The actual scenario is: The customer has a VPN device on his campus and places an VPN device in our building to create a site to site tunnel. He has also configured the VPN in our building to "route" encrypted data back to his VPN and "non encrypted" data to a server in our internal network. I cannot obtain the documented configuration. I have made protocol 50 and 51 and udp port 500 on the firewall so that his VPN device can talk to his VPN device in our building. He also wanted to have port 4000 opened for TCPDUMP and ports 9874, 9875 and 9876 for monitoring the VPN device in our building. Any comments/suggestions are greatly appreciated. Thanks for all input in advance. Ivan ----- Original Message ----- From: "Aaron Turner" <[EMAIL PROTECTED]> To: "Ivan Fox" <[EMAIL PROTECTED]> Cc: "Firewall 1 Mail List" <[EMAIL PROTECTED]> Sent: Friday, April 14, 2000 6:38 PM Subject: Re: [FW1] OT - TCPDUMP posts risk or not? > > > I'd say this is highly suspicous and would be a definate red flag. My > company does a lot of business with Fortune 1000 companies such as FedEx > and Ford, as well as companies such as Network Solutions. While some of > these customers have requested 3rd party security audits of our servers > and network, none have ever requested the ability to have access to > tcpdump on *my* servers. > > If they ever asked for such access, I'd tell them I'd be more than happy > to do that when cows fly in a frozen hell; but until then they are out of > luck. > > Also, I've never heard of any link between port 4000 and tcpdump. I don't > know what they're pulling, but it isn't kosher. > > -- > Aaron Turner [EMAIL PROTECTED] 650.237.0300 x252 > Security Engineer Vicinity Corp. > Cell: 408-314-9874 http://www.vicinity.com > > On Fri, 14 Apr 2000, Ivan Fox wrote: > > > > > I am extremely sorry that I have posted two OT messages today as the lists > > are my only sources of quality advice. If there are other security mail > > lists for these types of questions, kindly let me know. Thanks for your > > understanding in advance. > > > > > > One of our customers insisted us to open up port 4000 to allow them to > > transfer/monitor/use TCPDUMP. We hestitated. He threatens not to do > > business with us! > > > > Any security advice about TCPDUMP is greatly appreciated. > > > > Best regards, > > > > Ivan > > > > > > > > ============================================================================ ==== > > To unsubscribe from this mailing list, please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ============================================================================ ==== > > > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
