fws.gov (SMTPLINK V2.11.01) ; Fri, 04 Apr 97 14:41:02 MST Return-Path: Received: from honor.greatcircle.com by relay1.UU.NET with ESMTP=20 (peer crosschecked as: honor.greatcircle.com [198.102.244.44]) id QQcjwf15717; Fri, 4 Apr 1997 16:26:44 -0500 (EST) Received: (majordom@localhost) by honor.greatcircle.com = (8.8.5/Honor-Lists-970308-1) id MAA25996 for firewalls-outgoing; Fri, 4 = Apr 1997 12:31:19 -0800 (PST) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by = honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA25971 for = ; Fri, 4 Apr 1997 12:31:07 -0800 (PST) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com = [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id = PAA30793; Fri, 4 Apr 1997 15:29:30 -0500 (EST) Received: by zandar.judge.org with Microsoft Mail id <01BC410C.8EADD060@zandar.judge.org>; Fri, 4 Apr 1997 15:26:24 = -0500 Message-ID: <01BC410C.8EADD060@zandar.judge.org> From: Joseph Judge To: "firewalls(a)greatcircle.com" , = "'DSAWYER@PILLSBURY.COM'" Subject: RE: xntpd and gauntlet 3.2 Date: Fri, 4 Apr 1997 15:26:21 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset=3D"us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From owner-firewalls-outgoing Sat Apr 5 21:04:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA21221 for firewalls-outgoing; Sat, 5 Apr 1997 20:59:09 -0800 (PST) Received: from thalia.fm.intel.com (thalia.fm.intel.com [132.233.247.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id UAA21204 for ; Sat, 5 Apr 1997 20:59:02 -0800 (PST) Received: from argus.intel.com by thalia.fm.intel.com (8.8.4/10.0i); Sun, 6 Apr 1997 04:57:46 GMT Received: by argus.intel.com (8.8.4/10.0i); Sat, 5 Apr 1997 20:57:45 -0800 From: sedayao@argus.intel.com (Jeffrey C. Sedayao) Message-Id: <199704060457.UAA09981@argus.intel.com> Subject: Re: Tunnels and Security policy To: stoutb@pios.com (Bill Stout) Date: Sat, 5 Apr 97 20:57:44 PST Cc: firewalls@greatcircle.com In-Reply-To: <2.2.32.19970404230906.006d3ae0@192.168.0.83> from "Bill Stout" at Apr 4, 97 03:09:06 pm X-Mailer: ELM [version 2.4dev PL66] MIME-Version: 1.0 Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Question: Can someone give me an example of how security policies are > modified when tunnels are implemented? > Train of thought: I see more companies actively using tunnels (VPNs) or > adding encrypted access into their systems. I see people using tunnels for > the following, where admins only have local policy control; > o to create a path through a firewall between internal networks and > 'partner' networks. > o from home PCs/private ISP account to internal network through firewall. > o between branches of the same company. > AFAIK, tunnels allow _all_ port traffic between a range of hosts in 'network > A' to reach a range of hosts in 'network B'. If you use a firewall to > protect your network from the internet, and you tunnel through that to a > tunnel server either on the firewall or past it, you can't protect against > the tunneled traffic without layered firewalls, which gets complex since > some proxies don't cascade well. Once an intruder gets past your firewall, > he's everywhere. > {Net A}--+-FW--{internet}--FW-+--{Net B} > | | > Tunnel Server Tunnel Server > Another reason I ask, Company X requests a quote for a firewall from my or > other company, whittles down the price to fit the budget (original estimate > of the admin), then adds the tunneling requirement. Not much budget is left > for a secondary firewall layer, and I hesitate to say that if you buy a > tunnel, you need two firewalls. It really depends on how you implement the tunnel and the specific product. I have implemented tunnels on the outside of the firewall, so that you still have to negotiate the firewall to get in. I have seen products also that provide a similar capability, where you can have a tunnel across the net to another company, but you still have to go through the firewall to get into your company. I would say that the security policy depends on the situation. Of your three situations, I'd say the following: partner networks - make them go through the firewall and treat them (as much as you can get away with) like they are just another site on the Internet. Your partners probably have Internet gateways, and how can you be sure that those gateways are secure? branch offices - don't make them go through the firewall unless you really really really don't trust them. It happens (seen it happen). remote access by employees - depends how much you trust them. If you really trust them, don't make them go through a firewall. If you don't trust them, make them go through the firewall. The problem here that you have to watch out whether the employee can connect to the Internet and your internal network at the same time. Products vary in what they allow (at least the last time I looked). > #include > Bill Stout, 'Consultant', Pioneer Standard, San Jose, CA (408)321-0645 > www.pios.com (Industrial Distributor for Computer systems, components) > Digital-HP-IBM-Intel-MTI-Netframe-NAT-Network_General-Cisco-3COM-Network_Sys > tems-Apple-SGI-Tadpole-Cray_Communications-Liebert-Tektronix-QMS-etc,etc. -- Jeff Sedayao Intel Corporation sedayao@argus.intel.com From owner-firewalls-outgoing Sat Apr 5 21:19:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA21855 for firewalls-outgoing; Sat, 5 Apr 1997 21:10:46 -0800 (PST) Received: from point.pch.gc.ca (point.pch.gc.ca [167.33.21.4]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id VAA21844 for ; Sat, 5 Apr 1997 21:10:39 -0800 (PST) From: Bill_Royds@pch.gc.ca Received: from pchgate.pch.gc.ca (pchgate.pch.gc.ca [167.33.21.2]) by point.pch.gc.ca (8.7.6/8.7.3) with SMTP id XAA15517 for ; Sat, 5 Apr 1997 23:27:08 -0500 (EST) Received: from relay.pch.gc.ca by pchgate.pch.gc.ca via smtpd (for point.pch.gc.ca [167.33.21.4]) with SMTP; 6 Apr 1997 04:29:20 UT Received: from pch.gc.ca (notes.pch.gc.ca [167.33.5.11]) by relay.pch.gc.ca (8.7.6/8.7.3) with SMTP id XAA29108 for ; Sat, 5 Apr 1997 23:29:20 -0500 (EST) Received: by pch.gc.ca(Lotus SMTP MTA v1.05 (274.9 11-27-1996)) id 85256471.0018B7A8 ; Sat, 5 Apr 1997 23:29:58 -0400 X-Lotus-FromDomain: PCH To: Firewalls@greatcircle.com Message-ID: <85256471.0019249F.00@pch.gc.ca> Date: Sat, 5 Apr 1997 23:37:52 -0400 Subject: Individual chroot for ftp users. Mime-Version: 1.0 Content-type: text/plain; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Does anybody have a program or system to set up an allow one to set up multiple ftp accounts on Solaris 2.5 so that each one is chrooted to thier own directory? I will have multiple ftp users on a depository machine, that should not have anonymous ftp but still stop an ftp user getting out of her own sandbix. From owner-firewalls-outgoing Sat Apr 5 22:19:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id VAA26297 for firewalls-outgoing; Sat, 5 Apr 1997 21:50:52 -0800 (PST) Received: from narya.laserlink.net (narya.laserlink.net [207.77.72.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id VAA26289 for ; Sat, 5 Apr 1997 21:50:45 -0800 (PST) Received: from laser1.laserlink.net (laser1.laserlink.net [207.77.72.201]) by narya.laserlink.net (8.7.4/8.7.3) with SMTP id BAA21862; Sun, 6 Apr 1997 01:58:38 GMT Received: by laser1.laserlink.net with Microsoft Mail id <01BC4224.39A1EB60@laser1.laserlink.net>; Sun, 6 Apr 1997 00:48:21 -0500 Message-ID: <01BC4224.39A1EB60@laser1.laserlink.net> From: George Broadfoot To: "'stesin@gu.net'" , "Gerard A. Joseph" Cc: "firewalls@GreatCircle.COM" Subject: RE: ISR Date: Sun, 6 Apr 1997 00:48:19 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk It is also interesting that such a site would not allow characters like = ! or # in the password field. Pretty standard UNIX password characters = !!=20 No matter I joined anyways. -----Original Message----- From: Andrew Stesin [SMTP:stesin@gu.net] Sent: Friday, April 04, 1997 11:31 AM To: Gerard A. Joseph Cc: firewalls@GreatCircle.COM Subject: Re: ISR Hi Gerard, despite of the thingies you noticed, I'll probably subscribe. (Neither of the pieces you noticed are so much protected and/or = classified, anyway :) Though you are right -- and they (ISR) aren't. From owner-firewalls-outgoing Sun Apr 6 00:04:20 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA04809 for firewalls-outgoing; Sat, 5 Apr 1997 23:55:22 -0800 (PST) Received: from heaton.cl.cam.ac.uk (heaton.cl.cam.ac.uk [128.232.32.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id XAA04800 for ; Sat, 5 Apr 1997 23:55:15 -0800 (PST) Received: from cl.cam.ac.uk [128.232.0.11] (pb) by heaton.cl.cam.ac.uk with esmtp (Exim 1.59 #2) id 0wDmko-0006dF-00; Sun, 6 Apr 1997 08:52:46 +0100 X-uri: X-face: &@N3QE9h|>f`igFCkZ'a1`z=nNLXb}k>H(79G"V?@!&*yn)uhPBctF1vc}LD'{OA%$bs X+l[wN,I^G8kKj2NFxQrr@1C4QBC]hq5-%ZkV,^Zl/qE<0`zCQ1nM+]-N<^WG[H)]?d) A:L9AFgOU[BjbaY)uBAMz}h!fm^O0# To: Joseph Judge cc: "'patrick_scannell@mail.fws.gov'" , "'Firewalls Mailing List'" Subject: Re: xntpd and gauntlet 3.2 In-reply-to: Your message of Fri, 04 Apr 1997 17:57:24 -0500. <01BC4121.A7B03340@zandar.judge.org> Date: Sun, 06 Apr 1997 08:52:43 +0100 From: Piete Brooks Message-Id: Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > The NTP FAQ lists a bunch of units under $5K dollars. I used to be very active in the xntpd world, but haven't been involved for serveral years. When I last looked into things for someone (Jan 1994!) I found a Trimble receiver for $US 395, making a complete unit $US 580. I would have expected the prices to have dropped (considerably) since then. As such, I suspect that "under $US5K" means just that, rather than "just under $US5K" as some may interpret the above. From owner-firewalls-outgoing Sun Apr 6 01:34:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA10659 for firewalls-outgoing; Sun, 6 Apr 1997 01:26:57 -0800 (PST) Received: from x18.boston.juno.com (x18.boston.juno.com [205.231.101.29]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA10652 for ; Sun, 6 Apr 1997 01:26:50 -0800 (PST) Received: (from lil.c@juno.com) by x18.boston.juno.com (queuemail) id FFX17048; Sun, 06 Apr 1997 05:24:43 EDT To: Firewalls@GreatCircle.COM Date: Sun, 6 Apr 1997 04:59:04 -0400 Message-ID: <19970406.052118.14878.10.lil.c@juno.com> X-Mailer: Juno 1.23 From: lil.c@juno.com (Chris C Rodil) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk From owner-firewalls-outgoing Sun Apr 6 04:04:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA18018 for firewalls-outgoing; Sun, 6 Apr 1997 03:51:44 -0700 (PDT) Received: from sirius.hkstar.com (sirius.hkstar.com [202.82.0.148]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA18011 for ; Sun, 6 Apr 1997 03:51:39 -0700 (PDT) Received: from hkstar.com.hkstar.com (pluto221.hkstar.com [202.82.50.221]) by sirius.hkstar.com (8.8.4/8.6.6) with ESMTP id SAA19899 for ; Sun, 6 Apr 1997 18:50:12 +0800 (HKT) Message-Id: <199704061050.SAA19899@sirius.hkstar.com> From: "Gary Hui" To: Subject: problems in linux Date: Sun, 6 Apr 1997 18:54:39 +0800 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=BIG5 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My linux is called " red hat linux " ...is it popular ? what is the differences of it and the others linux ? The red hat linux consist of 6-cd , i only use my disk1 to install the basic components of my system ....what is the file in other disks ?? I have a problems on setup my linux system.... Can i setup a bbs by using a linux ? I can't use my "mouse" stable in my Xwindows...How can i set it ? my mouse is a called " mouse system mouse " in windows 95. How can i setup my internet connection in my linux ( in text mode not X-windows)? after i use ppp to connect the internet...can other people login my sysetm through internet ? ( the ip is different every time ) I am 18 years old, some people said that is very difficult for me to setup a linux or use it ,is this really ? have any people younger than me using linux ? If you have problems. i willing solve it for you.(although it is impossible.) Thanks!! Please answer me by this mailbox : yonnie00@hkstar.com Thanks!! From owner-firewalls-outgoing Sun Apr 6 04:49:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id EAA20333 for firewalls-outgoing; Sun, 6 Apr 1997 04:33:34 -0700 (PDT) Received: from pdx1.world.net (pdx1.world.net [192.243.32.18]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id EAA20307 for ; Sun, 6 Apr 1997 04:33:24 -0700 (PDT) Received: from suburbia.net (suburbia.net [203.4.184.1]) by pdx1.world.net (8.7.5/8.7.3) with SMTP id EAA01369 for ; Sun, 6 Apr 1997 04:34:33 -0700 (PDT) Received: (qmail 4750 invoked by uid 110); 6 Apr 1997 11:31:38 -0000 MBOX-Line: From best-of-security-request@suburbia.net Sun Apr 6 21:30:09 1997 remote from suburbia.net Received: (from list@localhost) by suburbia.net (8.8.4/8.8.4) id VAA04726 for proff@suburbia.net; Sun, 6 Apr 1997 21:30:09 +1000 (EST) Received: (qmail 4715 invoked from network); 6 Apr 1997 11:30:06 -0000 Received: from plum.cyber.com.au (203.7.155.24) by suburbia.net with SMTP; 6 Apr 1997 11:30:06 -0000 Received: (from darrenr@localhost) by plum.cyber.com.au (8.6.12/8.6.6) id VAA28550 for best-of-security@suburbia.net; Sun, 6 Apr 1997 21:30:01 +1000 From: Darren Reed Message-Id: <199704061130.VAA28550@plum.cyber.com.au> Subject: ActiveX formats your HD To: best-of-security@suburbia.net Date: Sun, 6 Apr 1997 21:30:00 +1000 (EST) X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk An excert taken from some notes from the JavaOne conference, recently held in the USA.... [...] > > Highlighting with humor his point about security, McNealy offered up the following equation: ActiveX = > Java + porting + memory loss + viruses. He then dedicated some of his keynote time to running a demo put > together by Fred McLean, who created a Web page championing the shortcomings of ActiveX. > > The demo drops from Windows to DOS and types on the command line, formats a floppy disk, uses > system search capabilities to find Quicken financial files and uses the system calculator to determine that > person's net worth. The demo then launches TurboTax and started propagating information into the tax > forms, which can be filed electronically. > > McLean also wrote Internet "Exploder" for his Web page, which he showed using ActiveX to shut down > the user's computer system, provided it was Windows running on an Intel chip. > > From owner-firewalls-outgoing Sun Apr 6 06:04:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA26611 for firewalls-outgoing; Sun, 6 Apr 1997 05:55:04 -0700 (PDT) Received: from wizard.abirnet.co.il (wizard.abirnet.co.il [194.90.211.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA26598 for ; Sun, 6 Apr 1997 05:54:57 -0700 (PDT) Received: from ziv.abirnet.co.il (z1.abirnet.co.il [194.90.211.21]) by wizard.abirnet.co.il (8.7.6/8.7.3) with SMTP id PAA21568; Sun, 6 Apr 1997 15:53:44 +0300 Date: Sun, 6 Apr 97 15:56:10 From: Ziv Dascalu Subject: RE: statistic of Network incidents To: firewalls@GreatCircle.COM, Duan Zhenhai X-PRIORITY: 3 (Normal) X-Mailer: Chameleon 5.0, TCP/IP for Windows, NetManage Inc. Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk --- On Fri, 4 Apr 1997 18:31:17 +0800 (GMT+0800) Duan Zhenhai wrote: >Hello, Everyone, > > I want to know some statistic of the Internet security incidents, > such as there are how many security incidents every year, where > can I find them? > > Thank you in advance! > IDC is putting this every year. /Ziv /~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\ | A B I R N E T Active Network Protection http://www.AbirNet.com | \~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~/ From owner-firewalls-outgoing Sun Apr 6 06:49:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA28718 for firewalls-outgoing; Sun, 6 Apr 1997 06:33:41 -0700 (PDT) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA28711 for ; Sun, 6 Apr 1997 06:33:34 -0700 (PDT) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.8.5/8.6.5) with SMTP id JAA13611; Sun, 6 Apr 1997 09:32:08 -0400 (EDT) Message-Id: <199704061332.JAA13611@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@GreatCircle.COM Date: Sun, 6 Apr 1997 09:35:23 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Rather odd mail Reply-to: mjr@clark.net CC: sjohnson@weasel.owl.de, smaha@haystack.com X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Obviously my previous mail must have irritated "Stuart" enough that he decided I was due a bit of smearing of my own. I'll avoid engaging in debate about my own business ethics, since nobody can be unbiassed about themself! But I'd like to attempt to correct some of what appears to be a deliberate attempt at disinformation. Stuart's tactic seems to be one of "Have you stopped beating your wife yet?" [BTW, anyone who knows my wife would never ask such a question!] It's difficult to know how to handle it, since rising to the bait with a response simply leaves room for more obfuscation. Not responding just leaves the smear job in place. Perhaps what's happening is that someone is trying to give us a little demonstration in "information warfare." :) Stuart Johnson writes: > As regard to the Haystack information, my message was not intended >to be "tabloid". No, it wasn't tabloid. Look in a dictionary under "Innuendo." That is probably a better word. > With the enquiry about Haystack and Wheelgroup, I received some > email from Marcus Ranum. I should mention that the mail you recieved was basically the same thing as I posted here: That Steve is still at Haystack, and that you should try using a telephone if you *really* wanted to get hold of him. > He > is someone I have respected from many of his posts. But his email has suprised me and > I have had some doubts about whether he was objectively replying or only trying to sell > some new product he is building and denigrate the choices that I am reviewing. My email, and my posting to this list, in no way shape or form denigrated anyone, and you know it. How *DARE* you imply that I am denigrating someone, when *YOU* are the one posting half-baked mumbo-jumbo about someone being fired by his board of directors, etc!!! Excuse me, but isn't that backwards? Steve Smaha is someone I respect a great deal, as a person and as a businessman. I also know the folks at Wheelgroup and have always gotten along well with them. But what puzzles me is how you'd jump from my suggesting you call Smaha on a telephone to saying something derogative about anyone's product! > I also received email's from others suggesting Marcus' new company >as an alternative That's interesting. Marcus' new company doesn't build anything that is an alternative to what Haystack or Wheelgroup offers. I'm doing something else. > but from those messages it is clear he has decided to get out of >V-One I am still Chief Scientist at V-One, and am still highly involved in helping run things there. I'm also trying to have a little fun by doing my own thing. V-One and the rest of my investors thought that I had some ideas worth pursuing (so do I!) and support me in doing so. If you want more information about V-One and my relationship with the company, don't ask leading questions on a public mailing list, call V-One's investor relations folks at 301-838-8900, and get the details from them. Or give me a call at 410-889-8569 and we can discuss it rather than having you have to rely on vague "emails" from "various people." > I kind of question what kind of business man Marcus is based on > what I had overheard at a conference where a small group of people > talking, including one of the speakers for NCSA (I believe Dr. > Tippett) ... You're welcome to question what kind of business man I am, and you're welcome to do that in public -- that's certainly your right. Perhaps you'll get more vague "emails" from "various people" saying I'm a nutcase and a dirtbag and no doubt we'll hear ALL about it. With respect to my involvement with NCSA, that was not a business relationship. I worked entirely pro bono and never took a cent from NCSA. I attended one of their meetings (on firewall "certification") and contributed the firewall product summaries format which they are using today. Since I feel firewall testing and certification is difficult to get right, at that point I ceased being involved with that effort. Of course, every story has 2 sides to it. People who are willing to assume I am a dirty businessman because of some "small group of people talking at a conference" can't be helped. > The second concern about the integrity of Marcus' company > is the fact that the Founder and CEO of a competing monitoring > company (Steve Smaha of Haystack) is on his board Yes, I am thrilled to death that Steve is on my board!! Indeed, one of the reasons I invited him to sit on my company's board of directors was because I admire his business sense, his ethics, and appreciate his wise advice. (Characteristics that are directly in contrast with your earlier breathless mail about what a nutcase "an insider" says he is) Of course, Steve wouldn't be on the board of directors of a competitor. That's another way of saying that I don't believe that Haystack and Network Flight Recorder, Inc. (My company) are competitors. You apparently think otherwise, but I'd like to think that since I'm CEO of the company I know a bit more about what we're building than you do. :) > I am not just looking for good technology, I want to do business > with people with integrity. Would *YOU* know a person with integrity if you were looking at one? I doubt it. You've clearly got some kind of axe to grind and you're hiding behind the sham of "I'm just wondering...." I don't know what I did to piss you off -- I tend to be a bit too outspoken for my own good sometimes -- but your technique of using a mailing list as a vehicle for a shadow skirmish is unsavory and will eventually annoy the readership of the list. Rather than continuing this cowardly tactic, if you really want to learn anything about me or my doings, pick up a telephone. mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From owner-firewalls-outgoing Sun Apr 6 07:50:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA03432 for firewalls-outgoing; Sun, 6 Apr 1997 07:35:26 -0700 (PDT) Received: from news.acrux.net (pluto.acrux.net [207.51.199.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA03423 for ; Sun, 6 Apr 1997 07:35:22 -0700 (PDT) Received: from pluto (pluto [207.51.199.3]) by news.acrux.net (8.8.5/8.8.5) with SMTP id JAA04045; Sun, 6 Apr 1997 09:32:37 -0500 (CDT) Date: Sun, 6 Apr 1997 09:32:37 -0500 (CDT) From: Brian Tackett X-Sender: cym@pluto To: Stuart Johnson cc: firewalls@GreatCircle.COM Subject: Re: Monitoring Info In-Reply-To: <19970406005113.1036.qmail@squirrel.owl.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On 6 Apr 1997, Stuart Johnson wrote: Stuart et al; This really isn't, IMO, appropriate to this mailing list. Would it be possible to take the thread private, or perhaps to a list or forum more suited? The S/N ration on this list is already high enough without throwing in the politics and perceived manuevering of the entire security industry :) From owner-firewalls-outgoing Sun Apr 6 08:34:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA05774 for firewalls-outgoing; Sun, 6 Apr 1997 08:20:58 -0700 (PDT) Received: from relay.hq.tis.com (relay.hq.tis.com [192.94.214.100]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA05756 for ; Sun, 6 Apr 1997 08:20:52 -0700 (PDT) Received: by relay.hq.tis.com; id LAA29218; Sun, 6 Apr 1997 11:15:44 -0400 (EDT) Received: from clipper.hq.tis.com(10.33.1.2) by relay.hq.tis.com via smap (3.2) id xma029212; Sun, 6 Apr 97 11:15:37 -0400 Received: (from jcp@localhost) by clipper.hq.tis.com (8.7.5/8.7.3) id LAA18248; Sun, 6 Apr 1997 11:19:14 -0400 (EDT) From: Jody C Patilla Message-Id: <199704061519.LAA18248@clipper.hq.tis.com> Subject: Re: Monitoring Info To: sjohnson@weasel.owl.de (Stuart Johnson) Date: Sun, 6 Apr 1997 11:19:13 -0400 (EDT) Cc: firewalls@greatcircle.com In-Reply-To: <19970406005113.1036.qmail@squirrel.owl.de> from "Stuart Johnson" at Apr 6, 97 00:51:13 am X-Mailer: ELM [version 2.4 PL25] Content-Type: text Sender: firewalls-owner@GreatCircle.COM Precedence: bulk [Stuart Johnson's load of garbage deleted - it doesn't bear repeating.] One has to wonder what wacko personal vendetta Mr. Johnson is pursuing with his campaign of innuendo, slander and character assassination. I don't for a minute believe that he is "just looking for information" - spreading ugly disinformation would appear to be more accurate. However, accuracy doesn't seem to be one of Mr. Johnson's strong points. No matter what his motivation, posting of this type don't belong in the firewalls mailing list. GO away - you clearly have no useful contribution to make here. - jcp -- ========================================================================= Jody C. Patilla jcp@tis.com Trusted Information Systems Glenwood, Md. From owner-firewalls-outgoing Sun Apr 6 09:04:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA08873 for firewalls-outgoing; Sun, 6 Apr 1997 09:02:10 -0700 (PDT) Received: from mercury.newyorkview.com (mercury.newyorkview.com [206.152.156.38]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA08866 for ; Sun, 6 Apr 1997 09:02:04 -0700 (PDT) Received: (qmail 10415 invoked by uid 140); 6 Apr 1997 17:43:10 -0000 Date: Sun, 6 Apr 1997 13:43:10 -0400 (EDT) From: Jamshid Abedi To: Bill_Royds@pch.gc.ca cc: Firewalls@greatcircle.com Subject: Re: Individual chroot for ftp users. In-Reply-To: <85256471.0019249F.00@pch.gc.ca> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Use Wu-ftp with the guest option. Jamshid Abedi / jabedi@newyorkview.com http://titanium.newyorkview.com/~jabedi/pgp.html KeyID 1024/D17B7269 On Sat, 5 Apr 1997 Bill_Royds@pch.gc.ca wrote: > > > > > Does anybody have a program or system to set up an allow one to set up > multiple ftp accounts on Solaris 2.5 so that each one is chrooted to thier > own directory? I will have multiple ftp users on a depository machine, > that should not have anonymous ftp but still stop an ftp user getting out > of her own sandbix. > > > From owner-firewalls-outgoing Sun Apr 6 09:19:27 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA09186 for firewalls-outgoing; Sun, 6 Apr 1997 09:05:17 -0700 (PDT) Received: from uno.canit.se (uno.canit.se [193.13.228.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA09142 for ; Sun, 6 Apr 1997 09:05:02 -0700 (PDT) Received: from localhost (brink@localhost) by uno.canit.se (8.6.10/8.6.10) with SMTP id SAA00349; Sun, 6 Apr 1997 18:03:50 +0200 Date: Sun, 6 Apr 1997 18:03:50 +0200 (MET DST) From: Carl Daniel Brink X-Sender: brink@uno To: Gary Hui cc: Firewalls@GreatCircle.COM Subject: Re: problems in linux In-Reply-To: <199704061050.SAA19899@sirius.hkstar.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Sun, 6 Apr 1997, Gary Hui wrote: > My linux is called " red hat linux " ...is it popular ? what is the > differences of it and the others linux ? > The red hat linux consist of 6-cd , i only use my disk1 to install the > basic components of my system ....what is the file in other disks ?? > I have a problems on setup my linux system.... > Can i setup a bbs by using a linux ? > I can't use my "mouse" stable in my Xwindows...How can i set it ? my mouse > is a called " mouse system mouse " in windows 95. > How can i setup my internet connection in my linux ( in text mode not > X-windows)? > after i use ppp to connect the internet...can other people login my sysetm > through internet ? ( the ip is different every time ) > I am 18 years old, some people said that is very difficult for me to setup > a linux or use it ,is this really ? have any people younger than me using > linux ? > > If you have problems. i willing solve it for you.(although it is > impossible.) Thanks!! > > Please answer me by this mailbox : yonnie00@hkstar.com > Thanks!! > > > > > Hey! I use Red Hat 4.1. And you only use the first CD to install the system. But the others contain sources and extra packages that you can install. As you was wondering about...you can make it a BBS, and ppl can login to your machine. But they would need an account.You will have to give them your IP address so they can connect to your system. If you need to connect to internet through PPP then you can do that too. Use chat and a few scripts. And pppd. You will have to bind your modem to /dev/modem(or another device name you want to use). If you want to learn more then goto http://www.linux.org or http://www.redhat.com Cenobyte From owner-firewalls-outgoing Sun Apr 6 12:19:26 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA21191 for firewalls-outgoing; Sun, 6 Apr 1997 12:04:10 -0700 (PDT) Received: from xyzzy.plugh.edmonton.ab.ca (xyzzy.plugh.edmonton.ab.ca [198.161.22.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA21177 for ; Sun, 6 Apr 1997 12:04:04 -0700 (PDT) Received: (from uucp@localhost) by xyzzy.plugh.edmonton.ab.ca (8.6.12/8.6.9) id NAA10235; Sun, 6 Apr 1997 13:02:15 -0600 Received: from snouts-gw.obtuse.com(192.168.30.61), claiming to be "snouts.obtuse.com" via SMTP by mailhost.plugh.edmonton.ab.ca, id smtpd10233aaa; Sun Apr 6 13:02:10 1997 Received: (from uucp@localhost) by snouts.obtuse.com (8.7.5/8.7.3) id NAA17848; Sun, 6 Apr 1997 13:02:29 -0600 From: Bob Beck Received: from UNKNOWN(192.168.20.5), claiming to be "chocolate.obtuse.com" via SMTP by snouts.obtuse.com, id smtpd17846aaa; Sun Apr 6 13:02:23 1997 Received: (from beck@localhost) by chocolate.obtuse.com (8.7.5/8.7.3) id NAA02037; Sun, 6 Apr 1997 13:03:36 -0600 Message-Id: <199704061903.NAA02037@chocolate.obtuse.com> Subject: Re: ISR To: stesin@gu.net Date: Sun, 6 Apr 1997 13:03:35 -0600 (MDT) Cc: gerard@ozemail.com.au, firewalls@GreatCircle.COM In-Reply-To: from "Andrew Stesin" at Apr 4, 97 07:31:04 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk However you should read their little conditions of use where it says you can't reproduce or retransimit materiel from the site on the web in any way. Gee, I hope you're not behind a cacheing proxy. In any case the fine print looked a bit on the silly side all things considered, that and I have to ask why in the heck they bother with a password/id setup if they're giving it away for free, unless it's actually an exercise in seeing how well security people can be social engineered ;-) -Bob > > > Hi Gerard, > > despite of the thingies you noticed, I'll probably subscribe. > (Neither of the pieces you noticed are so much protected and/or classified, > anyway :) Though you are right -- and they (ISR) aren't. > > On Fri, 4 Apr 1997, Gerard A. Joseph wrote: > > > Date: Fri, 04 Apr 1997 17:38:31 -0800 > > From: "Gerard A. Joseph" > > To: firewalls@GreatCircle.COM > > Subject: Re: ISR > > > > The site looks interesting, but it seems anomalous for a > > security-oriented site to ask for such details as name, email address, > > physical address, and password to be transmitted in the clear over the > > Internet. > > > > Gerard > > > > Network Operations Center wrote: > > > > > > f.y.i. > > > > > > Internet Security Review is now accepting > > > subscriptions (free) at http://www.isr.net > > > The journal appears monthly. > > > > > > regards > > > > > > Bert > > > > Best regards, > Andrew Stesin > > nic-hdl: ST73-RIPE > > > From owner-firewalls-outgoing Sun Apr 6 13:04:31 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA23659 for firewalls-outgoing; Sun, 6 Apr 1997 12:53:43 -0700 (PDT) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA23633 for ; Sun, 6 Apr 1997 12:53:35 -0700 (PDT) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id PAA11323 for ; Sun, 6 Apr 1997 15:52:27 -0400 (EDT) Received: by zandar.judge.org with Microsoft Mail id <01BC42A1.F9F6CC00@zandar.judge.org>; Sun, 6 Apr 1997 15:48:31 -0400 Message-ID: <01BC42A1.F9F6CC00@zandar.judge.org> From: Joseph Judge To: "'Firewalls Mailing List'" Subject: Gauntlet / SmartWall source :-( Date: Sun, 6 Apr 1997 15:48:29 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk With the release of the Solaris versions of Gauntlet and SmartWall, the ability of buying the source code has disappeared. How has this affected anyone in the firewalls arena? Does anyone else muck with the source code like I do ? or do most folks just use the: - firewall toolkit to just compile - the Gauntlet just to install - the SmartWall just to install ?? -- -joe From owner-firewalls-outgoing Sun Apr 6 13:19:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA23977 for firewalls-outgoing; Sun, 6 Apr 1997 12:59:03 -0700 (PDT) Received: from mail.clark.net (mail.clark.net [168.143.0.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA23970 for ; Sun, 6 Apr 1997 12:58:57 -0700 (PDT) Received: from mjr.clark.net (mjr.clark.net [168.143.19.61]) by mail.clark.net (8.8.5/8.6.5) with SMTP id PAA21029 for ; Sun, 6 Apr 1997 15:57:35 -0400 (EDT) Message-Id: <199704061957.PAA21029@mail.clark.net> Comments: Authenticated sender is From: "Marcus J. Ranum" Organization: V-ONE Corp Baltimore office To: firewalls@GreatCircle.COM Date: Sun, 6 Apr 1997 16:00:50 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: combo internal/external web servers Reply-to: mjr@clark.net X-mailer: Pegasus Mail for Win32 (v2.42a) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > Some have suggested using either a zip drive (with the write protect > tab notched) or a writeable cdrom, but i don't think these methords are > practical, aside from the fact that zip and cdrom drives are slower. > These things are what i call 'making work', they make you, the admin, > do things like burn cds, change cds, remount it. You'll find that once the buffer cache gets loaded, the lower speed of the CDROM is not a performance issue unless you're shoving huge amounts of non-related data out your Web pipe. Also, consider something like a Jaz drive, which can perform pretty quickly, about comparable to an older generation hard disk. I know one site that has a shell job migrate the contents of a Zip disk onto a hard disk and periodically check to make sure that the hard disk copy hasn't been altered. There is the "extra work" issue but I kind of like the idea of being able to instantly revert to a previous copy of my web site on a moment's notice, by just popping in yesterday's disk and remounting it. The big question is how often your web site changes -- if it's constantly under update then just about no readonly media solution will work over time. A lot of it depends on how likely you think you are to come under a "web site redesign attack" mjr. ----- Marcus J. Ranum, Chief Scientist, V-ONE Corporation Work: http://www.v-one.com Personal: http://www.clark.net/pub/mjr From owner-firewalls-outgoing Sun Apr 6 13:34:37 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA25823 for firewalls-outgoing; Sun, 6 Apr 1997 13:30:21 -0700 (PDT) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA25789 for ; Sun, 6 Apr 1997 13:29:24 -0700 (PDT) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55619-1>; Sun, 6 Apr 1997 21:26:54 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Sun, 06 Apr 1997 22:27:57 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id XAA01324; Sun, 6 Apr 1997 23:29:49 +0200 Date: Sun, 6 Apr 1997 22:29:48 +0100 From: "Magossa'nyi A'rpa'd" To: "Sameer R. Manek" CC: Kathy Kost , firewalls@GreatCircle.COM Subject: Re: combo internal/external web servers In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Sun, 6 Apr 1997, Sameer R. Manek wrote: I would use scp to periodically copy the webpages out to the web server. Then you don't have connections initiated from outside te firewall. And it desn't involves writing CDs periodically, just setting up a cronjob once. Isn't nfs considered harmful anyway? > One idea I really like, though i haven't had the opportunity to try it > out. This combination involves 2 boxes in addition to your firewall.=20 > Since running a web server on a firewall isn't considered a wise idea in > general.=20 >=20 > Basicly what you do is having two boxes, a web server and a file server. > the web server mounts nfs mounts read only /webserver/htdocs from > the file server. The web server's only service is httpd, and maybe ftpd > which isn't very cpu intensive, so a low end pentium and *bsd or linux > will do. --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Sun Apr 6 14:35:17 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA02677 for firewalls-outgoing; Sun, 6 Apr 1997 14:19:50 -0700 (PDT) Received: from endeavor.flash.net (endeavor.flash.net [208.194.223.40]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA02660 for ; Sun, 6 Apr 1997 14:19:43 -0700 (PDT) Received: from pepsicos (dasc7-83.flash.net [208.194.218.83]) by endeavor.flash.net (8.8.5/8.8.5) with SMTP id QAA03288; Sun, 6 Apr 1997 16:14:46 -0500 (CDT) Message-ID: <334814D6.3179@flash.net> Date: Sun, 06 Apr 1997 16:25:42 -0500 From: Srinivas Nagabhirava Reply-To: srini@flash.net Organization: NEATU X-Mailer: Mozilla 3.0C-E-KIT (Win95; I) MIME-Version: 1.0 To: yoram@abirnet.com CC: firewalls@GreatCircle.COM Subject: Re: Internet Manager References: <9701148559.AA855956338@ccmail.framatech.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk yoram@abirnet.com wrote: > > Please check SessionWall from AbirNet on our web site www.abirnet.com > Yoram Nissenboim > AbirNet > --- On Fri, 14 Feb 97 11:41:12 EST Jamie_T_Brooks@framatech.com wrote: > Hi Everyone! > > I am in search of a product that will track Internet Access, Usage > monitoring, and generate reports. > > I am using a Gauntlet 3.2 (TIS) firewall running on BSD/OS. > > Anyone who can recommend a product from EXPERIENCE, I would appreciate > hearing from you. > > > Thanks in Advance :-) > > > Jamie > > ---------------End of Original Message----------------- > > ******************************************************** > Yoram Nissenboim > AbirNet - Active Network Protection > Date: 02/16/97 Time: 11:03:01 > > AbirNet provides the next generation in firewalls and > Internet and Intranet intrusion and abuse protection. > AbirNet provides Windows 95 and NT-based software that > provides no-overhead see-it-all filtering, blocking, > alerting, logging, and scanning. > Ask about SessionWall and SessionView (800)245-1688. > Get a free evaluation copy at http://www.abirnet.com > ******************************************************** Do you really want to push your luck advertising your product everyday on this newsgroup? As someone pointed out earlier, please try to add value to the list of just read silently and learn. Srini. From owner-firewalls-outgoing Sun Apr 6 15:04:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA04764 for firewalls-outgoing; Sun, 6 Apr 1997 14:59:17 -0700 (PDT) Received: from ups.com (xavier.ups.com [198.80.14.117]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id OAA04727 for ; Sun, 6 Apr 1997 14:59:03 -0700 (PDT) Received: from is.ups.com by ups.com (SMI-8.6/SMI-SVR4) id RAA01199; Sun, 6 Apr 1997 17:57:59 -0400 Received: from butthead.ups.com by is.ups.com (5.x/SMI-SVR4) id AA22255; Sun, 6 Apr 1997 17:57:45 -0400 Received: from localhost by butthead.ups.com (SMI-8.6/SMI-SVR4) id RAA11072; Sun, 6 Apr 1997 17:58:13 -0400 Date: Sun, 6 Apr 1997 17:58:12 -0400 (EDT) From: Dave Wreski X-Sender: tel1dvw@butthead To: Gary Hui Cc: Firewalls@GreatCircle.COM Subject: Re: problems in linux In-Reply-To: <199704061050.SAA19899@sirius.hkstar.com> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Sorry, don't know the policies for responding to off-topic mail. To the list, or to the user? On Sun, 6 Apr 1997, Gary Hui wrote: > My linux is called " red hat linux " ...is it popular ? what is the You got lucky on your first shot. This is my favorite. Check out www.redhat.com for a list of its features. > If you have problems. i willing solve it for you.(although it is > impossible.) Thanks!! Gary, I'm wondering what your message has to do with firewalls. I have seen off-topic posts, but this isn't even a linux list! > Please answer me by this mailbox : yonnie00@hkstar.com Mail a message to redhat-list-request@redhat.com, and put 'subscribe' in the body. You can post redhat linux related questions to this list (redhat-list@redhat.com) once you have subscribed. Dave From owner-firewalls-outgoing Sun Apr 6 15:59:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA08490 for firewalls-outgoing; Sun, 6 Apr 1997 15:45:46 -0700 (PDT) Received: from gw.research.megasoft.com (gw.research.megasoft.com [206.230.35.93]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA08481 for ; Sun, 6 Apr 1997 15:45:37 -0700 (PDT) Received: (from uucp@localhost) by gw.research.megasoft.com (8.7.5/8.7.3-cmcurtin) id SAA06262; Sun, 6 Apr 1997 18:43:11 -0400 (EDT) Received: from goffette.research.megasoft.com(192.168.1.2) by gw.research.megasoft.com via smap (V2.0) id xma006254; Sun, 6 Apr 97 18:42:49 -0400 Received: (from cmcurtin@localhost) by goffette.research.megasoft.com (8.8.5/8.8.5) id SAA21690; Sun, 6 Apr 1997 18:43:25 -0400 (EDT) Date: Sun, 6 Apr 1997 18:43:25 -0400 (EDT) Message-Id: <199704062243.SAA21690@goffette.research.megasoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit From: C Matthew Curtin To: Joseph Judge Cc: "'Firewalls Mailing List'" Subject: Re: Gauntlet / SmartWall source :-( In-Reply-To: <01BC42A1.F9F6CC00@zandar.judge.org> References: <01BC42A1.F9F6CC00@zandar.judge.org> X-Mailer: VM 6.22 under 19.15 XEmacs Lucid X-Face: "&>g(&eGr?u^F:nFihL%BsyS1[tCqG7}I2rGk4{aKJ5I_5A\*6RYn4"N.`1pPF9LO!Fa<(gj:12)?=uP2l01e10Gij"7j&-)torL^iBrNf\s7PDLm=rf[PjxtSbZ{J(@@j"q2/iV9^Mx>>>> "Joe" == Joseph Judge writes: Joe> With the release of the Solaris versions of Gauntlet and Joe> SmartWall, the ability of buying the source code has disappeared. As some black-hat folks I know might say: "Th4+ $uX0rz" Joe> Does anyone else muck with the source code like I do ? I do... For internal stuff here, I like to use bits of FWTK for various jobs. Some tools are heavily hacked, some are just compiled as-is, and most are somewhere in the middle. In consulting situations, I typically recommend Gauntlet if someone wants to "buy a firewall," or need something like that for a bastion host. I've never known anyone with Gauntlet (besides me) to hack at the code. In reality, I suspect that this is just a sign of the firewalling times. Firewalls are becoming commodity items. People don't typically screw around with their household appliances and other commodity-type things. Firewalls are headed in the same direction, and I think that's only going to continue as many IS organizations continue to want to hire button-pusher types, and buy things that claim to bring their systems to that level. Whether this is a Good Thing, a Bad Thing, or some combination thereof (I vote for the latter, myself) isn't really relevant; it's what's happening. As a result, the here-are-some-tools-build-it-yourself approach will probably continue to be used in places where it has been done alreday, and almost all new installations will be of the simple-enough-for-a-button-pusher type. -- Matt Curtin Chief Scientist Megasoft, Inc. cmcurtin@research.megasoft.com http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself Death to small keys. Crack DES NOW! http://www.frii.com/~rcv/deschall.htm From owner-firewalls-outgoing Sun Apr 6 16:19:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA10107 for firewalls-outgoing; Sun, 6 Apr 1997 16:07:16 -0700 (PDT) Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.130]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id QAA10078 for ; Sun, 6 Apr 1997 16:07:05 -0700 (PDT) Received: by inet03.citec.qld.gov.au; id JAA19225; Mon, 7 Apr 1997 09:05:59 +1000 Received: from guru.citec.qld.gov.au(147.132.20.47) by inet03.citec.qld.gov.au via smap (3.2) id xma019191; Mon, 7 Apr 97 09:05:26 +1000 Received: (from sgcccdc@localhost) by guru.citec.qld.gov.au (8.6.12/8.6.12) id JAA18088; Mon, 7 Apr 1997 09:06:54 +1000 From: Colin Campbell Message-Id: <199704062306.JAA18088@guru.citec.qld.gov.au> Subject: Re: Gauntlet / SmartWall source :-( To: joej@joesmac.ultranet.com (Joseph Judge) Date: Mon, 7 Apr 1997 09:06:52 +1000 (EST) Cc: firewalls@greatcircle.com In-Reply-To: <01BC42A1.F9F6CC00@zandar.judge.org> from "Joseph Judge" at Apr 6, 97 03:48:29 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk My mailer thinks Joseph Judge said: > > > > With the release of the Solaris versions of > Gauntlet and SmartWall, the ability of > buying the source code has disappeared. Not true. It is around US$495. The annoying this for me was having this applied retrospectively. We ordered at the time the Solaris version was being released. When we finally got it, we found no source and our reseller, at that time renegotiating with TIS, didn't know the source wasn't available. If we'd know the source was going to cost more, we would have allowed for it. Now I have to go to get some more cash from people who've just spent heaps, because the vendor changed their policy and the product they thought they were getting is different to what the vendor actually sold. > > How has this affected anyone in the firewalls > arena? Pain in the arse, not having it. Afterall it's the only piece of documentation that is accurate complete The man pages and manuals, just aren't. Now we're stuck with "I don't know exactly how it works, let's try this" until "it" works. Experimenting on a firewall? Sounds stupid to me. But that's what we users have been reduced to. Colin From owner-firewalls-outgoing Sun Apr 6 19:05:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA21821 for firewalls-outgoing; Sun, 6 Apr 1997 18:57:14 -0700 (PDT) Received: from nova.unix.portal.com (nova.unix.portal.com [156.151.1.101]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id SAA21809 for ; Sun, 6 Apr 1997 18:57:09 -0700 (PDT) Received: from demon.corp.portal.com (demon.corp.portal.com [156.151.1.10]) by nova.unix.portal.com (8.6.11/8.6.5) with ESMTP id SAA24976 for ; Sun, 6 Apr 1997 18:53:38 -0700 Received: from pinpc30.corp.portal.com (pinpc30.corp.portal.com [156.151.1.129]) by demon.corp.portal.com (8.6.11/8.6.5) with SMTP id SAA20619 for ; Sun, 6 Apr 1997 18:53:37 -0700 Received: by pinpc30.corp.portal.com with Microsoft Mail id <01BC42BB.4E390AD0@pinpc30.corp.portal.com>; Sun, 6 Apr 1997 18:49:49 -0700 Message-ID: <01BC42BB.4E390AD0@pinpc30.corp.portal.com> From: Dana Bourgeois To: "firewalls@GreatCircle.COM" Subject: RE: combo internal/external web servers Date: Sun, 6 Apr 1997 18:57:46 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk -----Original Message----- From: Sameer R. Manek [SMTP:manek@challenger.atc.fhda.edu] Sent: Saturday, April 05, 1997 18:31 To: Kathy Kost Cc: firewalls@GreatCircle.COM Subject: Re: combo internal/external web servers One idea I really like, though i haven't had the opportunity to try it out. This combination involves 2 boxes in addition to your firewall.=20 Since running a web server on a firewall isn't considered a wise idea in general.=20 Basicly what you do is having two boxes, a web server and a file server. the web server mounts nfs mounts read only /webserver/htdocs from the file server. The web server's only service is httpd, and maybe ftpd which isn't very cpu intensive, so a low end pentium and *bsd or linux will do. [fg=3D> ] Hmmmm....I wouldn't think running an NFSD in your DMZ is a = good idea either. But perhaps Linux NFSDs are not susceptible to attack = like SUNOS or Solaris ones are... In addition because the webserver doesnt have the pages you don't have to give accounts to folks who may not do security concious things, such as the web page development groups. They can have accounts on machines less visible to the public. So you can close of network logins=20 or run sshd. [fg=3D> ] I would instead run the web server and wu-ftp on the same = machine. No telnet or ucb utilities available. No mail or DNS either. = People would ftp into the machine and upload their content to their own = directories which the web server could read. If you use an OS that has = virtual interfaces like Solaris (I don't know if LInux can do this) then = you can have the web server basically set it's root location to the = user's ftp directory and the users cannot expose anything outside their = login directory. =20 Some have suggested using either a zip drive (with the write protect tab notched) or a writeable cdrom, but i don't think these methords are=20 practical, aside from the fact that zip and cdrom drives are slower.=20 These things are what i call 'making work', they make you, the admin, do things like burn cds, change cds, remount it.=20 [fg=3D> ] No reason you can't put your OS and web setup on a physically = write-protected disk. Your users might make daily changes but your host = setup probably wouldn't need that. I've changed our web server (a SUN = but the principle is the same) twice in the last year although the web = people make almost daily changes to the web content. My opinion is that the admin is respondsible for maintaining the = service, which is time consuming enough, not to create more work. If you put the=20 responsiblity of maintaining the pages, putting them on the server, etc as close to the people who write the pages as possible that is a good thing. Making the system secure and ensuring ease use is our respondsiblity. Your dedicated web page file server can even run something like net-a-talk or samba so they can author the pages directly from the NT/95 or Mac workstations.=20 [fg=3D> ] I wouldn't consider NFS except on a trusted network. Never = forget the NFSD accepts commands to add and remove files and = directories. If you can spoof one, you can do that to all files except = probably those owned by root since NFS treats root as special. =20 From owner-firewalls-outgoing Sun Apr 6 19:34:22 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA23165 for firewalls-outgoing; Sun, 6 Apr 1997 19:32:13 -0700 (PDT) Received: from cinna.ultra.net (cinna.ultra.net [199.232.56.8]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id TAA23150 for ; Sun, 6 Apr 1997 19:32:04 -0700 (PDT) Received: from zandar.judge.org (firewall-user@joesmac.ultranet.com [199.232.59.222]) by cinna.ultra.net (8.8.5/ult1.04) with SMTP id WAA20856; Sun, 6 Apr 1997 22:29:40 -0400 (EDT) Received: by zandar.judge.org with Microsoft Mail id <01BC42D9.74C168A0@zandar.judge.org>; Sun, 6 Apr 1997 22:25:39 -0400 Message-ID: <01BC42D9.74C168A0@zandar.judge.org> From: Joseph Judge To: Joseph Judge , "'cmcurtin@research.megasoft.com'" Cc: "'Firewalls Mailing List'" Subject: RE: Gauntlet / SmartWall source :-( Date: Sun, 6 Apr 1997 22:25:37 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk You mean that most folks don't alter their household appliances like I do ? Sheesh! (mumble, mumble, mumble ...) -- -joe cmcurtin@research.megasoft.com wrote ... times. Firewalls are becoming commodity items. People don't typically screw around with their household appliances and other commodity-type things. Firewalls are headed in the same direction, From owner-firewalls-outgoing Sun Apr 6 21:59:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA06112 for firewalls-outgoing; Sun, 6 Apr 1997 20:49:03 -0700 (PDT) Received: from arup.com (ove.arup.com [193.116.20.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id UAA05875 for ; Sun, 6 Apr 1997 20:48:18 -0700 (PDT) Received: by arup.com (4.1/UNIPALM-V1.3mjr@arup.com) id AA03521; Mon, 7 Apr 97 04:47:13 BST Received: from a_csun01.arup.com(69.69.11.1) by ove via smap (V1.3mjr) id sma003513; Mon Apr 7 04:46:36 1997 Received: from (a_csun14) by arupuk (4.1/SMI-4.1) id AA09730; Mon, 7 Apr 97 04:46:35 BST Received: from arup.com by (4.1/SMI-4.1) id AA23861; Mon, 7 Apr 97 04:43:30 BST Received: from comms-Message_Server by arup.com with Novell_GroupWise; Mon, 07 Apr 1997 04:43:29 +0000 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Apr 1997 03:33:41 +0000 From: Scott Fagg To: firewalls@greatcircle.com Subject: POP proxy availabilty Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I am building a firewall for a small commercial network (6 PC's, NT, 95, Win3) I'm basing the solution on Linux running the TIS FWTK (primarily because of cost, but i also feel relatively comfortable with the bits and pieces) As it comes, the fwtk supports http, ftp & telnet sufficiently for my needs. The next hurdle is email. I could use the 'plug' proxy to cover most email situations. My understanding is that you can setup 1-to-1 and many-to-1 relationships with the 'plug' proxy but not 1-to-many (ie one client, many mailboxes) This might be limiting. (At the moment their email is a little messy) Does a POP/SMTP proxy exist that would fit in with the fwtk? Is there a standalone POP/SMTP proxy available in some form? (that would run on linux/unix - source code preferably) or does smap/smapd solve the problem? regards, From owner-firewalls-outgoing Sun Apr 6 23:04:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA21804 for firewalls-outgoing; Sun, 6 Apr 1997 23:00:30 -0700 (PDT) Received: from mercury.fhda.edu (tiptoe.fhda.edu [153.18.8.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA21794 for ; Sun, 6 Apr 1997 23:00:25 -0700 (PDT) Received: from challenger.atc.fhda.edu (manek@challenger.atc.fhda.edu [153.18.200.1]) by mercury.fhda.edu (8.8.3/8.8.3) with ESMTP id WAA01674 for ; Sun, 6 Apr 1997 22:57:26 -0700 (PDT) Received: from localhost (manek@localhost) by challenger.atc.fhda.edu (8.8.0/8.7.3) with SMTP id WAA28786; Sun, 6 Apr 1997 22:53:43 -0700 (PDT) Date: Sun, 6 Apr 1997 22:53:43 -0700 (PDT) From: "Sameer R. Manek" Reply-To: "Sameer R. Manek" To: "Magossa'nyi A'rpa'd" cc: firewalls@GreatCircle.COM Subject: Re: combo internal/external web servers In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Sun, 6 Apr 1997, Magossa'nyi A'rpa'd wrote: > On Sun, 6 Apr 1997, Sameer R. Manek wrote: > > I would use scp to periodically copy the webpages out to the web server. > Then you don't have connections initiated from outside te firewall. And it > desn't involves writing CDs periodically, just setting up a cronjob once. > Isn't nfs considered harmful anyway? an NFS mount could be considered harmfull, but thats why something like the router would block it. My preference towards an nfs Read-only export over something like an scp is that when you do an recursive scp or an tar -cf - . | ssh 'cd webdirectory; tar -xf - ' is that you now have an account that effectively has an .rhosts (the ssh equivlent is a RSAAuthentication with a null password) Since a script would most likely be used to transfer files over via cron. My main reason for doing an nfs export is that if the webserver gets hacked, which has happend to several rather public webservers (DOJ, USAF, just to name a few), this way your web page data is protected. Since page content tend to change more often a server configuration does, backups of the server don't have to done as often. This reduces the possiblity of a hacked server sitting on your server with several trojans for extend periods of time. In the mean time a full backup cycle has gone through, and all backups are trojaned. Also network login ablities on servers that have as much public attention such as a web or ftp servers probably isn't a good thing. I'd rather limit it to console only logins if possible. Hacked webservers tend to be the most embarassing thing for a company, since are so public. Sameer From owner-firewalls-outgoing Sun Apr 6 23:35:49 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA23189 for firewalls-outgoing; Sun, 6 Apr 1997 23:17:41 -0700 (PDT) Received: from firewall.security.is.co.za (gauntlet.tns.co.za [196.23.1.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA23148 for ; Sun, 6 Apr 1997 23:17:30 -0700 (PDT) Received: by firewall.security.is.co.za; id IAA12052; Mon, 7 Apr 1997 08:16:27 +0200 (SAT) Received: from commerce.tns.co.za(10.0.0.8) by firewall.security.is.co.za via smap (3.2) id xma012048; Mon, 7 Apr 97 08:16:09 +0200 Received: from localhost (craig@localhost) by commerce.tns.co.za (940816.SGI.8.6.9/8.6.12) with SMTP id IAA09916; Mon, 7 Apr 1997 08:14:28 +0200 Date: Mon, 7 Apr 1997 08:14:28 +0200 (SAST) From: Craig Schlenter X-Sender: craig@commerce.tns.co.za To: C Matthew Curtin cc: "'Firewalls Mailing List'" Subject: Re: Gauntlet / SmartWall source :-( In-Reply-To: <199704062243.SAA21690@goffette.research.megasoft.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Sun, 6 Apr 1997, C Matthew Curtin wrote: > Joe> Does anyone else muck with the source code like I do ? > > I do... For internal stuff here, I like to use bits of FWTK for > various jobs. Some tools are heavily hacked, some are just compiled > as-is, and most are somewhere in the middle. > > In consulting situations, I typically recommend Gauntlet if someone > wants to "buy a firewall," or need something like that for a bastion > host. I've never known anyone with Gauntlet (besides me) to hack at > the code. [snip] We have hacked quite a bit of the gauntlet code. In fact we offer our clients some quite nice enhancements including: (1) A MS Windows based user (auth) manager (2) Username based HTML reports accessible through info-gw (3) password expiry and one-time use accounts (4) an authenticating NNTP proxy amongst others. I wouldn't recommend a firewall that doesn't come with source - it's just too inflexible. Admittedly it's not entirely trivial to do most of these things but at least with the source, you can if you need to. My understanding of the gauntlet source code scenario btw. was that it would still be available but was not in the package by default as most people don't use it. Cheers, --Craig From owner-firewalls-outgoing Mon Apr 7 00:39:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA29171 for firewalls-outgoing; Mon, 7 Apr 1997 00:21:34 -0700 (PDT) Received: from dtcro002.apogee-com.fr (firewall.apogee-com.fr [194.2.187.130]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id AAA29164 for ; Mon, 7 Apr 1997 00:21:28 -0700 (PDT) Received: by dtcro002.apogee-com.fr; id JAA07182; Mon, 7 Apr 1997 09:30:38 +0200 (MET DST) Received: from dtcxs001.apogee-com.fr(10.129.16.1) by firewall.apogee-com.fr via smap (3.2) id xma007180; Mon, 7 Apr 97 09:30:12 +0200 Received: from DTCNT001 (dtcnt001.apogee-com.fr) by (4.1/SMI-4.1) id AA05732; Mon, 7 Apr 97 09:18:17 +0200 Message-Id: <33489FA9.235A@apogee-com.fr> Date: Mon, 07 Apr 1997 09:18:01 +0200 From: Zwobada Jean-Francois Organization: APOGEE Communications X-Mailer: Mozilla 4.0b2 (WinNT; I) Mime-Version: 1.0 To: kenng@kpmg.com Cc: James Liang , Jean-Francois Zwobada , firewalls-digest@GreatCircle.COM Subject: Re: UDP through Gauntlet? X-Priority: 3 (Normal) References: <0003700B.3365@kpmg.com> Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk kenng@kpmg.com wrote: > > Gauntlet 3.2 supports packet filtering UDP packets. It has their > usual warnings, but it is there. > Bad idea ...real bad idea... The packet filter does not support NAT, does not handle UDP "sessions" like udprelay does, and it does not log anything... If you *really* have to accept UDP through the Gauntlet, use udprelay. Cheers Jean-Francois From owner-firewalls-outgoing Mon Apr 7 01:23:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA01718 for firewalls-outgoing; Mon, 7 Apr 1997 01:03:54 -0700 (PDT) Received: from gst.cgs.it ([194.21.223.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA01676 for ; Mon, 7 Apr 1997 01:03:40 -0700 (PDT) Received: from gst_web (gst_web.gst.cgs.it [194.21.223.183]) by gst.cgs.it (8.7.5/8.7.3) with SMTP id KAA31939 for ; Mon, 7 Apr 1997 10:24:25 +0200 Message-ID: <3348AB73.7BEC@gst.cgs.it> Date: Mon, 07 Apr 1997 10:08:19 +0200 From: Domenico Viggiani Organization: CAP GEMINI X-Mailer: Mozilla 3.01 (WinNT; I) MIME-Version: 1.0 To: firewalls@greatcircle.com Subject: NTP Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, all! This is my first posting in thsi mailing-list. What about the following problem: some machines in the DMZ have to connect with a NTP server in the protected network. Do I need to permit traffic across the firewall, setting simple packet filtering rules? Thank you in advance. Domenico Viggiani (dviggian@gst.cgs.it) CAP GEMINI ITALY SpA From owner-firewalls-outgoing Mon Apr 7 01:41:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA02055 for firewalls-outgoing; Mon, 7 Apr 1997 01:07:55 -0700 (PDT) Received: from gst.cgs.it ([194.21.223.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA02029 for ; Mon, 7 Apr 1997 01:07:42 -0700 (PDT) Received: from gst_web (gst_web.gst.cgs.it [194.21.223.183]) by gst.cgs.it (8.7.5/8.7.3) with SMTP id KAA32146; Mon, 7 Apr 1997 10:28:31 +0200 Message-ID: <3348AC62.3B28@gst.cgs.it> Date: Mon, 07 Apr 1997 10:12:26 +0200 From: Domenico Viggiani Organization: CAP GEMINI X-Mailer: Mozilla 3.01 (WinNT; I) MIME-Version: 1.0 To: firewalls@greatcircle.com CC: Bill_Royds@pch.gc.ca Subject: Re: Individual chroot for ftp users. Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Date: Sat, 5 Apr 1997 23:37:52 -0400 >From: Bill_Royds@pch.gc.ca >Subject: Individual chroot for ftp users. > Does anybody have a program or system to set up an allow one to set up >multiple ftp accounts on Solaris 2.5 so that each one is chrooted to >thier >own directory? I will have multiple ftp users on a depository machine, >that should not have anonymous ftp but still stop an ftp user getting >out >of her own sandbix. I have same needing. If someone can help us, it will be useful! TIA Domenico Viggiani CAP GEMINI SpA From owner-firewalls-outgoing Mon Apr 7 02:04:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA07223 for firewalls-outgoing; Mon, 7 Apr 1997 01:50:16 -0700 (PDT) Received: from relay1.shore.net (relay1.shore.net [192.233.85.129]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA07186 for ; Mon, 7 Apr 1997 01:50:06 -0700 (PDT) Received: from [198.115.179.81] (vin.shore.net [198.115.179.81]) by relay1.shore.net (8.8.3/8.8.3) with ESMTP id EAA11039 for ; Mon, 7 Apr 1997 04:48:57 -0400 (EDT) Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 7 Apr 1997 03:51:46 -0500 To: firewalls@greatcircle.com From: Vin McLellan Subject: Stuart Johnson's Looney Tunes Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Our experience with Stuart Johnson and his swarmy allegations against V-One and Marcus Ranum, personally -- and previously, against Haystack and Steve Smaha, personally -- illustrate how difficult it is for a public mailing list to constrain the rants of a honest-to-goodness Network Loon. Johnson writes with a mixture of malevolence and naivete that taints every topic he addresses and stains every company he mentions. With his tortured syntax and Ostwestfalen-Lippe domain, I thought Johnson's leap of the language barrier excused -- just barely -- his original post on Haystack vs. Wheelgroup. (It was also hard to see how his representation of Wheelgroup, the firm he seemed to favor, did anything but embarrass them.) His more recent denunciations of Smaha and Ranum -- in both cases, with long lists of nasty allegations wholly unsupported except by Johnson's unnamed "insider" sources -- are of the sort that make anyone who tries to challenge him feel dirty just to quote his posts. What makes the Network Loon such an intriguing character -- on top of his regular sociopathic displays online -- is his inability to predict how others will react to his broadcast mix of dirty whispers and self-righteous piety. "I'm not just looking for good technologty," explained Mr. Johnson, "I want to do business with people with integrity." Right. Johnson runs some risks with such hypocracy -- but the Loon, almost by definition, hears neither the groans nor the laughter from the rest of us. Looney self-awareness is as rare as looney subtlety. My apologies for off-topic growling and gnashing. Suerte, _Vin Vin McLellan + The Privacy Guild + 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> -- From owner-firewalls-outgoing Mon Apr 7 03:21:27 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA16019 for firewalls-outgoing; Mon, 7 Apr 1997 03:06:39 -0700 (PDT) Received: from finwds01.tu-graz.ac.at (finwds01.tu-graz.ac.at [129.27.138.60]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA15972 for ; Mon, 7 Apr 1997 03:05:54 -0700 (PDT) Received: from finwal01.tu-graz.ac.at (tom@finwal01.tu-graz.ac.at [129.27.138.63]) by finwds01.tu-graz.ac.at (8.8.5/8.8.5) with SMTP id MAA18989; Mon, 7 Apr 1997 12:03:49 +0200 Received: from localhost by finwal01.tu-graz.ac.at (5.65v3.2/1.1.10.5/03Feb97-0824AM) id AA10066; Mon, 7 Apr 1997 12:03:49 +0200 Date: Mon, 7 Apr 1997 12:03:48 +0200 (MET DST) From: Thomas Leitner X-Sender: tom@finwal01.tu-graz.ac.at To: Domenico Viggiani Cc: firewalls@GreatCircle.COM, Bill_Royds@pch.gc.ca Subject: Re: Individual chroot for ftp users. In-Reply-To: <3348AC62.3B28@gst.cgs.it> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 7 Apr 1997, Domenico Viggiani wrote: > >Date: Sat, 5 Apr 1997 23:37:52 -0400 > >From: Bill_Royds@pch.gc.ca > >Subject: Individual chroot for ftp users. > > > Does anybody have a program or system to set up an allow one to set up > >multiple ftp accounts on Solaris 2.5 so that each one is chrooted to >thier > >own directory? I will have multiple ftp users on a depository machine, > >that should not have anonymous ftp but still stop an ftp user getting >out > >of her own sandbix. > > I have same needing. If someone can help us, it will be useful! Ahh yes and I forgot something: add guestgroup guest to your ftpaccess file. Tom -------------------------------------------------------------------------- T o m L e i t n e r Dept. of Communications Graz University of Technology, e-mail : tom@finwds01.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://wiis.tu-graz.ac.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- From owner-firewalls-outgoing Mon Apr 7 03:37:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA16018 for firewalls-outgoing; Mon, 7 Apr 1997 03:06:37 -0700 (PDT) Received: from finwds01.tu-graz.ac.at (finwds01.tu-graz.ac.at [129.27.138.60]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA16004 for ; Mon, 7 Apr 1997 03:06:23 -0700 (PDT) Received: from finwal01.tu-graz.ac.at (tom@finwal01.tu-graz.ac.at [129.27.138.63]) by finwds01.tu-graz.ac.at (8.8.5/8.8.5) with SMTP id MAA18985; Mon, 7 Apr 1997 12:03:00 +0200 Received: from localhost by finwal01.tu-graz.ac.at (5.65v3.2/1.1.10.5/03Feb97-0824AM) id AA10437; Mon, 7 Apr 1997 12:02:57 +0200 Date: Mon, 7 Apr 1997 12:02:57 +0200 (MET DST) From: Thomas Leitner X-Sender: tom@finwal01.tu-graz.ac.at To: Domenico Viggiani Cc: firewalls@GreatCircle.COM, Bill_Royds@pch.gc.ca Subject: Re: Individual chroot for ftp users. In-Reply-To: <3348AC62.3B28@gst.cgs.it> Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 7 Apr 1997, Domenico Viggiani wrote: > >Date: Sat, 5 Apr 1997 23:37:52 -0400 > >From: Bill_Royds@pch.gc.ca > >Subject: Individual chroot for ftp users. > > > Does anybody have a program or system to set up an allow one to set up > >multiple ftp accounts on Solaris 2.5 so that each one is chrooted to >thier > >own directory? I will have multiple ftp users on a depository machine, > >that should not have anonymous ftp but still stop an ftp user getting >out > >of her own sandbix. > > I have same needing. If someone can help us, it will be useful! You can achieve that using wu-ftpd and setting up "guest" accounts. A guest account needs to be created just like an anonymous FTP account. The user needs to belong to group "guest" (the group name is hardcoded to this in the wu-ftpd - at least in my version). To prevent telnet logins, you can give this user a null shell, for example: gast:xxxxxxxxx:277:31:Gast Account,Gast,,:/home/gast:/bin/nullsh 31 is the group "guest". Be sure to list /bin/nullsh in /etc/shells. You can as well use /bin/sync for that. Finally use something like this in your ftpaccess file: class local real,guest,anonymous *.your.domain class remote real,anonymous * Hope this helps. Tom -------------------------------------------------------------------------- T o m L e i t n e r Dept. of Communications Graz University of Technology, e-mail : tom@finwds01.tu-graz.ac.at Inffeldgasse 12 Phone : +43-316-873-7455 A-8010 Graz / Austria / Europe Fax : +43-316-463-697 Home page : http://wiis.tu-graz.ac.at/people/tom.html PGP public key on : ftp://wiis.tu-graz.ac.at/pgp-keys/tom.asc or send mail with subject "get Thomas Leitner" to pgp-public-keys@keys.pgp.net -------------------------------------------------------------------------- From owner-firewalls-outgoing Mon Apr 7 03:49:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA19768 for firewalls-outgoing; Mon, 7 Apr 1997 03:41:32 -0700 (PDT) Received: from sgi.sgi.com (SGI.COM [192.48.153.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id DAA19732 for ; Mon, 7 Apr 1997 03:41:22 -0700 (PDT) Received: from odin.corp.sgi.com (odin.corp.sgi.com [192.26.51.194]) by sgi.sgi.com (950413.SGI.8.6.12/950213.SGI.AUTOCF) via ESMTP id DAA09167 for <@external-mail-relay.sgi.com:Firewalls@GreatCircle.COM>; Mon, 7 Apr 1997 03:40:22 -0700 Received: from sgigz.guangzhou.sgi.com by odin.corp.sgi.com via ESMTP (951211.SGI.8.6.12.PATCH1502/951211.SGI) for <@fddi-odin.corp.sgi.com:Firewalls@GreatCircle.COM> id DAA03158; Mon, 7 Apr 1997 03:40:13 -0700 Received: from sgigz by sgigz.guangzhou.sgi.com via SMTP (940816.SGI.8.6.9/930416.SGI) for id RAA25568; Mon, 7 Apr 1997 17:27:57 +0900 Message-ID: <3348B00D.41C6@guangzhou.sgi.com> Date: Mon, 07 Apr 1997 17:27:57 +0900 From: James Liang X-Mailer: Mozilla 2.01S (X11; I; IRIX 5.3 IP22) MIME-Version: 1.0 To: Firewalls@GreatCircle.COM Subject: Freeware that support NAT ? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi all, Is there a freewere that can support NAT (RFC 1631) and can run on Linux and other unix platforms? James Liang james@guangzhou.sgi.com From owner-firewalls-outgoing Mon Apr 7 05:19:55 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA27184 for firewalls-outgoing; Mon, 7 Apr 1997 05:06:00 -0700 (PDT) Received: from relay.rv.tis.com (relay.rv.tis.com [204.254.155.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA27177 for ; Mon, 7 Apr 1997 05:05:55 -0700 (PDT) Received: by relay.rv.tis.com; id AAA14305; Mon, 7 Apr 1997 00:40:36 -0400 (EDT) Received: from unknown(192.94.214.122) by relay.rv.tis.com via smap (3.2) id xmaa14294; Mon, 7 Apr 97 00:38:52 -0400 Message-Id: <3.0.1.32.19970406230152.006c7d0c@pop.rv.tis.com> X-Sender: rick@pop.rv.tis.com X-Mailer: Windows Eudora Pro Version 3.0.1 (32) Date: Sun, 06 Apr 1997 23:01:52 -0400 To: Joseph Judge From: Rick Murphy Subject: Re: Gauntlet / SmartWall source :-( Cc: "'Firewalls Mailing List'" In-Reply-To: <01BC42A1.F9F6CC00@zandar.judge.org> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 03:48 PM 4/6/97 -0400, Joseph Judge wrote: >With the release of the Solaris versions of >Gauntlet and SmartWall, the ability of >buying the source code has disappeared. > >How has this affected anyone in the firewalls >arena? That's not true. The Gauntlet source is still available. You WILL have to pay Sun for a compiler license to use it, however :-) -Rick From owner-firewalls-outgoing Mon Apr 7 05:34:47 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id FAA27847 for firewalls-outgoing; Mon, 7 Apr 1997 05:19:12 -0700 (PDT) Received: from paranoid.convey.ru (ws06.convey.ru [195.182.128.21]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id FAA27840 for ; Mon, 7 Apr 1997 05:19:04 -0700 (PDT) Received: (from ark@localhost) by paranoid.convey.ru (8.7.5/8.7.3) id QAA28106; Mon, 7 Apr 1997 16:16:33 +0400 From: ArkanoiD Message-Id: <199704071216.QAA28106@paranoid.convey.ru> Subject: Re: Gauntlet / SmartWall source :-( To: cmcurtin@research.megasoft.com Date: Mon, 7 Apr 1997 16:16:31 +0400 (MSD) Cc: firewalls@greatcircle.com In-Reply-To: <199704062243.SAA21690@goffette.research.megasoft.com> from "C Matthew Curtin" at Apr 6, 97 06:43:25 pm X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk nuqneH, > Joe> Does anyone else muck with the source code like I do ? > > I do... For internal stuff here, I like to use bits of FWTK for > various jobs. Some tools are heavily hacked, some are just compiled > as-is, and most are somewhere in the middle. > btw - what tools? i am highly interested in such things ;).. > In consulting situations, I typically recommend Gauntlet if someone > wants to "buy a firewall," or need something like that for a bastion > host. I've never known anyone with Gauntlet (besides me) to hack at > the code. > ..about Gauntlet.. I tried to contact TIS - it was >1month delay between my message and first responce - and the responce wasn't really informative.. I asked additional questions - it was 1.5 weeks ago and i am expecting next delay like first one :( Maybe you do know the answer - i am trying to find out if a) i can run Gauntlet on FreeBSD - even with limited support b) i can get a "poor man's version" with only tools i need - i heared the price more than $10K for complete set and 2 months support - definitely too much for a _small_ ISP c) i can get a limited-time evaluation license - as Borderware offers - i have to play a bit with thing to decide to buy or not.. -- _ _ _ _ _ _ _ {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_ (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_| [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one! From owner-firewalls-outgoing Mon Apr 7 06:04:41 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA01727 for firewalls-outgoing; Mon, 7 Apr 1997 06:02:58 -0700 (PDT) Received: from Sonnet.GSC.GTE.Com (Sonnet.GSC.GTE.Com [131.131.251.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA01710 for ; Mon, 7 Apr 1997 06:02:51 -0700 (PDT) Received: from ndhm06.ndhm.gtegsc.com ("port 2175"@ndhm06.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-6 #17886) id <01IHF2OCDCLW000Y0L@Sonnet.GSC.GTE.Com> for firewalls@greatcircle.com; Mon, 07 Apr 1997 09:01:28 -0400 (EDT) Received: by ndhm06.ndhm.gtegsc.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC4332.4613A690@ndhm06.ndhm.gtegsc.com>; Mon, 07 Apr 1997 09:01:26 -0400 Date: Mon, 07 Apr 1997 09:01:24 -0400 From: "Button, Dave" Subject: RE: xntpd and gauntlet 3.2 To: "'DSAWYER@PILLSBURY.COM'" Cc: "'firewalls'" Message-id: MIME-version: 1.0 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63 Content-type: text/plain; charset="us-ascii" Content-transfer-encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Douglas Sawyer wrote: "Gauntlet firewall (TIS) fundamentally does not allow udp based services through the firewall. We really only need it for synchronization, however somebody got the idea of getting time from the Internet and here we are. How can you make xntpd work? In order to reduce the bouncing that could go on, here is what I already know. Doug, the inadvisability of letting UDP through our firewall was one of the considerations that let to the establishment of our own stratum-1 ntp server. In fact we have two that are hosted on the same machines as our ACE servers. It took awhile to get ntp set up, but once we did it has run flawssly ever since. The ntp software is available from Dr. Mill's ftp site at U. Delaware and GPS receivers are not that expensive, so the real cost is the labor in setting up our time server. This solution is not for everybody. We had both a need for high security which obviated passing UDP through the firewall and a definition of "due diligence" which reqired accurate, high-availibility time, so having our own timeservers was a good solution. Dave Button From owner-firewalls-outgoing Mon Apr 7 06:41:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA02957 for firewalls-outgoing; Mon, 7 Apr 1997 06:24:51 -0700 (PDT) Received: from tcbru22.cec.be (tcbru22.cec.be [158.169.10.11]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id GAA02950 for ; Mon, 7 Apr 1997 06:24:45 -0700 (PDT) From: Didier.BREMS@OPOCE.cec.be Received: from MX3.CEC.BE (tcbru10x [158.169.10.20]) by tcbru22.cec.be (8.8.2/8.6.12) with SMTP id PAA13811 for ; Mon, 7 Apr 1997 15:26:09 +0200 (MET DST) Received: by MX3.CEC.BE (Soft-Switch LMS 2.0) with x400 via CEC-NTL01 id 0011500002631081; Mon, 7 Apr 1997 15:23:41 +0200 X400-Received: by /PRMD=CEC/ADMD=RTT/C=BE/; Relayed; Mon, 7 Apr 1997 14:52:24 +0200 X400-Originator: Didier.BREMS@OPOCE.cec.be X400-Recipients: Firewalls@GreatCircle.COM X400-MTS-Identifier: [/PRMD=CEC/ADMD=RTT/C=BE/;0011500002631081000002L012] X400-Content-Type: P2-1988 (22) Date: Mon, 7 Apr 1997 14:52:24 +0200 To: Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Hi, I would like to know if there is any NTP bugs that can compromize security. The NTP protocol is used across a firewall to synchronize a Cisco router on the untrusted part of our network. Even if I see no reason to allow the protocol both way across the firewall, the network team has defined it on the FW1 machine and I would like to have some arguments to forbidden it from the unthrusted part to the internal network. Answers can be send directely to my Email box: didier.brems@opoce.cec.be Many thanks Didier Brems: security consultant url: www.infeurope.lu From owner-firewalls-outgoing Mon Apr 7 07:41:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA10492 for firewalls-outgoing; Mon, 7 Apr 1997 07:29:42 -0700 (PDT) Received: from coyote.tech.telepac.pt (bdshack.telepac.pt [194.65.3.124]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA10482 for ; Mon, 7 Apr 1997 07:29:34 -0700 (PDT) Received: from torquemada ([194.65.3.123]) by coyote.tech.telepac.pt (8.8.4/8.8.4) with ESMTP id QAA11480; Mon, 7 Apr 1997 16:26:38 +0100 Message-ID: <334904C0.99C4FB17@tech.telepac.pt> Date: Mon, 07 Apr 1997 15:29:20 +0100 From: Joao Brazao Ferreira Organization: Telepac, SA X-Mailer: Mozilla 4.0b3 [en] (WinNT; I) MIME-Version: 1.0 To: James Liang CC: Firewalls@GreatCircle.COM Subject: Re: Freeware that support NAT ? X-Priority: 3 (Normal) References: <3348B00D.41C6@guangzhou.sgi.com> Content-Type: text/plain; charset=iso-8859-1 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk James Liang wrote: > Hi all, > > Is there a freewere that can support NAT (RFC 1631) and can run on > Linux > and other unix platforms? You can use ipfwadm ( http://www.xol.nl ), which maquerades IP addresses. Joao Ferreira From owner-firewalls-outgoing Mon Apr 7 07:49:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA08429 for firewalls-outgoing; Mon, 7 Apr 1997 07:13:04 -0700 (PDT) Received: from spheara.io360.com (spheara.io360.com [206.33.148.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA08378 for ; Mon, 7 Apr 1997 07:12:52 -0700 (PDT) Received: (from stevek@localhost) by spheara.io360.com (8.7.6/8.6.10-io360) id KAA01783; Mon, 7 Apr 1997 10:11:24 -0400 (EDT) Message-ID: Date: Mon, 7 Apr 1997 10:11:24 -0400 From: stevek@SteveK.COM (Steve Kann) To: lists@reflections.eng.mindspring.net (Todd Graham Lewis) Cc: firewalls@GreatCircle.COM (Firewalls Mailing List) Subject: Re: Getting DNS through a firewall. References: X-Mailer: Mutt 0.58.1 Mime-Version: 1.0 X-Blank-Header-Line: (this header intentionally left blank) In-Reply-To: ; from Todd Graham Lewis on Apr 1, 1997 00:59:22 -0500 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Todd Graham Lewis writes: > On Tue, 1 Apr 1997, Neale Banks wrote: > > > Does this not raise a quandry: if it is unsafe to pass DNS packets through > > the firewall, then how is it safe to pass them to a dns slave server on > > the firewall? > > > > Or, is it assumed that one will run a "safe" dns slave on the firewall? > > Here's a question for the class: Why give DNS to internal machines at all? > Why do they need it? Isn't everything going through a proxy? Hasn't > everyone read Felten's paper where he mentions DNS as a perfect > back-channel accessible to Java applets and other sandbox-protected > networkable proglets? Actually, I don't remember reading about this -- where can I find this paper? I think I see the point (the java applet can send information to any third parties just by causing certain DNS lookups to occur). But does having a proxy server prevent this? Then the java applet just asks for a URL containing that same hostname, and the proxy server will then do the lookup for the client. The information still flows out either way. It really isn't much different than passing data by requesting data from a third party URL, is it? -SteveK -- Steve Kann i/o 360 digital design 841 Broadway, Suite 502 PGP 1024/C0145E05 F2 D6 24 83 9E 52 9A 61 AA BB 97 61 5C A1 B8 CE Personal:stevek@SteveK.COM Business: stevek@io360.com From owner-firewalls-outgoing Mon Apr 7 08:26:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA13411 for firewalls-outgoing; Mon, 7 Apr 1997 07:56:37 -0700 (PDT) Received: from info.curtin.edu.au (info.curtin.edu.au [134.7.70.222]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id HAA13341 for ; Mon, 7 Apr 1997 07:56:14 -0700 (PDT) Received: from macros.cage.curtin.edu.au (macros.cage.curtin.edu.au [134.7.135.11]) by info.curtin.edu.au (8.8.5/8.8.5) with SMTP id WAA15771 for ; Mon, 7 Apr 1997 22:55:12 +0800 (WST) Received: from MACROS/SMTPQUEUE by macros.cage.curtin.edu.au (Mercury 1.11); Mon, 7 Apr 97 22:55:13 +800 Received: from SMTPQUEUE by MACROS (Mercury 1.11); Mon, 7 Apr 97 22:54:46 +800 Received: from [134.7.108.57] by macros.cage.curtin.edu.au (Mercury 1.11); Mon, 7 Apr 97 22:54:40 +800 X-Sender: watsonb@macros.cage.curtin.edu.au Message-Id: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 7 Apr 1997 22:53:07 +0800 To: firewalls@GreatCircle.COM From: Bret Watson Subject: POP and Proxies, mail fetchers daemons etc Sender: firewalls-owner@GreatCircle.COM Precedence: bulk http://sunsite.anu.edu.au/archives/linux/system/mail/pop/INDEX.short.html This seems to be a fairly good start... Cheers, Bret Bret Watson & Associates http://www.bwa.net email watsonb@bwa.net phone +61 41 4411 149 fax +61 9 454 6042 Computer & Information Security Consultants From owner-firewalls-outgoing Mon Apr 7 08:55:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA19033 for firewalls-outgoing; Mon, 7 Apr 1997 08:42:07 -0700 (PDT) Received: from portal.east.saic.com (portal.east.saic.com [198.151.13.15]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id IAA19024 for ; Mon, 7 Apr 1997 08:41:58 -0700 (PDT) Received: from blazer.cist.saic.com ([149.8.156.11]) by portal.east.saic.com via smtpd (for honor.greatcircle.com [198.102.244.44]) with SMTP; 7 Apr 1997 15:42:30 UT Received: from obiwan.cist.saic.com (unverified [149.8.156.16]) by blazer.cist.saic.com (EMWAC SMTPRS 0.83) with SMTP id ; Mon, 07 Apr 1997 11:41:14 -0400 Message-ID: From: "Chris Kostick" To: "Joao Brazao Ferreira" , "James Liang" Cc: Subject: Re: Freeware that support NAT ? Date: Mon, 7 Apr 1997 11:38:37 -0400 X-MSMail-Priority: Normal X-Priority: 3 X-Mailer: Microsoft Internet Mail 4.70.1155 MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk > > Is there a freewere that can support NAT (RFC 1631) and can run on > > Linux > > and other unix platforms? > > You can use ipfwadm ( http://www.xol.nl ), which maquerades IP > addresses. IP Masquerading is not NAT. Well, it's only a special case of NAT. Where NAT can establish 1:1 or many:1 relationships allocating addresses statically or dynamically, IP masquerading under Linux is a many:1, static allocation case of NAT. And if you want info on IP masquerading look at http://www.indyramp.com/masq or http://www.wwonline.com/~achau/ipmasq -- chris From owner-firewalls-outgoing Mon Apr 7 09:05:33 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA20607 for firewalls-outgoing; Mon, 7 Apr 1997 08:56:49 -0700 (PDT) Received: from ra.nso.org (ra.nso.org [207.30.58.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA20571 for ; Mon, 7 Apr 1997 08:56:35 -0700 (PDT) Received: from osiris (osiris.nso.org [207.30.58.40]) by ra.nso.org (post.office MTA v1.9.3 ID# 0-13592) with SMTP id AAA591 for ; Mon, 7 Apr 1997 11:58:30 -0400 Message-Id: <3.0.32.19970407115832.008f4e30@isr.net> X-Sender: research@isr.net X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Apr 1997 11:58:33 -0400 To: firewalls@greatcircle.com From: research@isr.net (Research Unit I) Subject: Marcus, Haystack, NCSA Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Stuart: For whatever reason you posted comments on Haystack, Marcus Ranum, and others, I fail to see why setting an unfair and untrue atmosphere is so important for you, or for the readers of this list. Arguably this has nothing to do with firewalls, does it ? Nevertheless I feel that I have to respond, since I know some of the individuals you attack. And I regard and respect them very much. On Marcus: Doing business is NOT dirty. If Marcus joined commercial forces with whomever, that absolutely does not decrease his qualities as a scientist. Many times over scientists within industry change positions. Some have the ambition to set up a company for themselves. It also does not mean that a company or product he left or leaves behind is suddenly degraded to a lower level of quality. If MJR is actually in the process of forming a new venture, I'd wish him all the possible luck and wisdom. I'd also watch that new venture carefully, as it could certainly be expected - with recognition of MJR's contributions to the industry - to offer something new and exciting. Possibly something we might want to purchase. Why then pollute this list with disrespect ? On Steve: If Steve happens to be on a board of directors of another company, so be it. That certainly does not make him a bad guy. Normally it improves one's image, you know. Also Steve and his company proved to be of important impact to the industry. If Steve seeks other business opportunities I cannot see what could possibly be wrong about that. On conferences: Anything one hears informaly that is not technically related to the issues and topics of a conference, is by many considered flack and of trivial importance. It certainly does not belong on a list like this one. Political caucusing has many good outlets elsewhere on the net. Since you've chosen to broadcast your thoughts so widely, I'd appreciate very much your apologies addressed to Marcus and Steve. Both deserve respect, neither deserves smut. I believe you owe that. Please don't be insulted by my comment, but I felt - for this rare occasion - that I have to do this. I wish you well. Bertil Dr. Bertil Fortrie Editor-in-Chief Internet Security Review At 12:51 AM 4/6/97 -0000, sjohnson@weasel.owl.de wrote: As regard to the Haystack information, my message was not intended to be "tabloid". Obviously, it is the marketing managers' responsibility to paint a pretty picture. But I am only interested in finding out why an insider at Haystack would share this information in confidence. Many of the private emails I received confirm others' lack of confidence in Haystack and the fact that many people are leaving due to the turmoil. Is this deniable? I only want to make the best choice for my company. >With the enquiry about Haystack and Wheelgroup, I received some email from Marcus Ranum. He >is someone I have respected from many of his posts. But his email has suprised me and >I have had some doubts about whether he was objectively replying or only trying to sell >some new product he is building and denigrate the choices that I am reviewing. >I also received email's from others suggesting Marcus' new company as an alternative, but from those messages it is clear he has decided to get out of V-One and thought it was a total failure without direction. This concerns me because he has used V-one to fund this company and I assume they are the majority owners of it. Has anyone actually implemented this stuff or is it just vaporware? >I kind of question what kind of business man Marcus is based on what I had overheard at a conference where a small group of people talking, including one of the speakers for NCSA (I believe Dr. Tippett). They were talking about the firewall consortium and someone had asked about Marcus. The speaker from the NCSA said that they removed Marcus from any more influence on the certification process due to his continuous attempts to self promote his own selfish interests and not those of the security community. >The second concern about the integrity of Marcus' company is the fact that the Founder and CEO of a competing monitoring company (Steve Smaha of Haystack) is on his board. This is like a CEO of Netscape sitting on Microsoft's board. Obviously, Steve Smaha does notbelieve NetStalker is a competitive product or he wouldn't sit on a competitor's board, or would he? Does this seem fishy? >I am not just looking for good technology, I want to do business with people with integrity. >Stuart From owner-firewalls-outgoing Mon Apr 7 09:47:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA22547 for firewalls-outgoing; Mon, 7 Apr 1997 09:24:54 -0700 (PDT) Received: from mail.diginsite.com (mail.diginsite.com [208.2.189.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA22540 for ; Mon, 7 Apr 1997 09:24:35 -0700 (PDT) Received: from march.diginsite.com by mail.diginsite.com (AIX 3.2/UCB 5.64/4.03) id AA06868; Mon, 7 Apr 1997 09:20:32 -0700 Received: by march.diginsite.com with Microsoft Mail id <01BC4335.49B11140@march.diginsite.com>; Mon, 7 Apr 1997 09:23:00 -0700 Message-Id: <01BC4335.49B11140@march.diginsite.com> From: David Lang To: Kathy Kost , "'Sameer R. Manek'" Cc: "firewalls@GreatCircle.COM" Subject: RE: combo internal/external web servers Date: Mon, 7 Apr 1997 09:22:59 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk ---------- From: Sameer R. Manek[SMTP:manek@challenger.atc.fhda.edu] Sent: Saturday, April 05, 1997 5:36 PM To: Kathy Kost Cc: firewalls@GreatCircle.COM Subject: Re: combo internal/external web servers Some have suggested using either a zip drive (with the write protect tab notched) or a writeable cdrom, but i don't think these methords are=20 practical, aside from the fact that zip and cdrom drives are slower.=20 These things are what i call 'making work', they make you, the admin, do things like burn cds, change cds, remount it.=20 another problem with the zip disks and the ez230 disks is that the write = protect is a software function not a hardware switch. The ez135 and = older iomega and syquiest drives all have hardware switches. David Lang From owner-firewalls-outgoing Mon Apr 7 10:04:23 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA23621 for firewalls-outgoing; Mon, 7 Apr 1997 09:39:40 -0700 (PDT) Received: from mail.instinctive.com (dns.instinctive.com [207.60.135.162]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA23612 for ; Mon, 7 Apr 1997 09:39:35 -0700 (PDT) Received: from mail.instinctive.com by mail.instinctive.com (NTMail 3.02.10) with ESMTP id ea008610 for ; Mon, 7 Apr 1997 12:40:29 -0400 Message-Id: <3.0.1.32.19970407123917.018bf100@mail.instinctive.com> X-Sender: ghaverkamp@mail.instinctive.com X-Mailer: Windows Eudora Light Version 3.0.1 (32) Date: Mon, 07 Apr 1997 12:39:17 -0500 To: Scott Fagg From: Greg Haverkamp Subject: Re: POP proxy availabilty Cc: firewalls@GreatCircle.COM In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk At 03:33 AM 4/7/97 +0000, you wrote: >Does a POP/SMTP proxy exist that would fit in with the fwtk? Is >there a standalone POP/SMTP proxy available in some form? (that >would run on linux/unix - source code preferably) or does >smap/smapd solve the problem? The smap/smapd won't solve any POP3 problems; it may solve SMTP problems. For POP3, I've recently come across a program called pop3gwd. I've not installed it, and I've only done a cursory look through the code to decide if I would use it, but you can find it at the following URL: http://www.cs.unibo.it/~borgia/homepage/Software/Software.html Greg From owner-firewalls-outgoing Mon Apr 7 10:11:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA23952 for firewalls-outgoing; Mon, 7 Apr 1997 09:41:32 -0700 (PDT) Received: from mail.diginsite.com (mail.diginsite.com [208.2.189.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA23920 for ; Mon, 7 Apr 1997 09:41:23 -0700 (PDT) Received: from march.diginsite.com by mail.diginsite.com (AIX 3.2/UCB 5.64/4.03) id AA10375; Mon, 7 Apr 1997 09:38:43 -0700 Received: by march.diginsite.com with Microsoft Mail id <01BC4337.D41A7FE0@march.diginsite.com>; Mon, 7 Apr 1997 09:41:12 -0700 Message-Id: <01BC4337.D41A7FE0@march.diginsite.com> From: David Lang To: "firewalls@greatcircle.com" , "'Scott Fagg'" Subject: RE: POP proxy availabilty Date: Mon, 7 Apr 1997 09:41:10 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Included with the fwtk is the smap/smapd pair for proxying e-mail. It = will handle smtp without blinking. As for POP are you talking that you = need to get POP connection through the firewall or just get mail = through? David Lang ---------- From: Scott Fagg[SMTP:scott.fagg@arup.com] Sent: Sunday, April 06, 1997 8:34 PM To: firewalls@greatcircle.com Subject: POP proxy availabilty I am building a firewall for a small commercial network (6 PC's, NT, 95, Win3) I'm basing the solution on Linux running the TIS FWTK (primarily because of cost, but i also feel relatively comfortable with the bits and pieces) As it comes, the fwtk supports http, ftp & telnet sufficiently for my needs. The next hurdle is email. I could use the 'plug' proxy to cover most email situations. My understanding is that you can setup 1-to-1 and many-to-1 relationships with the 'plug' proxy but not 1-to-many (ie one client, many mailboxes) This might be limiting. (At the moment their email is a little messy) Does a POP/SMTP proxy exist that would fit in with the fwtk? Is there a standalone POP/SMTP proxy available in some form? (that would run on linux/unix - source code preferably) or does=20 smap/smapd solve the problem? regards, From owner-firewalls-outgoing Mon Apr 7 10:19:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA26206 for firewalls-outgoing; Mon, 7 Apr 1997 09:56:24 -0700 (PDT) Received: from matav.hu (firewall.matav.hu [145.236.225.161]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA26078 for ; Mon, 7 Apr 1997 09:55:56 -0700 (PDT) Received: from tiivs7.tii.matav.hu ([145.236.48.148]) by firewall.matav.hu with SMTP id <55572-1>; Mon, 7 Apr 1997 17:53:44 +0100 Received: from piheno.tii.matav.hu by tiivs7.tii.matav.hu (MX V4.1 VAX) with SMTP; Mon, 07 Apr 1997 18:54:52 MET Received: from localhost (mag@localhost) by piheno.tii.matav.hu (8.8.4/8.8.4) with SMTP id TAA03160; Mon, 7 Apr 1997 19:56:32 +0200 Date: Mon, 7 Apr 1997 18:56:32 +0100 From: "Magossa'nyi A'rpa'd" To: "Button, Dave" CC: "'DSAWYER@PILLSBURY.COM'" , "'firewalls'" Subject: UDP considered harmful? (was: xntpd and gauntlet 3.2) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=ISO-8859-2 Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 7 Apr 1997, Button, Dave wrote: > =09Doug, the inadvisability of letting UDP through our firewall was one= =20 Yet another thing I have to learn about :) Can you explain why UDP considered harmful? Pointers to related documentation is appreciated. --- GNU GPL: csak tiszta forr=E1sb=F3l From owner-firewalls-outgoing Mon Apr 7 10:44:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA25022 for firewalls-outgoing; Mon, 7 Apr 1997 09:48:32 -0700 (PDT) Received: from mail.diginsite.com (mail.diginsite.com [208.2.189.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA24984 for ; Mon, 7 Apr 1997 09:48:19 -0700 (PDT) Received: from march.diginsite.com by mail.diginsite.com (AIX 3.2/UCB 5.64/4.03) id AA07615; Mon, 7 Apr 1997 09:44:30 -0700 Received: by march.diginsite.com with Microsoft Mail id <01BC4338.A2C6D320@march.diginsite.com>; Mon, 7 Apr 1997 09:46:58 -0700 Message-Id: <01BC4338.A2C6D320@march.diginsite.com> From: David Lang To: Todd Graham Lewis , "'Steve Kann'" Cc: Firewalls Mailing List Subject: RE: Getting DNS through a firewall. Date: Mon, 7 Apr 1997 09:46:57 -0700 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: firewalls-owner@GreatCircle.COM Precedence: bulk The current (8.8) version of sendmail requires some ability to resolve names. David Lang ---------- From: Steve Kann[SMTP:stevek@SteveK.COM] Sent: Monday, April 07, 1997 7:11 AM To: Todd Graham Lewis Cc: Firewalls Mailing List Subject: Re: Getting DNS through a firewall. Todd Graham Lewis writes: > On Tue, 1 Apr 1997, Neale Banks wrote: > > > Does this not raise a quandry: if it is unsafe to pass DNS packets through > > the firewall, then how is it safe to pass them to a dns slave server on > > the firewall? > > > > Or, is it assumed that one will run a "safe" dns slave on the firewall? > > Here's a question for the class: Why give DNS to internal machines at all? > Why do they need it? Isn't everything going through a proxy? Hasn't > everyone read Felten's paper where he mentions DNS as a perfect > back-channel accessible to Java applets and other sandbox-protected > networkable proglets? Actually, I don't remember reading about this -- where can I find this paper? I think I see the point (the java applet can send information to any third parties just by causing certain DNS lookups to occur). But does having a proxy server prevent this? Then the java applet just asks for a URL containing that same hostname, and the proxy server will then do the lookup for the client. The information still flows out either way. It really isn't much different than passing data by requesting data from a third party URL, is it? -SteveK -- Steve Kann i/o 360 digital design 841 Broadway, Suite 502 PGP 1024/C0145E05 F2 D6 24 83 9E 52 9A 61 AA BB 97 61 5C A1 B8 CE Personal:stevek@SteveK.COM Business: stevek@io360.com From owner-firewalls-outgoing Mon Apr 7 11:20:20 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA06580 for firewalls-outgoing; Mon, 7 Apr 1997 10:51:18 -0700 (PDT) Received: from firewall1_int.glaxowellcome.com (firewall1.glaxowellcome.com [192.58.204.204]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA06379 for ; Mon, 7 Apr 1997 10:50:21 -0700 (PDT) Received: by firewall1_int.glaxowellcome.com id NAA18889; Mon, 7 Apr 1997 13:31:35 -0400 (EDT) Received: from ussun2m.glaxo.com(152.51.20.99) by firewall1.glaxo.com via smap (3.2) id xma018873; Mon, 7 Apr 97 13:31:13 -0400 Received: by ussun2m.glaxo.com id NAA24558; Mon, 7 Apr 1997 13:28:40 -0400 (EDT) Received: by ussun2f.glaxo.com id NAA15442; Mon, 7 Apr 1997 13:35:09 -0400 (EDT) Date: Mon, 7 Apr 1997 13:35:07 -0400 (EDT) From: Gary Hull X-Sender: ggh14854@ussun2f To: firewalls Subject: virus scanning Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk We are looking at implementing virus scanning sw either at the firewall or on a server that sits between our firewall and the intranet. Can anyone recommend such a product? Thanks. |/ ---o0o-@@-o0o--------- Gary G. Hull - Technical Consultant Howard Systems International - Glaxo Wellcome Inc. Five Moore Drive - Raleigh, North Carolina 27709 Tel : (919) 941-4867 - Fax : (919) 483-0056 email: ggh14854@ussun2f.glaxo.com From owner-firewalls-outgoing Mon Apr 7 11:28:42 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA07573 for firewalls-outgoing; Mon, 7 Apr 1997 10:58:14 -0700 (PDT) Received: from scifi.squawk.com (scifi.squawk.com [199.74.151.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA07538 for ; Mon, 7 Apr 1997 10:58:01 -0700 (PDT) Received: from localhost (njs@localhost) by scifi.squawk.com (8.8.5/8.8.5) with SMTP id NAA25634; Mon, 7 Apr 1997 13:44:08 -0400 Date: Mon, 7 Apr 1997 13:44:07 -0400 (EDT) From: Nick Simicich X-Sender: njs@scifi To: Domenico Viggiani cc: firewalls@GreatCircle.COM, Bill_Royds@pch.gc.ca Subject: Re: Individual chroot for ftp users. In-Reply-To: <3348AC62.3B28@gst.cgs.it> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk WU-Archive FTP will do this. I'm probably about the 40th person to tell you this. On Mon, 7 Apr 1997, Domenico Viggiani wrote: > > > Does anybody have a program or system to set up an allow one to set up > >multiple ftp accounts on Solaris 2.5 so that each one is chrooted to >thier > >own directory? I will have multiple ftp users on a depository machine, > >that should not have anonymous ftp but still stop an ftp user getting >out > >of her own sandbix. > > I have same needing. If someone can help us, it will be useful! > > TIA > Domenico Viggiani > CAP GEMINI SpA > Of course my password is the same as my pet's name. My macaw's name is Q47pY!3, and I change it every 90 days. Nick Simicich mailto:njs@scifi.squawk.com or (last choice) mailto:njs@us.ibm.com http://scifi.squawk.com/njs.html -- Stop by and Light Up The World! From owner-firewalls-outgoing Mon Apr 7 11:38:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA09186 for firewalls-outgoing; Mon, 7 Apr 1997 11:06:10 -0700 (PDT) Received: from Sonnet.GSC.GTE.Com (Sonnet.GSC.GTE.Com [131.131.251.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA09114 for ; Mon, 7 Apr 1997 11:05:56 -0700 (PDT) Received: from ndhm06.ndhm.gtegsc.com ("port 2803"@ndhm06.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-6 #17886) id <01IHFD9BBVC400118J@Sonnet.GSC.GTE.Com> for firewalls@greatcircle.com; Mon, 07 Apr 1997 14:04:44 -0400 (EDT) Received: by ndhm06.ndhm.gtegsc.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC435C.A28971A0@ndhm06.ndhm.gtegsc.com>; Mon, 07 Apr 1997 14:04:40 -0400 Date: Mon, 07 Apr 1997 14:04:38 -0400 From: "Button, Dave" Subject: RE: xntpd and gauntlet 3.2 To: "'Eric Demerling'" Cc: "'firewalls'" Message-id: MIME-version: 1.0 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63 Content-type: multipart/mixed; boundary="---- =_NextPart_000_01BC435C.A29A1370" Content-transfer-encoding: 7BIT Sender: firewalls-owner@GreatCircle.COM Precedence: bulk This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------ =_NextPart_000_01BC435C.A29A1370 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit With reference to rolling your own GPS-based time standard, Eric Demerling wrote: "Dave do you have some url's for this info? I poked around on Yahoo and altivista and only came up with using clocks on the net. (not your own gps)" Eric, Dr. David Mills has an FTP site louie.udel.edu in which you may find the source for the xntp daemon, plus lots of other info bundled into the tar file. See this reference: We used a TRAK systems 8821A GPS clock. Surprisingly, TRAK does not have a web site, but they may be reached at 813.884.1411, which is in Tampa FL. A site that has a description of the company is When you read Dr. Mills literature you will find many other receivers for which he has written software drivers. We chose TRAK mainly because of a prior relationship with my company, GTE, and we certainly have no regrets as they have performed flawlessly for about 18 months now. Dave Button ------ =_NextPart_000_01BC435C.A29A1370 Content-Type: application/octet-stream; name="ATLOUI~2.URL" Content-Transfer-Encoding: base64 W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9ZnRwOi8vbG91aWUudWRlbC5lZHUvcHViL250cC8NCg== ------ =_NextPart_000_01BC435C.A29A1370 Content-Type: application/octet-stream; name="TECH-S~2.URL" Content-Transfer-Encoding: base64 W0ludGVybmV0U2hvcnRjdXRdDQpVUkw9aHR0cDovL3d3dy5zeW50cm9uLmNvbS90c3ltL2NvbW0u aHRtDQo= ------ =_NextPart_000_01BC435C.A29A1370-- From owner-firewalls-outgoing Mon Apr 7 11:57:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA14683 for firewalls-outgoing; Mon, 7 Apr 1997 11:43:44 -0700 (PDT) Received: from miles.greatcircle.com (miles.greatcircle.com [198.102.244.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA14642 for ; Mon, 7 Apr 1997 11:43:33 -0700 (PDT) Received: from Sonnet.GSC.GTE.Com (Sonnet.GSC.GTE.Com [131.131.251.1]) by miles.greatcircle.com (8.8.5/Miles-970308-2) with ESMTP id LAA18937 for ; Mon, 7 Apr 1997 11:44:04 -0700 (PDT) Received: from ndhm06.ndhm.gtegsc.com ("port 3878"@ndhm06.ndhm.gtegsc.com) by Sonnet.GSC.GTE.Com (PMDF V5.0-6 #17886) id <01IHFEK95GOC00118J@Sonnet.GSC.GTE.Com> for firewalls@greatcircle.com; Mon, 07 Apr 1997 14:41:48 -0400 (EDT) Received: by ndhm06.ndhm.gtegsc.com with SMTP (Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63) id <01BC4361.CFFC5300@ndhm06.ndhm.gtegsc.com>; Mon, 07 Apr 1997 14:41:43 -0400 Date: Mon, 07 Apr 1997 14:41:42 -0400 From: "Button, Dave" Subject: RE: UDP considered harmful? (was: xntpd and gauntlet 3.2) To: "'Magossa'nyi A'rpa'd'" Cc: "'firewalls'" Message-id: MIME-version: 1.0 X-Mailer: Microsoft Exchange Server Internet Mail Connector Version 4.0.994.63 Content-type: text/plain; charset="iso-8859-1" Content-transfer-encoding: quoted-printable Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Magossa'nyi A'rpa'd wrote: "On Mon, 7 Apr 1997, Button, Dave wrote: > Doug, the inadvisability of letting UDP through our firewall was=20 one Yet another thing I have to learn about :) Can you explain why UDP considered harmful? Pointers to related documentation is appreciated. --- GNU GPL: csak tiszta forr=E1sb=F3l" The quote was specific to OUR situation, though I understand that UDP=20 may be dangerous in situations where RPC is used. More specifically, I=20 was concerned about spoofing attacks that would negate having accurate=20 time, and the problems with relying on outside servers providing=20 claimed stratum 1 accuracy. We are in the certification authority=20 business and so we must avoid the apperance of evil as well as evil=20 itself. Dave Button http://www.cybertrust.com From owner-firewalls-outgoing Mon Apr 7 12:34:48 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA15553 for firewalls-outgoing; Mon, 7 Apr 1997 11:49:45 -0700 (PDT) Received: from shell.istar.ca (shell.iSTAR.ca [204.191.213.253]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA15490 for ; Mon, 7 Apr 1997 11:49:26 -0700 (PDT) Received: from inforamp.net (InfoRamp.net [204.191.136.8]) by shell.istar.ca (8.8.5/8.8.4) with ESMTP id OAA06025 for ; Mon, 7 Apr 1997 14:48:29 -0400 (EDT) Received: from genel.csnet.can.ibm.com (mpngt5.ny.us.ibm.com [198.133.29.68]) by inforamp.net (8.8.5/8.8.4) with SMTP id PAA18067 for ; Mon, 7 Apr 1997 15:48:00 -0300 (ADT) Received: by genel.csnet.can.ibm.com with Microsoft Mail id <01BC4362.A12A6F20@genel.csnet.can.ibm.com>; Mon, 7 Apr 1997 14:47:34 -0400 Message-ID: <01BC4362.A12A6F20@genel.csnet.can.ibm.com> From: Gene Lee To: "'firewalls@greatcircle.com'" Subject: Level 5 Screened Subnet? Date: Mon, 7 Apr 1997 14:46:38 -0400 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I know what a screened subnet architecture is, but has anyone ever heard of it referred to as a Level 5 Screened Subnet? Does this denote the level on the OSI model or something else? Personally, I've never heard it referred to this way... -- Gene Lee genel@inforamp.net genelee@vnet.ibm.com From owner-firewalls-outgoing Mon Apr 7 12:35:35 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA14532 for firewalls-outgoing; Mon, 7 Apr 1997 11:42:25 -0700 (PDT) Received: from zeke.gov.yk.ca (ZEKE.GOV.YK.CA [199.247.128.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA14335 for ; Mon, 7 Apr 1997 11:41:19 -0700 (PDT) Received: by zeke.gov.yk.ca; id LAA12534; Mon, 7 Apr 1997 11:45:58 -0700 (PDT) Received: from unknown(199.247.130.39) by zeke.gov.yk.ca via smap (V3.1) id xma012526; Mon, 7 Apr 97 11:45:29 -0700 Received: from [199.247.134.75] ([199.247.134.75]) by tempest (8.7.5/8.7.3) with SMTP id LAA20092 for ; Mon, 7 Apr 1997 11:35:48 -0700 From: Larry Kwiat To: "'Firewalls Mailing List'" Subject: Re: Gauntlet / SmartWall source :-( Message-ID: Date: Mon, 7 Apr 1997 11:40:04 -0400 (EDT) X-Mailer: Simeon for Windows Version 4.0 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Re the post on open code for firewalls, and the comments below... On Sun, 6 Apr 1997 18:43:25 -0400 (EDT) C Matthew Curtin wrote: (snip) > Joe> Does anyone else muck with the source code like I > do? (snip) > I do... For internal stuff here, > In consulting situations, I typically recommend Gauntlet if someone > wants to "buy a firewall," or need something like that for a bastion > host. I've never known anyone with Gauntlet (besides me) to hack at > the code. > > In reality, I suspect that this is just a sign of the firewalling > times. Firewalls are becoming commodity items. (snip) > > Whether this is a Good Thing, a Bad Thing, or some combination thereof > (I vote for the latter, myself) isn't really relevant; it's what's > happening. (snip) > Matt Curtin Chief Scientist Megasoft, Inc. cmcurtin@research.megasoft.com > http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself > Death to small keys. Crack DES NOW! http://www.frii.com/~rcv/deschall.htm Good or bad, from a corporate perspective, I think it is a naive thing. When we are talking security, and all that can mean in today's world, it is plain damn foolishness to cut yourself off from a potential resource for either implementing a product, or damage control after the fact. Whether you have hired a button pusher or a true-grit programmer type, you will eventually _need_ that code. If you don't have the TGP to go along with it, you will have to rent one. But if you buy software for this kind of purpose, and you don't have the source code to go with it, and you are in a corporate position, you're a damn fool. This is my opinion, and may or may not (though I suspect it is) be shared by the government of Yukon. Sincerely, Larry Kwiat Information Security Coordinator Information Services Branch Department of Government Services Government of Yukon Phone: (403) 667-8081 Fax: (403) 667-5304 Netmail: kwiat@gov.yk.ca From owner-firewalls-outgoing Mon Apr 7 12:56:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA20250 for firewalls-outgoing; Mon, 7 Apr 1997 12:28:31 -0700 (PDT) Received: from gatekeeper2.mcimail.com (gatekeeper2.mcimail.com [192.147.45.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA20241 for ; Mon, 7 Apr 1997 12:28:25 -0700 (PDT) Received: from mailgate2.mcimail.com (mailgate2.mcimail.com [166.40.135.23]) by gatekeeper2.mcimail.com (8.6.12/8.6.10) with SMTP id TAA08012; Mon, 7 Apr 1997 19:32:48 GMT Received: from mcimail.com by mailgate2.mcimail.com id ak14780; 7 Apr 97 19:29 WET Date: Mon, 7 Apr 97 14:29 EST From: Karl Janice To: firewalls Subject: HTTP SecureID Authentication on Firewall-1 anyone? Message-Id: <97040719292246/0006731076PK5EM@MCIMAIL.COM> X-MB-Info: v1.10G | 18200030550 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Text item: Text_1 I would like to know if anyone has gotten SecureID to work in an HTTP authentication scheme. We are using version 2.0 of FireWall-1. We are trying to authenticate users of an internal web server. We are having problems. From owner-firewalls-outgoing Mon Apr 7 13:04:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA24025 for firewalls-outgoing; Mon, 7 Apr 1997 12:58:08 -0700 (PDT) Received: from newfed.frb.gov (newfed.frb.gov [198.3.221.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA24008 for ; Mon, 7 Apr 1997 12:58:01 -0700 (PDT) Received: from FRB.GOV (umailfwd@localhost) by newfed.frb.gov (8.8.5/8.8.5) with UUCP id OAA25982 for GreatCircle.COM!firewalls; Mon, 7 Apr 1997 14:59:50 -0400 (EDT) Received: from kryten.frb.gov by frbgate.FRB.GOV (4.1/SMI-4.0) id AA02709; Mon, 7 Apr 97 15:01:56 EDT Received: from localhost.frb.gov (localhost.frb.gov [127.0.0.1]) by kryten.frb.gov (8.6.12/8.6.12) with SMTP id OAA19574; Mon, 7 Apr 1997 14:56:30 -0400 Message-Id: <199704071856.OAA19574@kryten.frb.gov> X-Authentication-Warning: kryten.frb.gov: Host localhost.frb.gov didn't use HELO protocol X-Mailer: exmh version 1.6.5 12/11/95 To: "Button, Dave" Cc: "'Eric Demerling'" , "'firewalls'" Subject: Re: xntpd and gauntlet 3.2 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 07 Apr 1997 14:56:29 -0400 From: "Jonathan M. Bresler" Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Eric, Dr. David Mills has an FTP site louie.udel.edu in which you may >find the source for the xntp daemon, plus lots of other info bundled >into the tar file. See this reference: additional ntp information: http://www.eecis.udel.edu/~ntp/ http://www.eecis.udel.edu/~ntp/database/html_xntp3.5a/ From owner-firewalls-outgoing Mon Apr 7 15:21:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA03547 for firewalls-outgoing; Mon, 7 Apr 1997 14:01:24 -0700 (PDT) Received: from home.byelex.nl (home.byelex.nl [195.109.44.130]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA03435 for ; Mon, 7 Apr 1997 14:01:04 -0700 (PDT) Received: (from cowboy@localhost) by home.byelex.nl (8.8.5/8.8.5) id WAA06661; Mon, 7 Apr 1997 22:59:00 +0200 Date: Mon, 7 Apr 1997 22:58:59 +0200 (MET DST) From: Kevin McPeake To: Stuart Johnson cc: firewalls@GreatCircle.COM Subject: Re: Haystack info (Steve Smaha) In-Reply-To: <19970402145228.5834.qmail@squirrel.owl.de> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I don't know about the reminder of this email, but as far as Austin having a lack of engineering talent, that's bogus. As someone who is FROM Austin, I know for a fact, there are more software/hardware engineer's than they know what to do with. And while many people might argue the facts, Austin is one of the fastest growing cities in the USA, due to the high output of engineer's from University of Texas at Austin, and several other Hi-Tech Institutes and Colleages in the area. I'm not backing up Haystack....in fact, an old friend that I went to high school with in San Antonio, is with WheelGroup these days, but facts is facts, and I find it hard to believe that about Austin. Then again, I've been working in the Netherlands/UK for the last 9 months, so maybe I'm not up on current local events in Austin ;)P Kev On 2 Apr 1997, Stuart Johnson wrote: > > About a month ago, I inquired about Haystack and Wheelgroup. I received an email from > someone at Haystack that did not want to disclose their identity but revealed > a lot of information about the company. I believe this information to be true, but would > like to find out to the contrary. > > >From the inside information, apparently the founder and CEO of Haystack, Steve Smaha has > been removed because he was a control freak and raving lunatic inside the company. > Haystack is in decay because the Stalker family was a complete misdesign and failure. > > Also the source said that Steve Smaha was threatening to sue his own investors, partners, and customers. This seems kind of extreme to me, but the confirmation about Haystack suing Wheelgroup leaves this as a definite possibility. Some of the customers for Haystack have > emailed me saying they have not received an update for some of the Stalker family in over > 3 years. I wouldn't be suprised if Steve Smaha does not get sued himself if this is true. > > The investors, that removed Steve Smaha, brought in a new CEO. He is currently moving the company to Boston due to the lack of engineering talent in the former Austin HQ of Haystack. > The new CEO is trying to recruit engineers that can decipher the source > code because it lacked any structure and comments to understand it. > > I would have probably ignored this email except I am interested in monitoring tools and this > seems like a legitimate insider giving me details. I have tried to contact Steve Smaha but have not been able to reach him. I am looking for someone who might know the company better than me to confirm these facts. > > Stuart > > > > Kevin McPeake cowboy@home.byelex.nl Internet Consultant http://www.byelex.nl/ << You know something's up when your Thought process is idle. >> USER PID %CPU %MEM VSZ RSS TTY S STARTED TIME COMMAND cowboy 28365 0.0 0.2 2.84M 264K ttyp1 S 12:57:12 0:00.02 Thought From owner-firewalls-outgoing Mon Apr 7 16:07:36 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13396 for firewalls-outgoing; Mon, 7 Apr 1997 15:24:47 -0700 (PDT) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id PAA13365 for firewalls@greatcircle.com; Mon, 7 Apr 1997 15:24:42 -0700 (PDT) Received: from mercury.Sun.COM (mercury.Sun.COM [192.9.25.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA10538 for ; Mon, 7 Apr 1997 07:30:09 -0700 (PDT) Received: from East.Sun.COM ([129.148.1.241]) by mercury.Sun.COM (SMI-8.6/mail.byaddr) with SMTP id HAA20430 for ; Mon, 7 Apr 1997 07:35:38 -0700 Received: from starsky.East.Sun.COM by East.Sun.COM (SMI-8.6/SMI-5.3) id KAA21367; Mon, 7 Apr 1997 10:29:11 -0400 Received: from disney by starsky.East.Sun.COM (SMI-8.6/SMI-SVR4) id KAA00193; Mon, 7 Apr 1997 10:29:00 -0400 Date: Mon, 7 Apr 1997 10:26:18 -0400 (EDT) From: Michele Mullins - Commercial SE-Sun-Vienna VA Reply-To: Michele Mullins - Commercial SE-Sun-Vienna VA Subject: Re: ISR To: firewalls@GreatCircle.COM Message-ID: MIME-Version: 1.0 Content-Type: TEXT/plain; charset=us-ascii Content-MD5: FQ0R9rtFCLMd5cs1K8xnYg== X-Mailer: dtmail 1.2.0 CDE Version 1.2_14 SunOS 5.6 sun4u sparc Sender: firewalls-owner@GreatCircle.COM Precedence: bulk I paid to subscribe to this magazine when it first started. When it went free, they sent a letter asking people "donate" the remaining value of their subscription to something I don't remember, related to them I believe. They offered a refund as well. After several attempts at getting the refund, not only did I not get the refund, I stopped receiving the magazine. I was extremely dissatisfied with their customer service approach, although to be fair, I had paid for the magazine and had some grounds to expect customer service. The way they handled my requests was totally unprofessional. Now that it's free, the way I was treated would be acceptable, since you get what you pay for. But it left a really bad taste for me when they even stopped sending me something I had paid for. -Michele From owner-firewalls-outgoing Mon Apr 7 16:34:40 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA15142 for firewalls-outgoing; Mon, 7 Apr 1997 15:49:30 -0700 (PDT) Received: from arup.com (ove.arup.com [193.116.20.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id PAA15135 for ; Mon, 7 Apr 1997 15:49:23 -0700 (PDT) Received: by arup.com (4.1/UNIPALM-V1.3mjr@arup.com) id AA09163; Mon, 7 Apr 97 23:48:28 BST Received: from a_csun01.arup.com(69.69.11.1) by ove via smap (V1.3mjr) id sma009154; Mon Apr 7 23:48:22 1997 Received: from (a_csun14) by arupuk (4.1/SMI-4.1) id AA25117; Mon, 7 Apr 97 23:48:21 BST Received: from arup.com by (4.1/SMI-4.1) id AA13753; Mon, 7 Apr 97 23:45:14 BST Received: from comms-Message_Server by arup.com with Novell_GroupWise; Mon, 07 Apr 1997 23:45:13 +0000 Message-Id: X-Mailer: Novell GroupWise 4.1 Date: Mon, 07 Apr 1997 23:03:24 +0000 From: Scott Fagg To: firewalls@greatcircle.com Subject: POP proxy availability - part 2 Sender: firewalls-owner@GreatCircle.COM Precedence: bulk Based on the responses i got from my first post and some searching i did, it seems that there are a number of POP proxy solutions. I've tried one and have another to try later today. This brings up the next question. If i do install a POP proxy, controlled by tcpd, netacl or some other wrapper, once the daemon has started, how long does it hang around? (i guess ps would answer that) and if it does hang around, would this mean that the control that tcpd/netacl had in starting it would be lost (ie any one can connect) My assumption is that it would, but this seems a little bit too 'open'? regards, From owner-firewalls-outgoing Mon Apr 7 17:16:01 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA22016 for firewalls-outgoing; Mon, 7 Apr 1997 16:40:37 -0700 (PDT) Received: from hal-pc.org (hal-pc.org [204.52.135.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA21821 for ; Mon, 7 Apr 1997 16:39:38 -0700 (PDT) Received: from max1-169.hal-pc.org (max1-169.hal-pc.org [209.16.24.169]) by hal-pc.org (8.7.5/8.6.9) with SMTP id SAA15475; Mon, 7 Apr 1997 18:38:34 -0500 (CDT) Message-Id: <199704072338.SAA15475@hal-pc.org> Comments: Authenticated sender is From: "robertp@hal-pc.org" Organization: hal-pc.org To: firewalls@GreatCircle.COM, Michele Mullins - Commercial SE-Sun-Vienna VA Date: Mon, 7 Apr 1997 17:28:28 +0000 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: ISR In-reply-to: X-mailer: Pegasus Mail for Windows (v2.52) Sender: firewalls-owner@GreatCircle.COM Precedence: bulk >Your not alone. Back last Sept/Oct, I "subscribed". Remember, the web page as "under construction". I sent numerous messages and faxes (also note, there is no e-mail address unless they just added it in the past few days) regarding not only my subscription, but my "password" When it was recently resurrected, I tried my old password with no success. I sent an e-mail to their NOC who said he would "pass my message on" - To date, I have not heard one thing. Not a very professional way of doing business Bob Plaumann Date: Mon, 7 Apr 1997 10:26:18 -0400 (EDT) > From: Michele Mullins - Commercial SE-Sun-Vienna VA > Subject: Re: ISR > I paid to subscribe to this magazine when it first started. > > When it went free, they sent a letter asking people "donate" the remaining > value of their subscription to something I don't remember, related to them > I believe. They offered a refund as well. > > After several attempts at getting the refund, not only did I not get the > refund, I stopped receiving the magazine. > > I was extremely dissatisfied with their customer service approach, although > to be fair, I had paid for the magazine and had some grounds to expect > customer service. The way they handled my requests was totally unprofessional. > Now that it's free, the way I was treated would be acceptable, since you > get what you pay for. But it left a really bad taste for me when they even > stopped sending me something I had paid for. > > -Michele Bob Plaumann It is difficult to say what is impossible for the dream of yesterday is the reality of tomorrow - Dr. Robert H. Goddard From owner-firewalls-outgoing Mon Apr 7 17:28:30 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA15925 for firewalls-outgoing; Mon, 7 Apr 1997 16:00:54 -0700 (PDT) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA15900 for ; Mon, 7 Apr 1997 16:00:41 -0700 (PDT) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id SAA17274; Mon, 7 Apr 1997 18:45:54 -0400 Date: Mon, 7 Apr 1997 18:45:51 -0400 (EDT) From: Todd Graham Lewis To: Arley Carter cc: "firewalls(a)greatcircle.com" Subject: Re: xntpd and gauntlet 3.2 In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Fri, 4 Apr 1997, Arley Carter wrote: > On Fri, 4 Apr 1997 DSAWYER@PILLSBURY.COM wrote: > > > In a nutshell what I need to know is how do I get udp based packets on > > port 123 through the firewall? > > > > Anybody have any ideas? > > Bad Idea. Setup the firewall to be the auhtoritative time source for the > domain using xntpd to the outside world. Set the firewall to broadcast time > to the networks you want. Have the inside machines listen to time > broadcasts from the firewall. No need to pass udp through the firewall. Agreed. If you're super-paranoid, then you can shell out the US$200 for a GPS receiver and make yourself into a stratum-1 server. (If you do this, you should do it outside the firewall, offer stratum-1 services to others, and make your firewall a stratum-2 server, using ntp's builtin cryptographic authentication.) And to whoever said that you shouldn't use time-based cryptography, there are well-respected cryptosystems which rely on accurate time info on both client and server to eliminate replay attacks and other time-based hacks. To dismiss them merely because they require accurate time info is silly. __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Mon Apr 7 17:50:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id RAA27976 for firewalls-outgoing; Mon, 7 Apr 1997 17:31:36 -0700 (PDT) Received: from reflections.eng.mindspring.net (reflections.eng.mindspring.net [207.69.183.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id RAA27958 for ; Mon, 7 Apr 1997 17:31:28 -0700 (PDT) Received: from localhost (lists@localhost) by reflections.eng.mindspring.net (8.8.5/8.8.5) with SMTP id UAA22697; Mon, 7 Apr 1997 20:30:22 -0400 Date: Mon, 7 Apr 1997 20:30:19 -0400 (EDT) From: Todd Graham Lewis To: James Liang cc: Firewalls@GreatCircle.COM Subject: Re: Freeware that support NAT ? In-Reply-To: <3348B00D.41C6@guangzhou.sgi.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 7 Apr 1997, James Liang wrote: > Is there a freewere that can support NAT (RFC 1631) and can run on Linux > and other unix platforms? The closest thing of which I know is IP_MASQUERADE, which is a Linux feature. There is talk of making it into a fully-fleged NAT, but for now it's a neat-o sort-of-NAT thing. Go to http://sunsite.unc.edu/linux and read the IP Masquerade HOWTO. __ Todd Graham Lewis MindSpring Enterprises tlewis@mindspring.com From owner-firewalls-outgoing Mon Apr 7 17:58:32 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA15403 for firewalls-outgoing; Mon, 7 Apr 1997 15:53:20 -0700 (PDT) Received: from zeke.gov.yk.ca (ZEKE.GOV.YK.CA [199.247.128.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA15386 for ; Mon, 7 Apr 1997 15:53:09 -0700 (PDT) Received: by zeke.gov.yk.ca; id PAA29378; Mon, 7 Apr 1997 15:57:44 -0700 (PDT) Received: from unknown(199.247.130.39) by zeke.gov.yk.ca via smap (V3.1) id xma029369; Mon, 7 Apr 97 15:57:41 -0700 Received: from [199.247.134.75] ([199.247.134.75]) by tempest (8.7.5/8.7.3) with SMTP id PAA18300 for ; Mon, 7 Apr 1997 15:48:00 -0700 From: Larry Kwiat To: "'Firewalls Mailing List'" Subject: Re: Gauntlet / SmartWall source :-( Message-ID: Date: Mon, 7 Apr 1997 15:52:20 -0400 (EDT) X-Mailer: Simeon for Windows Version 4.0 X-Authentication: none MIME-Version: 1.0 Content-Type: TEXT/PLAIN; CHARSET=US-ASCII Sender: firewalls-owner@GreatCircle.COM Precedence: bulk On Mon, 7 Apr 1997 11:40:04 -0400 (EDT) Larry Kwiat wrote: > Re the post on open code for firewalls, and the comments > below... > > On Sun, 6 Apr 1997 18:43:25 -0400 (EDT) C Matthew Curtin wrote: > (snip) > > Joe> Does anyone else muck with the source code like I > > do? > (snip) > > I do... For internal stuff here, > > In consulting situations, I typically recommend Gauntlet if someone > > wants to "buy a firewall," or need something like that for a bastion > > host. I've never known anyone with Gauntlet (besides me) to hack at > > the code. > > > > In reality, I suspect that this is just a sign of the firewalling > > times. Firewalls are becoming commodity items. > (snip) > > > > Whether this is a Good Thing, a Bad Thing, or some combination thereof > > (I vote for the latter, myself) isn't really relevant; it's what's > > happening. > (snip) > > Matt Curtin Chief Scientist Megasoft, Inc. cmcurtin@research.megasoft.com > > http://www.research.megasoft.com/people/cmcurtin/ I speak only for myself > > Death to small keys. Crack DES NOW! http://www.frii.com/~rcv/deschall.htm > > Good or bad, from a corporate perspective, I think it is a > naive thing. When we are talking security, and all that can > mean in today's world, it is plain damn foolishness to cut > yourself off from a potential resource for either > implementing a product, or damage control after the fact. > Whether you have hired a button pusher or a true-grit > programmer type, you will eventually _need_ that code. If > you don't have the TGP to go along with it, you will have > to rent one. But if you buy software for this kind of > purpose, and you don't have the source code to go with it, > and you are in a corporate position, you're a damn fool. > This is my opinion, and may or may not (though I suspect it > is) be shared by the government of Yukon. > > Sincerely, > > Larry Kwiat > Information Security Coordinator > Information Services Branch > Department of Government Services > Government of Yukon > Phone: (403) 667-8081 > Fax: (403) 667-5304 > Netmail: kwiat@gov.yk.ca > > Sincerely, Larry Kwiat Information Security Coordinator Information Serv