There are firewalls designed specifically for ATM networks. (Department of Shameless Commerce admission: my company makes one of them.) They filter on ATM source and destination as well as IP packet parameters, and some of them run at close to wire speed, including OC-3 (155 Mbps). Don Flanagan Bytex Corp. www.bytex.com -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED] Sent: Wednesday, June 20, 2001 6:20 AM To: [EMAIL PROTECTED] Subject: Firewalls digest, Vol 1 #16 - 13 msgs Send Firewalls mailing list submissions to [EMAIL PROTECTED] To subscribe or unsubscribe via the World Wide Web, visit http://lists.gnac.net/mailman/listinfo/firewalls or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than "Re: Contents of Firewalls digest..." Today's Topics: 1. RE: sniffer programs (Sameer R. Manek) 2. Re: Spam and mail readers. (Michael T. Babcock) 3. Checkpoint FW-1 & ATM performance degradation (Pere Camps) 4. Re: NAT speeds (Michael T. Babcock) 5. MSN and security (d d) 6. Re: MSN and security (Eric M Haas) 7. Off Topic: Computer Security Contracts (Drew Einhorn) 8. Re: Off Topic: Computer Security Contracts (Wil Cooley) 9. Lucent Brick Firewall (Shoney Joy) 10. VPN Query ([EMAIL PROTECTED]) 11. Re: Spam and mail readers. (Jim Breton) 12. RE: Checkpoint FW-1 & ATM performance degradation (Hiemstra, Brenno) 13. RE: Checkpoint FW-1 & ATM performance degradation (Richard Taylor) --__--__-- Message: 1 From: "Sameer R. Manek" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: RE: sniffer programs Date: Tue, 19 Jun 2001 00:18:52 -0700 Sniffers have both legitimate and illegitimate uses. They are often really useful for debugging "network problems", so us systems folks can prove the network folks are wrong, and vice versa. tcpdump, trafshow, are both really handy. Someone recommended ethereal but I haven't had a chance to check it out yet. Course if an unauthorized user has a sniffer on your firewall, you have a much bigger problem. And it's time to start doing some serious intrusion detection audits. Also the use of a switched network helps minimize the usefulness of sniffing network traffic. Though most of your internet bound traffic would probably be passing through the firewall. Most of the hacks out there come from script kiddies who are mainly interested in the bandwidth for warez and dos attacks, so quick-install root kits are much more popular. Sameer > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Monday, June 18, 2001 5:22 AM > To: [EMAIL PROTECTED] > Subject: sniffer programs > > > Hello all, > > We often hear of bad guys using sniffer programs to check out packets for > information. My question is where and how are these sniffers usually > installed. Has anyone ever disovered a sniffer program running on their > firewall? > > Regards, > S. Filliol > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls --__--__-- Message: 2 Date: Tue, 19 Jun 2001 00:37:21 -0400 From: "Michael T. Babcock" <[EMAIL PROTECTED]> Organization: CyTech Computers To: Bill Royds <[EMAIL PROTECTED]> Cc: Eliyah Lovkoff <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: Re: Spam and mail readers. In outlook express, hit alt-enter to open the properties, and under the second tab, click "message source" for the original source of the message. Bill Royds wrote: >In MS Outlook (not Outlook Express) , after you open the message, you go to View/Options/Internet Headers from which you can copy the headers. >In Lotus Notes, after opening message, you go to Actions/Delivery Information and copy the headers from the Details window. >In Netscape Messenger, go to View/Page Source > >Notice that there is no consistency and in Outlook and Notes, you can only see headers after you have executed the Trojan :-) > > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Eliyah Lovkoff >Sent: Monday, June 18, 2001 16:10 >To: [EMAIL PROTECTED] >Subject: Spam and mail readers. > > >Can anyone recommend a mail reader that can show the full headers of an e-mail in question? > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls > >_______________________________________________ >Firewalls mailing list >[EMAIL PROTECTED] >http://lists.gnac.net/mailman/listinfo/firewalls > -- Michael T. Babcock CTO, FibreSpeed --__--__-- Message: 3 To: [EMAIL PROTECTED] From: Pere Camps <[EMAIL PROTECTED]> Subject: Checkpoint FW-1 & ATM performance degradation Reply-To: [EMAIL PROTECTED] Date: Tue, 19 Jun 2001 17:13:46 +0100 Hello, I've been given a project were I have to firewall off an ATM network. Basically, it's just put Firewall-1 (with Solaris or Nokia) in all the entry points of the enviorment. I'm quite worried about the performance degradation that this will put on the ATM PVC connection. On one side, there's throughput. I've read that Checkpoint claims that FW-1 can handle 240 Mbps on the correct machine. I very much doubt it. The PVC that we're running is 155 Mbps, and I feel that that would be too much, even if we're only going to use the firewall as a "packet filter". Does anybody have any experience in this issue? Also, delay issues. Does anybody know what delay on the packets will the firewall put? I'm not in a position to fine tune the MTU and window size of the machines involved, so that's not an option to get around throughput issues related to the RTT. Regarding the FW-1 choice, it's the companie's preferred firewall solution. But if FW-1 is not able to handle the job, the company is quite happy to go for another supplier. Can anybody help? Thanks! -- p. --__--__-- Message: 4 From: "Michael T. Babcock" <[EMAIL PROTECTED]> To: "Sameer R. Manek" <[EMAIL PROTECTED]>, "mouss" <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: NAT speeds Date: Tue, 19 Jun 2001 13:26:59 -0400 Organization: FibreSpeed > > why 100mb? is it because you have 100mb ethernet cards? If so, you'll be > > surprised to > > hear that with these, you can get about 6mb.... Unless they're using switched ethernet, in which case each port can get up to 200Mb + / sec... > Our outbound link hovers around 3-4megabyte/sec which is more then what > ethernet can sustain, that's why we needed to engineer a NAT implimentation > that can sustain close to FE speeds. I have no exact measurements, but if you're looking for a non-Cisco type system, a BSD or Linux box running on a modern processor should handle it just fine. -- Michael T. Babcock --__--__-- Message: 5 From: "d d" <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: MSN and security Date: Wed, 20 Jun 2001 01:50:00 -0000 Hi: I have a Wan with a Cisco Pix 515 as a firewall, i want to know if i need to cut the MSN service for all my LAN users? anyone know what is the right decission? Tnhaks! Suppo _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. --__--__-- Message: 6 Date: Tue, 19 Jun 2001 22:44:27 -0400 (EDT) From: Eric M Haas <[EMAIL PROTECTED]> To: "d d" <[EMAIL PROTECTED]> Subject: Re: MSN and security Cc: [EMAIL PROTECTED] Excerpts from internet.computing.firewalls: 20-Jun-101 MSN and security by "d d"@hotmail.com > I have a Wan with a Cisco Pix 515 as a firewall, i want to know > if i need to cut the MSN service for all my LAN users? anyone know what is > the right decission? > This is pretty much a policy and managment issue. If it's against your policy, or if too many people are using it instead of working, then block it, but make sure your policy reflects this. (and that employees have signed the policy!) If it's the latter,(productivity issue) then you're probably better off having management deal with this on a case-by-case basis than just simple blocking it (as the smart users will just find a way around it anyway) -Eric --__--__-- Message: 7 From: "Drew Einhorn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Off Topic: Computer Security Contracts Date: Tue, 19 Jun 2001 20:51:40 -0600 While there are many lists specializing in various computer security technologies, I haven't been able to find any specializing in the business of computer security. If you know of a better place to ask this question, please tell me where. I'm starting a computer security consulting business and would appreciate seeing examples of whatever contract boilerplate you may have. I'm especially interested in sections where the client tells me they don't have any medical equipment, life support systems, avionics, industrial/laboratory process control equipment, nuclear power plants, ... (anything I'm not licensed, certified, can't afford the professional liability insurance for, etc) connected to their network. Sections analogous to a medical informed consent, where I tell the client that if they have a fragile system, it might break and need to be repaired in the course of testing and upgrading it's security. Don't sue me. Any other biggies, besides the what I'm going to do, and what it's going to cost. I'd be surprised if the isn't one that I haven't thought of. Thanks, --__--__-- Message: 8 Date: Tue, 19 Jun 2001 22:38:06 -0700 From: Wil Cooley <[EMAIL PROTECTED]> To: Drew Einhorn <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: Off Topic: Computer Security Contracts --/TUrtqMIkCP4YtJm Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Thus spake Drew Einhorn: > While there are many lists specializing in various computer security > technologies, I haven't been able to find any specializing in the business > of computer security. If you know of a better place to ask this question, > please tell me where. >=20 > I'm starting a computer security consulting business and would appreciate > seeing examples of whatever contract boilerplate you may have. >=20 > I'm especially interested in sections where the client tells me they don't > have any medical equipment, life support systems, avionics, > industrial/laboratory process control equipment, nuclear power plants, ... > (anything I'm not licensed, certified, can't afford the professional > liability insurance for, etc) connected to their network. I'd actually like to know this kind of thing too, since I'm advertising a managed firewall service, even though I have no customers currently (aside from for the businesses I run), I don't actually have a contract of any sort written up. > Sections analogous to a medical informed consent, where I tell the client > that if they have a fragile system, it might break and need to be repaired > in the course of testing and upgrading it's security. Don't sue me. >=20 > Any other biggies, besides the what I'm going to do, and what it's going = to > cost. I'd be surprised if the isn't one that I haven't thought of. You can see what I'm proposing at http://nakedape.cc/index.php3/managedfw. I'm postitioning myself as a fairly low-end service; a simple packet-filter and NAT system, where I monitor the logs and run some port monitors (to watch for scans, etc.) and intrusion detection software. Actually, if you're going to look at my service description anyway, I'd like opinions or advice about it. *shrug* Wil --=20 W. Reilly Cooley [EMAIL PROTECTED] Naked Ape Consulting http://nakedape.cc LNXS: Get 0.2.0-devel at http://sourceforge.net/projects/lnxs/ irc.openprojects.net #lnxs The verdict of a jury is the a priori opinion of that juror who smokes the worst cigars. -- H. L. Mencken --/TUrtqMIkCP4YtJm Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.5 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7MDa9Jpn3uYWUEaoRAmhgAJ9Y4q1hcgHJxEdKe/i1Mvrh++FO4ACeIhbl wSjwjgRtFLOS2LpFybwqiq8= =OpWz -----END PGP SIGNATURE----- --/TUrtqMIkCP4YtJm-- --__--__-- Message: 9 Reply-To: <[EMAIL PROTECTED]> From: "Shoney Joy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: Lucent Brick Firewall Date: Wed, 20 Jun 2001 11:28:05 +0530 Hi people, Can u please tell me, where i can find out vulnerabilities of Lucent Brick Firewall 201. I would like to harden the same before puting on the production network.. Thanks in Advance Shoney --__--__-- Message: 10 From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: VPN Query Date: Wed, 20 Jun 2001 11:14:46 +0530 This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C0F94C.1D3299A0 Content-Type: text/plain; charset="iso-8859-1" Hi, I am using Gauntlet 5.5 Webshield 300 E-ppliance. I have done the settings for a VPN setup. The VPN client I am using is PGPNet 6.5. All goes fine till the point where the client requests for a certificate from the ROOT CA. When the Certificate is retrieved from the server, the following error appears - " invalid key" Any help on this pleez? regards. Anuradha ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from all computers and please contact the sender on +91-22-829 0635. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------_=_NextPart_001_01C0F94C.1D3299A0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-8859-= 1"> <META NAME=3D"Generator" CONTENT=3D"MS Exchange Server version 5.5.2652.35"> <TITLE>VPN Query</TITLE> </HEAD> <BODY> <BR> <BR> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Georgia">Hi,</FONT> <BR><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Georgia"> &nb= sp; I am using Gauntlet 5.5 Webshield 300 E-ppliance.&nbs= p; I have done the settings for a VPN setup. The VPN client I a= m using is PGPNet 6.5. All goes fine till the point where the client = requests for a certificate from the ROOT CA. When the Certificate is retrie= ved from the server, the following error appears -</FONT></P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Georgia">" invalid key&quo= t;</FONT> </P> <P><FONT COLOR=3D"#0000FF" SIZE=3D2 FACE=3D"Georgia">Any help on this pleez= ?</FONT> </P> <P><B><I><FONT COLOR=3D"#0000FF" FACE=3D"Monotype Corsiva">regards.</FONT><= /I></B> </P> <P><B><I><FONT COLOR=3D"#0000FF" FACE=3D"Monotype Corsiva">Anuradha</FONT><= /I></B><I></I> </P> <BR> <BR> <BR> <BR> <BR> <CODE><FONT SIZE=3D3><BR> <BR> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<BR> Opinions expressed in this e-mail are those of the individual and not that = of Mastek Limited, unless specifically indicated to that effect. Mastek Lim= ited does not accept any responsibility or liability for it.<BR> <BR> This e-mail and attachments (if any) transmitted with it are confidential a= nd/or privileged and solely for the use of the intended person or entity to= which it is addressed.<BR> <BR> Any review, re-transmission, dissemination or other use of or taking of any= action in reliance upon this information by persons or entities other than= the intended recipient is prohibited.<BR> <BR> This e-mail and its attachments have been scanned for the presence of compu= ter viruses. It is the responsibility of the recipient to run the virus che= ck on e-mails and attachments before opening them.<BR> <BR> If you have received this e-mail in error, kindly delete this e-mail from a= ll computers and please contact the sender on +91-22-829 0635.<BR> <BR> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~= ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<BR> </FONT></CODE></BODY> </HTML> ------_=_NextPart_001_01C0F94C.1D3299A0-- --__--__-- Message: 11 Date: Wed, 20 Jun 2001 08:02:07 +0000 From: Jim Breton <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Spam and mail readers. On Tue, Jun 19, 2001 at 12:37:21AM -0400, Michael T. Babcock wrote: > In outlook express, hit alt-enter to open the properties, and under the > second tab, click "message source" for the original source of the message. Quick shortcut to the same thing: Ctrl+F3 (Can't remember where I originally found this documented.) --__--__-- Message: 12 From: "Hiemstra, Brenno" <[EMAIL PROTECTED]> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: Checkpoint FW-1 & ATM performance degradation Date: Wed, 20 Jun 2001 10:13:31 +0200 Maybe build a firewall cluster with Stonebeat and Firewall -1 if you run your systems on Solaris or NT (would not recommend NT though). You can scale your cluster to make a more load balanced / load sharing firewall solution then just one system firewall I think, don't have proof to support my thoughts, that Firewall 1 on a nokia has a better throughput then on Solaris. And if, after a thorough research, you don't think Firewall-1 can do it, I sure know Cisco PIX can do the job.... Regards, Brenno > -----Original Message----- > From: Pere Camps [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 19 juni 2001 18:14 > To: [EMAIL PROTECTED] > Subject: Checkpoint FW-1 & ATM performance degradation > > Hello, > > I've been given a project were I have to firewall off an ATM network. > Basically, it's just put Firewall-1 (with Solaris or Nokia) in all > the entry points of the enviorment. > > I'm quite worried about the performance degradation that this will > put on the ATM PVC connection. > > On one side, there's throughput. I've read that Checkpoint claims > that FW-1 can handle 240 Mbps on the correct machine. I very much > doubt it. The PVC that we're running is 155 Mbps, and I feel that > that would be too much, even if we're only going to use the firewall > as a "packet filter". Does anybody have any experience in this issue? > > Also, delay issues. Does anybody know what delay on the packets will > the firewall put? I'm not in a position to fine tune the MTU and > window size of the machines involved, so that's not an option to > get around throughput issues related to the RTT. > > Regarding the FW-1 choice, it's the companie's preferred firewall > solution. But if FW-1 is not able to handle the job, the company > is quite happy to go for another supplier. > > Can anybody help? Thanks! > > -- p. > > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls --__--__-- Message: 13 From: Richard Taylor <[EMAIL PROTECTED]> To: "'Hiemstra, Brenno'" <[EMAIL PROTECTED]> Cc: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: RE: Checkpoint FW-1 & ATM performance degradation Date: Wed, 20 Jun 2001 20:00:07 +1000 This is a multi-part message in MIME format. --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; charset="iso-8859-1" Just been to a the Checkpoint Pacific Rim seminar in Sydney. Checkpoint was rating the Nokie. Nokie have made changes to their ISOv3.3 which uses a thing call "FLOWS" which was available in CP2000- SP2. IP520 performance was 270,000 pps 64 bytes UDP It run up to 520Mps with 1500 bytes packets. Solaris ultra was 17,000 pps NT P111 800Mhz was 15,000 pps Richard Taylor -----Original Message----- From: Hiemstra, Brenno [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 6:14 PM To: '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: RE: Checkpoint FW-1 & ATM performance degradation Maybe build a firewall cluster with Stonebeat and Firewall -1 if you run your systems on Solaris or NT (would not recommend NT though). You can scale your cluster to make a more load balanced / load sharing firewall solution then just one system firewall I think, don't have proof to support my thoughts, that Firewall 1 on a nokia has a better throughput then on Solaris. And if, after a thorough research, you don't think Firewall-1 can do it, I sure know Cisco PIX can do the job.... Regards, Brenno > -----Original Message----- > From: Pere Camps [SMTP:[EMAIL PROTECTED]] > Sent: dinsdag 19 juni 2001 18:14 > To: [EMAIL PROTECTED] > Subject: Checkpoint FW-1 & ATM performance degradation > > Hello, > > I've been given a project were I have to firewall off an ATM network. > Basically, it's just put Firewall-1 (with Solaris or Nokia) in all > the entry points of the enviorment. > > I'm quite worried about the performance degradation that this will > put on the ATM PVC connection. > > On one side, there's throughput. I've read that Checkpoint claims > that FW-1 can handle 240 Mbps on the correct machine. I very much > doubt it. The PVC that we're running is 155 Mbps, and I feel that > that would be too much, even if we're only going to use the firewall > as a "packet filter". Does anybody have any experience in this issue? > > Also, delay issues. Does anybody know what delay on the packets will > the firewall put? I'm not in a position to fine tune the MTU and > window size of the machines involved, so that's not an option to > get around throughput issues related to the RTT. > > Regarding the FW-1 choice, it's the companie's preferred firewall > solution. But if FW-1 is not able to handle the job, the company > is quite happy to go for another supplier. > > Can anybody help? Thanks! > > -- p. > > > > > > > _______________________________________________ > Firewalls mailing list > [EMAIL PROTECTED] > http://lists.gnac.net/mailman/listinfo/firewalls _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls --------------InterScan_NT_MIME_Boundary Content-Type: text/plain; name="InterScan_Disclaimer.txt" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="InterScan_Disclaimer.txt" ===================================================================== WARNING -This e-mail, including any attachments, is for the personal use of the recipient(s) only. Republication and re-dissemination, including posting to news groups or web pages, is strictly prohibited without the express prior consent of Thomson Legal & Regulatory Limited ACN 64 058 914 668 ===================================================================== --------------InterScan_NT_MIME_Boundary-- --__--__-- _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls End of Firewalls Digest _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
