there's an access list on the ethernet interface thats directly connected to a dsl modem.
they're allowing telnet and smpt to basically, any any plus various other protocols from/to specific addresses. There're only two outside addresses that are natted but its really hideous and the access list is the only thing resembling a layer of security between the internet and their server farm. I was just hoping to hear some really good verbage about how vulnerable they are. I've told them for 3 months to get a pix but it just aint sinking in. Now they've got a worm loose on their mail server thats bringing down their main host system and their internet line (but thats another story). > -----Original Message----- > From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 03, 2003 8:46 AM > To: [EMAIL PROTECTED] > Subject: RE: hacking challenge [7:66720] > > > Wilmes, Rusty wrote: > > > > this is a general question for the security specialists. > > > > Im trying to convince a client that they need a firewall.... > > > > so hypothetically, > > > > if you had telnet via the internet open to a router (with an > > access list > > that allowed smtp and telnet) (assuming you didn't know the > > telnet password > > or the enable password)that had a bunch of nt servers on > > another interface, > > Do you actually mean that you are allowing Telnet and SMTP to > go through the > router? You said "to" above which is confusing. Allowing Telnet to the > router unrestricted would be a horrible security hole, even > for people who > don't know the password because passwords are often guessable. > > But I don't think that's what you meant... > > Allowing Telnet and SMTP through the router is more common, > especially SMTP. > You have to allow SMTP if you have an e-mail server that gets > mail from the > outside world. Avoid Telnet, though, if you can. It sends all > text as clear > text, including passwords. > > The question is really how vulnerable is the operating system > that the SMTP > server is running on? It's probably horribly vulnerable if your client > hasn't kept up with the latest patches, and it sounds like > your client is > the type that hasn't? In fact, the server is probably busy > attacking the > rest of us right now! ;-0 > > So, as far as convicing your customer.... > > The best way may be to put a free firewall, like Zone Alarm, > on the decision > maker's computer and show her/him all the attacks happening > all the time. Or > if she already has a firewall, walk her through the log. > > Good luck. I have a good book to recommend on this topic: > > Greenberg, Eric. "Mission-Critical Security Planner." New > York, New York, > Wiley Publishing, Inc., 2003. > > Here's an Amazon link: > > http://www.amazon.com/exec/obidos/ASIN/0471211656/opendoornetw > inc/104-9901005-4572707 > > Priscilla > > > how long would it take a determined hacker a) cause some kind > > of network > > downtime and b) to map a network drive to a share on a file > > server over the > > internet. > > > > Thanks, > > Rusty > > > > > -----Original Message----- > > > From: Larry Letterman [mailto:[EMAIL PROTECTED] > > > Sent: Wednesday, April 02, 2003 1:44 PM > > > To: [EMAIL PROTECTED] > > > Subject: RE: VLAN loop problem [7:66656] > > > > > > > > > Yes, > > > it prevents loops in spanning tree on layer 2 switches from > > > causing a loop > > > by disabling the port on a cisco switch... > > > > > > > > > Larry Letterman > > > Network Engineer > > > Cisco Systems > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > From: [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] Behalf Of > > > > Thomas N. > > > > Sent: Wednesday, April 02, 2003 12:18 PM > > > > To: [EMAIL PROTECTED] > > > > Subject: Re: VLAN loop problem [7:66656] > > > > > > > > > > > > What does "portfast bpdu-guard" do? Does it prevent > > interfaces with > > > > portfast enabled from causing the loop in my scenario? > > > > > > > > > > > > ""Larry Letterman"" wrote in message > > > > news:[EMAIL PROTECTED] > > > > > > > > > port mac address security might work, altho its a lot of > > admin > > > > > overhead..are you running portfast bpdu-guard on the > > access ports? > > > > > > > > > > > > > > > Larry Letterman > > > > > Network Engineer > > > > > Cisco Systems > > > > > > > > > > > > > > > ----- Original Message ----- > > > > > From: Thomas N. > > > > > To: [EMAIL PROTECTED] > > > > > Sent: Tuesday, April 01, 2003 8:14 PM > > > > > Subject: VLAN loop problem [7:66656] > > > > > > > > > > > > > > > Hi All, > > > > > > > > > > I got a problem in the production campus LAN here > > between > > > > VLANs. Please > > > > > help me out! Below is the scenario: > > > > > > > > > > We have VLAN 10 (10.10.x.x) and VLAN 20 (10.20.x.x) > > subnets. > > > > Routing is > > > > > enable/allowed between the two subnets using MSFC of > > > the 6500. Each > > > > subnet > > > > > has a DHCP server to assign IP address to devices on > > its subnet. > > > > > Spanning-tree is enable; however, portfast is turned on > > on all > > > > > non-trunking/uplink ports. Recently, devices on VLAN > > 10 got > > > > assigned an > > > > IP > > > > > address of 10.20.x.x , which is from the DHCP on the > > > other scope and > > > > also > > > > > from 10.10.x.x scope, and vice versa. It seems that we > > a > > > > loop somewhere > > > > > between the 2 subnets but we don't know where. I > > > noticed lots of end > > > > users > > > > > have a little unmanged hub/switch hang off the network > > > jacks in their > > > > > cubicals and potentially cause loop. > > > > > > > > > > Is there any way that we can block the loop on the > > > Cisco switches > > > > without > > > > > visiting cubicals taking those little umanaged > > > hubs/switches? Thanks! > > > > > > > > > > Thomas Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=66774&t=66720 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]