Firewalls: Re: tcp/udp port numbers

Firewalls
(November 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: tcp/udp port numbers - more
From:	"Ryan Russell"<ryanr @ sybase . com>
Date:	Mon, 17 Nov 1997 19:46:07 -0800
To:	jsk347 @ sprynet . com
Cc:	dons @ Cadabratech . com, Firewalls @ GreatCircle . COM

My policy permits inside users to access just about
any outside service.  I disallowed SNMP for a
while until I tracked that problem down.  I use FW1, but
had I had an AG in place that had the capability to allow
SNMP out, I would have allowed it.

                    Ryan





jsk347 @
 sprynet .
 com on 11/17/97 07:37:36 PM

To:   Ryan Russell/SYBASE, dons @
 Cadabratech .
 com
cc:   Firewalls @
 GreatCircle .
 COM
Subject:  Re: tcp/udp port numbers - more




An Application Gateway Firewall would (presumably) stop this from happening
unless you specifically opened a hole for it.  Is it safe to "ass-u-me"
that you were running a packet filter and allowing anything that
established "inside" as OK to the outside?  Just curious...
Steve Kruse
At 05:33 PM 11/17/97 -0800, Ryan Russell wrote:
>
>
>It was JetAdmin in my case.
>
>I had some particularly bad behavior...
>One of my users was in from out of town,
>and plugged in her laptop, and was using DHCP.
>
>She was on a net with a subnet of of my
>130.214 class B.  I was getting complaints from
>a school at something like 130.252.
>
>I checked the firewall logs, and it had started
>at 130.255.255.255 and was working it's was down.
>She didn't even have the main JetAdmin program
>loaded at the time.  It had thrown a small program
>in the startup section in the registry.  It showed
>up in the Win95 task list when I did ctrl-alt-del.
>
>                         Ryan
>
>
>
>
>
>dons @
 Cadabratech .
 com on 11/17/97 04:27:44 PM
>
>To:   Ryan Russell/SYBASE
>cc:   Firewalls @
 GreatCircle .
 COM
>Subject:  Re: tcp/udp port numbers - more
>
>
>
>
>
>>
>> Does it have any HP printer management software?
>>
>> I've caught HP drivers doing this...in fact, some of the Internet
>> sites it reached were not amused.
>>
>Yep - it's running JetAdmin. You think this is doing it? I've noticed
>alot of strange packets running around. We have a mopier (HP 5Si?)
>which has a JetDirect box built in and I've  seen some packets heading
>across to tcp port 9000.
>Don
>
>
>
>
>
**************************************************
* Steve Kruse                  Milkyway Networks *
* Network Sales Support    1342 E. Vine St. #224 *
*                            Kissimmee, FL 34744 *
* http://www.milkyway.com      skruse @
 milkwy .
 com *
**************************************************

Follow-Ups:

Re: tcp/udp port numbers - more
From: Steve Kruse <jsk347 @ sprynet . com>

Indexed By Date	Previous:	Re: tcp/udp port numbers - more From: Steve Kruse <jsk347 @ sprynet . com>
Indexed By Date	Next:	Re: tcp/udp port numbers - more From: Steve Kruse <jsk347 @ sprynet . com>
Indexed By Thread	Previous:	Re: tcp/udp port numbers - more From: dons @ Cadabratech . com (Don Shesnicky)
Indexed By Thread	Next:	Re: tcp/udp port numbers - more From: Steve Kruse <jsk347 @ sprynet . com>