----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, September 12, 2001 12:02 PM
Subject: Firewalls digest, Vol 1 #257 - 6 msgs
> Send Firewalls mailing list submissions to
> [EMAIL PROTECTED]
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.gnac.net/mailman/listinfo/firewalls
> or, via email, send a message with subject or body 'help' to
> [EMAIL PROTECTED]
>
> You can reach the person managing the list at
> [EMAIL PROTECTED]
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Firewalls digest..."
>
>
> Today's Topics:
>
> 1. Re: checkpoint firewall admin book in pdf (Andrew J. Caird)
> 2. Re: AOL probe - "just" Code Red ([EMAIL PROTECTED])
> 3. Firewalls brothers and sisters (Eddy Kalem)
> 4. RE: Creating Firewall based on linux (Isamp)
> 5. RE: AOL probe - "just" Code Red ([EMAIL PROTECTED])
> 6. RE: WINS with PIX (Byron Kennedy)
>
> --__--__--
>
> Message: 1
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: checkpoint firewall admin book in pdf
> Date: Wed, 12 Sep 2001 12:53:36 -0400
> From: "Andrew J. Caird" <[EMAIL PROTECTED]>
>
> >>> On Fri, 07 Sep 2001 10:15:25 -0300, Jose Cavalcante
> >>> <[EMAIL PROTECTED]> said:
>
> JC> hello list
> JC> i Find Checkpoint Firewall-1 Admin Book in PDF
> JC> thanks for all
>
> The Checkpoint CD has all of the manuals in PDF, if that's
> what you are looking for.
>
> --andrew
>
> --__--__--
>
> Message: 2
> From: [EMAIL PROTECTED]
> Subject: Re: AOL probe - "just" Code Red
> To: [EMAIL PROTECTED]
> Date: Wed, 12 Sep 2001 18:11:41 +0100
>
> William--
>
> What you've received is a probe by a machine infected with Code Red or
> similar.
>
> The fact that it's from an IP address in AOL's range is just a
coincidence.
>
> Whilst it could be one of AOL's own servers that has been infected and is
> trying to spread, it more likely to be one of it's users with an infected
> machine.
>
> All you have to do is make sure that if you're running IIS (server or
> personal version) that you are properly patched.
>
> Russell
>
>
> From: "william.wells" <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Date: Tue, 11 Sep 2001 17:38:05 -0500
> Subject: (no subject)
>
> My PC is loaded with intrusion detection and other types of software.
> For
> the first time, AOL has tripped one of those alarms. The message
> indicated
> that a connection from AOL's system 172.165.224.93
> (ACA5E05D.ipt.aol.com)
> attempted to scan my PC on port 80 with the URL of:
> GET /default.ida?XXXXXXXXX...XXX%u9090%u685......
>
> I've currently got AOL disabled at my firewall as a result. Normally,
> the
> firewall only lets ports 5190 out and only to AOL's systems. The
> implication
> of this is that, once connected to AOL, they allow both inbound and
> outbound
> connections. The system (172.165.224.93) also isn't one of the
> permitted IP
> addresses for which the firewall will allow connections to. A
> traceroute,
> however, clearly showed that the packet when through AOL's adapter
> running
> on Windows.
>
> Comments?
>
>
>
>
> --__--__--
>
> Message: 3
> From: Eddy Kalem <[EMAIL PROTECTED]>
> To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: Firewalls brothers and sisters
> Date: Wed, 12 Sep 2001 10:35:33 -0700
>
> Just thought I'd send out a message out to all you "Firewalls" brothers
and
> sisters that have been directly or indirectly affected by the horrible NYC
> tragedy. My hope and prayers are out to you all.
> God bless.
>
>
> EK
>
> --__--__--
>
> Message: 4
> From: "Isamp" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Cc: <[EMAIL PROTECTED]>
> Subject: RE: Creating Firewall based on linux
> Date: Wed, 12 Sep 2001 14:40:49 -0300
>
> Hi rym,
>
> Well, you can use IPTABLES. You can go to www.linuxguruz.org/iptables.
>
> gl,
>
> -- ISAMP
>
> --__--__--
>
> Message: 5
> From: [EMAIL PROTECTED]
> Subject: RE: AOL probe - "just" Code Red
> To: "william.wells" <[EMAIL PROTECTED]>
> Cc: [EMAIL PROTECTED]
> Date: Wed, 12 Sep 2001 18:41:19 +0100
>
> William---
>
> Are you getting your Internet access from AOL or do you have another
> Internet provide and connect to AOL through that?
>
> I'm no expert on AOL, but my understanding is that it's dial-up access
uses
> it's own proprietary protocol, and it provide winsock-based IP access
> through it's own virtual network adaptor - at least this is how previous
> versions in the UK worked.
>
> If, however, you have a "proper" Internet connection (ie. broadband or
> proper PPP dialup), and you access AOL over that, then AOL uses it's own
> special port over IP to communicate with it's servers, and it's that port
> you need to allow through your IP firewall.
>
> However, unless you've set your personal firewall rules up correctly,
there
> is no way you can stop ANY box TRYING to communicate with you on port 80,
> whether from AOL or not. If you're not running a web server of any kind
on
> your box, then just block port 80, and don't bother configuring your
> firewall to notify you. There is so much background noise on the Internet
> that the value of receiving individual alerts is pretty meaningless
> (although it's obviously useful to look at longer term trends for the
> connections made to your box, to identify repeated connection attempts).
>
> So, although AOL may block communication via it's own protocol from other
> users, you should not rely on them to block anything else, whether from
> other AOL users of anyone on the Internet. You're being scanned at an IP
> level, not a proprietary AOL protocol level..
>
> If you've never been scanned before, that more due to your luck than
> anything else....
>
> Russell
>
>
> ----- Forwarded by Russell Donoff/GB/ABNAMRO/NL on 12/09/2001
18:38
> -----
>
> "william.wells"
> <william.wells@pr To:
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> ovell.com> cc:
> Subject: RE: AOL probe -
"just" Code Red
> 12/09/2001 18:21
>
>
>
>
>
>
> What you are saying implies that other AOL users could access my
> system from
> their systems while I was logged into AOL. I thought AOL blocked
> that -
> perhaps not. I'm still talking to AOL. I've never been scanned
> while on AOL
> previously.
>
>
>
>
>
> --__--__--
>
> Message: 6
> From: Byron Kennedy <[EMAIL PROTECTED]>
> To: 'Johnston Mark' <[EMAIL PROTECTED]>,
> "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
> Subject: RE: WINS with PIX
> Date: Wed, 12 Sep 2001 11:06:01 -0700
>
> This message is in MIME format. Since your mail reader does not understand
> this format, some or all of this message may not be legible.
>
> ------_=_NextPart_001_01C13BB5.95125310
> Content-Type: text/plain;
> charset="iso-8859-1"
>
> WINS is Microsoft's implementation of the NetBIOS name-server rfc.
assuming
> your vpn allows all netbios ports, just point all clients to your wins
> server. confirm functionality by:
>
> 1. ping by netbios name
> 2. net view \\wins_server <file://\\wins_server> (netbios)
>
> if your authenticated #2 will work above, enumerating the shares on the
> host.
>
>
> -----Original Message-----
> From: Johnston Mark [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, September 12, 2001 6:26 AM
> To: '[EMAIL PROTECTED]'
> Subject: WINS with PIX
>
>
>
> Hi all,
>
> I have set up a PIX firewall with VPN capabilities. Everything seems to be
> working except for WINS. I dont want to go through the whole
configuration,
> but I'm calling on anyone that has run into the same problem or can give
me
> any pointers.
>
> I know its not much to work with ......
>
> Cheers
> Mark
>
>
> ------_=_NextPart_001_01C13BB5.95125310
> Content-Type: text/html;
> charset="iso-8859-1"
>
> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
> <HTML><HEAD>
> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
> <TITLE>WINS with PIX</TITLE>
>
> <META content="MSHTML 5.50.4616.200" name=GENERATOR></HEAD>
> <BODY>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
size=2>WINS
> is Microsoft's implementation of the NetBIOS name-server rfc.
assuming your
> vpn allows all netbios ports, just point all clients to your wins
server.
> confirm functionality by:</FONT></SPAN></DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
> size=2></FONT></SPAN> </DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
size=2>1.
> ping by netbios name</FONT></SPAN></DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
size=2>2.
> net view <A href="file://\\wins_server">\\wins_server</A>
> (netbios)</FONT></SPAN></DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
> size=2></FONT></SPAN> </DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
size=2>if
> your authenticated #2 will work above, enumerating the shares on the
> host.</FONT></SPAN></DIV>
> <DIV><SPAN class=516480218-12092001><FONT face=Verdana color=#0000ff
> size=2></FONT></SPAN> </DIV>
> <BLOCKQUOTE dir=ltr style="MARGIN-RIGHT: 0px">
> <DIV class=OutlookMessageHeader dir=ltr align=left><FONT face=Tahoma
> size=2>-----Original Message-----<BR><B>From:</B> Johnston Mark
> [mailto:[EMAIL PROTECTED]]<BR><B>Sent:</B> Wednesday, September
12, 2001
> 6:26 AM<BR><B>To:</B> '[EMAIL PROTECTED]'<BR><B>Subject:</B> WINS
with
> PIX<BR><BR></FONT></DIV>
> <P><FONT size=2>Hi all,</FONT> </P>
> <P><FONT size=2>I have set up a PIX firewall with VPN capabilities.
Everything
> seems to be working except for WINS. I dont want to go through the whole
> configuration, but I'm calling on anyone that has run into the same
problem or
> can give me any pointers.</FONT></P>
> <P><FONT size=2>I know its not much to work with ......</FONT> </P>
> <P><FONT size=2>Cheers</FONT> <BR><FONT size=2>Mark</FONT>
> </P></BLOCKQUOTE></BODY></HTML>
>
> ------_=_NextPart_001_01C13BB5.95125310--
>
>
> --__--__--
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
>
> End of Firewalls Digest
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
