Hello;
Here in BoUn we are running FW-1 for a small part of our network. Mail,
news, www etc. servers are behind the firewall. Especially because of a
tight budget (a state funded University) and a heavy network traffic, we
did not get all of the campus network behind FW-1. So that a small
license (only for 25 hosts I think) was (in fact still is) good enough
for our needs.
However, last week when I reboot the system, during the boot up, I had
a warning from firewall software, which states that "There are more
hosts than 25" and if I could contact my reseller. Although this is a
typical license violation message, our reseller (seems to) do not take
this quite seriously. They did not send anybody at that day and the day
after they could not find any time to come here (due to a serious(!)
problem in another customer, who, if I'm not wrong, runs FW-1 on an NT
box, which is a problem by itself)
The important thing is, while FW-1 is thinking that there are more than
25 internal hosts, there are only 8 of them, in physically realty , and
in configuration files. It claims many foreign (quite foreign, what
about nntp-in.uu.net !!) hosts as its internal hosts.
Any idea, how and why this happened, and is this position harmful? I do
not like the idea of seeing external hosts as internal ones. If this is
a kind of attack, it should be a very serious one. I could not find any
extraordinary (this is a school, you know, small attacks are daily
issue) hacking attempt on our systems.
Regards;
--
-------------------------------------------------------------------
| Can Baysal <baysalc @
boun .
edu .
tr> | System Manager |
-------------------------------------------------------------------
never cared for what they say
never cared for games they play
never cared for what they do
never cared for what they know
and I know
Follow-Ups:
|
|
