-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
Sent: Thursday, March 28, 2002 3:02 PM
To: [EMAIL PROTECTED]
Subject: Firewalls digest, Vol 1 #623 - 8 msgs
Send Firewalls mailing list submissions to
[EMAIL PROTECTED]
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.gnac.net/mailman/listinfo/firewalls
or, via email, send a message with subject or body 'help' to
[EMAIL PROTECTED]
You can reach the person managing the list at
[EMAIL PROTECTED]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Firewalls digest..."
Today's Topics:
1. RE: IIOP firewall proxy (Thomas J. Arseneault)
2. RE: (no subject) (John Strayhorn)
3. Re: PIX vs BSD (The Pal / Patrik Bodin)
4. Re: PIX vs BSD (bob bobing)
5. Re: PIX vs BSD (bob bobing)
6. Nokia and fsck ([EMAIL PROTECTED])
7. Cisco Security Advisory: LDAP Connection Leak in CTI when User
Authentication Fails (Cisco Systems Product Security Incident Response
Team)
8. RE: unsubscribe (Stetser, Dan)
--__--__--
Message: 1
From: "Thomas J. Arseneault" <[EMAIL PROTECTED]>
To: "zze-PEX SOR balc031 FTRD/DTL/CAE"
<[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: RE: IIOP firewall proxy
Date: Tue, 26 Mar 2002 23:15:15 -0800
This is a multi-part message in MIME format.
------=_NextPart_000_0025_01C1D51C.1685E9C0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
IIOP firewall proxyGauntlet has an IIOP proxy. I don't use it (and I
don't
even recall what an IIOP is) so I don't have an opion as to it's
quality. If
you need more (any) details you can send email to the Gauntlet users
list
([EMAIL PROTECTED]).
Tom Arseneault
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of zze-PEX SOR balc031
FTRD/DTL/CAE
Sent: Monday, March 25, 2002 6:52 AM
To: '[EMAIL PROTECTED]'
Subject: IIOP firewall proxy
Hi,
Does anyone know if iiop proxy products other than Wonderwall and
gatekeeper exist?
Thanks in advance
Sylvain C.
------=_NextPart_000_0025_01C1D51C.1685E9C0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD><TITLE>IIOP firewall proxy</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR></HEAD>
<BODY>
<DIV><SPAN class=3D689150607-27032002><FONT face=3DArial color=3D#0000ff
=
size=3D2>Gauntlet has an IIOP proxy. I don't use it (and I don't even =
recall what=20
an IIOP is) so I don't have an opion as to it's quality. If you need =
more (any)=20
details you can send email to the Gauntlet users list (<A=20
href=3D"mailto:[EMAIL PROTECTED]";>gauntlet-user@listserv.
v=
-one.com</A>).=20
</FONT></SPAN></DIV>
<DIV><SPAN class=3D689150607-27032002><FONT face=3DArial color=3D#0000ff
=
size=3D2></FONT></SPAN> </DIV>
<DIV><SPAN class=3D689150607-27032002><FONT face=3DArial color=3D#0000ff
=
size=3D2>Tom=20
Arseneault</FONT></SPAN></DIV>
<BLOCKQUOTE=20
style=3D"PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #0000ff 2px =
solid">
<DIV class=3DOutlookMessageHeader><FONT face=3D"Times New Roman"=20
size=3D2>-----Original Message-----<BR><B>From:</B>=20
[EMAIL PROTECTED] =
[mailto:[EMAIL PROTECTED]]<B>On=20
Behalf Of</B> zze-PEX SOR balc031 FTRD/DTL/CAE<BR><B>Sent:</B> Monday,
=
March=20
25, 2002 6:52 AM<BR><B>To:</B> =
'[EMAIL PROTECTED]'<BR><B>Subject:</B>=20
IIOP firewall proxy<BR><BR></FONT></DIV>
<P><FONT face=3DArial size=3D2>Hi,</FONT> </P>
<P><FONT face=3DArial size=3D2>Does anyone know if iiop proxy products
=
other than=20
Wonderwall and gatekeeper exist?</FONT> </P>
<P><FONT face=3DArial size=3D2>Thanks in advance</FONT> </P>
<P><FONT face=3DArial size=3D2>Sylvain C.</FONT>=20
</P><BR><BR></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0025_01C1D51C.1685E9C0--
--__--__--
Message: 2
From: John Strayhorn <[EMAIL PROTECTED]>
To: 'm srinivas' <[EMAIL PROTECTED]>,
"'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]>
Subject: RE: (no subject)
Date: Sun, 24 Mar 2002 17:55:26 -0500
It's no longer being updated, but this document
http://proxyfaq.networkgods.com/htmlFAQ/default.htm
was a lifesaver to me when I was working with Proxy
Server. There are detailed instructions for Exchange.
If you're using sendmail or something else, I'm not
so sure -- good luck!
-- John
-----Original Message-----
From: m srinivas [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, March 20, 2002 4:56 AM
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: (no subject)
Does anybody out there using Microsoft Proxy Server 2.0? I'm trying to
setup
an internal SMTP server using the proxy as a mail relay host. Any Ideas?
Poxy is working fine for HTTP and winsocks but I can't figure out how to
get
the SMTP working.
Would appreciate any hints...
Thanks.
_________________________________________________________________
Get your FREE download of MSN Explorer at
http://explorer.msn.com/intl.asp.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
--__--__--
Message: 3
Date: Wed, 27 Mar 2002 17:14:19 +0100 (CET)
From: The Pal / Patrik Bodin <[EMAIL PROTECTED]>
To: Clifford Thurber <[EMAIL PROTECTED]>
Cc: Peter Trifonov <[EMAIL PROTECTED]>,
<[EMAIL PROTECTED]>
Subject: Re: PIX vs BSD
Organization: Qbranch AB http://www.qbranch.se
If you read what I wrote one more time you can see that I never denied
that
fact.
/P
On 2002-03-27 09:35, Clifford Thurber revealed:
CT> I believe the BSD ipfilter *is* stateful.
CT>
CT> At 08:42 AM 3/27/2002 +0100, The Pal / Patrik Bodin wrote:
CT> >On 2002-03-27 10:30, Peter Trifonov revealed:
CT> >
CT> >PT> Hello everybody!
CT> >PT>
CT> >PT> I consider replacement of Cisco PIX 515 (Restricted) firewall
in a small
CT> >PT> corporate network with *BSD software firewall. Can anybody tell
me how
CT> >PT> close can one approximate PIX's functionality with BSD?
CT> >
CT> >You can't make it do the _same_ stateful inspection as the PIX
does, and you
CT> >can't make it achieve the same prestanda without using a more
powerful
CT> >machine,
CT> >but apart from that you can make it do everything the PIX can. In
addition you
CT> >can make it do the ocean of things that UNIX:es can do, but I would
let it
CT> >do as
CT> >little as possible outside firewalling and related.
CT> >
CT> >/P
CT> >
CT> >_______________________________________________
CT> >Firewalls mailing list
CT> >[EMAIL PROTECTED]
CT> >http://lists.gnac.net/mailman/listinfo/firewalls
CT>
--__--__--
Message: 4
Date: Wed, 27 Mar 2002 08:56:12 -0800 (PST)
From: bob bobing <[EMAIL PROTECTED]>
Subject: Re: PIX vs BSD
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Well so far there are 3 main stream firewall packages
for bsd (that ship with the OS).
IPFW (ip firewall)
IPF (ip filter)
PF (packet filter)
IPFW comes with FreeBSD.
IPF runs on any BSD (Free,Net,Open*,BSD/OS)
PF comes with OpenBSD.
My own taste would be ipf, but i really like some of
the options in pf (modulate state will do the same
thing as the pix with seq. numbers as an example).
* You need to install IPF yourself on OpenBSD.
Here is a small list of stuff to help you out on which
to pick.
man pages for each.
------
man ipf (ipfilter)
man ipnat (ipfilter)
man ifw (ip firewall)
man natd (ip firewall)
man pfctl (packet filter)
Some howto so you can read up on each
------
http://www.obfuscation.org/ipf/
http://www.deadly.org/pf-howto/
http://www.freebsd-howto.com/HOWTO/Ipfw-HOWTO
--- Peter Trifonov <[EMAIL PROTECTED]> wrote:
> Hello everybody!
>
> I consider replacement of Cisco PIX 515 (Restricted)
> firewall in a small
> corporate network with *BSD software firewall. Can
> anybody tell me how
> close can one approximate PIX's functionality with
> BSD?
>
>
> With best regards,
> P. Trifonov
>
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards�
http://movies.yahoo.com/
--__--__--
Message: 5
Date: Wed, 27 Mar 2002 09:00:04 -0800 (PST)
From: bob bobing <[EMAIL PROTECTED]>
Subject: Re: PIX vs BSD
To: [EMAIL PROTECTED]
Care to explain your statement?
> You can't make it do the _same_ stateful inspection
> as the PIX does, and you
> can't make it achieve the same prestanda without
> using a more powerful machine,
__________________________________________________
Do You Yahoo!?
Yahoo! Movies - coverage of the 74th Academy Awards�
http://movies.yahoo.com/
--__--__--
Message: 6
Subject: Nokia and fsck
To: [EMAIL PROTECTED]
From: [EMAIL PROTECTED]
Date: Wed, 27 Mar 2002 17:02:58 +0000
Hi all,
I had a bit of an unnerving experience last week and just wondered if
anyone else had seen this ..........
We lost a Nokia IP440 (hard disk failure !). Failover worked fine but I
had
to replace the primary bx.
While installing the new primary I had some switch problems that
prevented
me from failing 2 of our 5 VRRP circuits back to the primary unit, and
in
checking this out I had to recycle the box a couple of times ( I thought
it
was an nic to start with ! ).
I have cycled the box like this many times in the past, albeit mainly
during testing, but it always came back ok as far as the IPSO os was
concerned. This time though, I had a whole load of lost blocks and
directories in the file system which (in the end) I only managed to cure
by
running "fsck".
I should add that it was all fine after that and I lost none of the
config,
and the box is still running ok now.
However, having lost one box already I wasn't terribly excited about
this
and thought it worth a quick email to you guys to get a second
opinion.....................
Any comments ?
Thanks, Gordon
--__--__--
Message: 7
From: Cisco Systems Product Security Incident Response Team
<[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Cisco Security Advisory: LDAP Connection Leak in CTI when User
Authentication Fails
Date: Wed, 27 Mar 2002 12:00:00 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE-----
Cisco Security Advisory: LDAP Connection Leak in CTI when User
Authentication
Fails
Revision 1.0
For Public Release 2002 March 27 17:00 UTC
-
------------------------------------------------------------------------
-------
Contents
Summary
Affected Products
Details
Impact
Software Versions and Fixes
Obtaining Fixed Software
Workarounds
Exploitation and Public Announcements
Status of This Notice
Distribution
Revision History
Cisco Security Procedures
-
------------------------------------------------------------------------
-------
Summary
The Cisco CallManager, running certain software releases, has a
vulnerability
wherein a memory leak in the CTI Framework authentication can cause the
server
to crash and result in a reload. This vulnerability can be exploited to
initiate a denial of service (DoS) attack.
This vulnerability is documented as Cisco bug ID CSCdv28302. There are
workarounds available to mitigate the vulnerability.
This advisory is available at
http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.
Affected Products
To determine if a product is vulnerable, review the list below. If the
software
versions or configuration information are provided, then only those
combinations are vulnerable.
* Cisco CallManager 3.1
No other Cisco product is known to be affected by this vulnerability.
Details
A memory leak in the Cisco CallManager has been attributed to the
failure of a
user to properly authenticate when using Call Telephony Integration
(CTI). This
behavior is most commonly seen on CallManager systems immediately
following the
integration with a customer directory such as Active Directory (AD) or
Netscape. The most common cause in this scenario is that the
WebAttendant user,
CTI Framework (CTIFW), has not been configured with a valid password in
the
customer directory. Please note that this problem will occur even on
systems
that do not utilize the WebAttendant since the Telephony Call Dispatch
(TCD)
service is always enabled by default. The CCMAdmin->Global Directory and
"Add a
New User" configuration pages stop working if CTIFW user is not
configured or
the CTI user's password is incorrect. Various other components such as
RIS Data
Collector may also fail to function properly.
Bug ID
This vulnerability is documented as Cisco Bug ID CSCdv28302.
Problem Symptoms
There are several indicators available in determining if this problem is
at the
root.
LDAP Leak Detection
+-----------------------------------------------------+
| Tool | Message |
|-------+---------------------------------------------|
| |Error: kCtiProviderOpenFailure - CTI |
| |application failed to open provider |
| |CTIconnectionId: 485 |
| |Login User Id: CtiFw |
| |ReasonCode: 2362179680 |
| |IPAddress: 172.21.12.44 |
| |App ID: Cisco CTIManager |
| |Cluster ID: JMTAO-CM2-Cluster |
|Event |Node ID: JMTAO-CM2 |
|Viewer |CTI Application ID: Cisco Telephony Call |
| |Dispatcher |
| |Process ID: 0 |
| |Process Name: CtiHandler |
| |Provider Name: CTI Framework |
| |Explanation: Application is unable to open |
| |provider. |
| |Recommended Action: Check the reason code and|
| |correct the problem. Restart |
| |CTIManager if problem persists.. |
|-------+---------------------------------------------|
| |From the Task Manager select the Processes |
| |tab, click View and then Select Columns... |
|Task |Check Handle Count and click OK. |
|Manager|Click on the Handles column to sort by |
| |handles used. |
| |You will observe that the CTIManager.exe is |
| |consuming a large number of handles (> 500). |
|-------+---------------------------------------------|
| |Another diagnostic tool is to run "netstat |
| |-na" from a DOS command prompt on the CM |
|DOS |server. A very large number of established |
|netstat|connections to TCP port 389 if CallManager is|
| |integrated with AD or port 8404 when |
| |CallManager is integrated with DCD. |
+-----------------------------------------------------+
Impact
The vulnerabilities can be exploited to produce a Denial of Service
(DoS)
attack. When the vulnerabilities are exploited, they can cause an
affected
Cisco product to crash and reload.
Software Versions and Fixes
+-----------------------------------------------------+
|Version |Fixed Regular Release (available now) |
|Affected |Fix carries forward into all later |
| |versions |
|--------------+--------------------------------------|
|Version 3.1 |Upgrade to 3.1(2) |
+-----------------------------------------------------+
Obtaining Fixed Software
Cisco is offering free software upgrades to address this vulnerability
for all
affected customers. Customers may only install and expect support for
the
feature sets they have purchased.
Customers with service contracts should contact their regular update
channels
to obtain any software release containing the feature sets they have
purchased.
For most customers with service contracts, this means that upgrades
should be
obtained through the Software Center on Cisco's Worldwide Web site at
http://www.cisco.com.
Customers whose Cisco products are provided or maintained through a
prior or
existing agreement with third-party support organizations such as Cisco
Partners, authorized resellers, or service providers should contact that
support organization for assistance with obtaining the free software
upgrade
(s).
Customers who purchased directly from Cisco but who do not hold a Cisco
service
contract, and customers who purchase through third party vendors but are
unsuccessful at obtaining fixed software through their point of sale,
should
obtain fixed software by contacting the Cisco Technical Assistance
Center (TAC)
using the contact information listed below. In these cases, customers
are
entitled to obtain an upgrade to a later version of the same release or
as
indicated by the applicable row in the Software Versions and Fixes table
(noted
above).
Cisco TAC contacts are as follows:
* +1 800 553 2447 (toll free from within North America)
* +1 408 526 7209 (toll call from anywhere in the world)
* e-mail: [EMAIL PROTECTED]
See http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml for
additional
TAC contact information, including special localized telephone numbers
and
instructions and e-mail addresses for use in various languages.
Please have your product serial number available and give the URL of
this
notice as evidence of your entitlement to a free upgrade.
Please do not contact either "[EMAIL PROTECTED]" or
"[EMAIL PROTECTED]"
for software upgrades.
Workarounds
Configure the ctifw user by following the instructions at:
http://www.cisco.com/univercd/cc/td/doc/product/voice/c_callmg/3_0/insta
ll/ad_3011.htm#xtocid30717
+-----------------------------------------------------+
|Step| Action |
|----+------------------------------------------------|
| |Set the password for the user in the corporate |
|1 |directory using your standard user management |
| |tools. |
|----+------------------------------------------------|
| |On a Cisco CallManager server, choose Start > |
|2 |Run and enter command to open a command prompt. |
| |Click OK. |
|----+------------------------------------------------|
|3 |Enter the command, PasswordUtils; for example, |
| |"passwordUtils my_passphrase" |
|----+------------------------------------------------|
| |The previous action generates an encrypted |
|4 |password. Copy the password into the Windows |
| |clipboard. |
|----+------------------------------------------------|
|5 |Choose Start > Run. |
|----+------------------------------------------------|
|6 |Enter regedit into the Open field and then click|
| |OK. |
|----+------------------------------------------------|
| |Browse to \\HKEY_LOCAL_MACHINE\Software\Cisco |
|7 |Systems, Inc.\Directory Configuration within the|
| |registry. |
|----+------------------------------------------------|
|8 |Delete the value CTIFWPW and paste the encrypted|
| |password from Step 3 into the field. |
|----+------------------------------------------------|
| |Restart the Cisco Telephony Call Dispatcher |
| |service by choosing Start > Programs > |
|9 |Administrative Tools > Services. Highlight the |
| |service in the list; right click on the service |
| |and then click Restart from the drop-down list. |
|----+------------------------------------------------|
|10 |Repeat Step 2 through Step 9 for each Cisco |
| |CallManager server in the cluster. |
+-----------------------------------------------------+
IMPORTANT: Please note that you must reboot the CM server in all cases
to reset
the established TCP connections and recover the lost memory.
Alternatively, if you are not using the Cisco WebAttendant and/or the
Cisco
Telephony Call Dispatcher Service, set it to "manual" or "disabled" from
the
"Services" control panel.
Exploitation and Public Announcements
The Cisco PSIRT is not aware of any public announcements or malicious
use of
the vulnerabilities described in this advisory.
Status of This Notice: Interim
This is a Interim advisory. Although Cisco cannot guarantee the accuracy
of all
statements in this notice, all of the facts have been checked to the
best of
our ability. Cisco does not anticipate issuing updated versions of this
advisory unless there is some material change in the facts. Should here
be a
significant change in the facts, Cisco may update this advisory.
Distribution
This notice will be posted on Cisco's Worldwide Web site at
http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.
In addition to Worldwide Web posting, a text version of this notice is
clear-signed with the Cisco PSIRT PGP key and is posted to the following
e-mail and Usenet news recipients:
* [EMAIL PROTECTED]
* [EMAIL PROTECTED]
* [EMAIL PROTECTED] (includes CERT/CC)
* [EMAIL PROTECTED]
* comp.dcom.sys.cisco
* [EMAIL PROTECTED]
* Various internal Cisco mailing lists
Future updates of this notice, if any, will be placed on Cisco's
Worldwide Web
server, but may or may not be actively announced on mailing lists or
newsgroups. Users concerned about this problem are encouraged to check
the URL
given above for any updates.
Revision History
+------------------------------------------------------+
|Revision|2002-Mar-27|Initial Public Release |
|Number |17:00 GMT | |
|1.0 | | |
+------------------------------------------------------+
Cisco Security Procedures
Complete information on reporting security vulnerabilities in Cisco
products,
obtaining assistance with security incidents, and registering to receive
security information from Cisco, is available on Cisco's Worldwide Web
site at
http://www.cisco.com/warp/public/707/sec_incident_response.shtml. This
includes
instructions for press inquiries regarding Cisco security notices. All
Cisco
Security Advisories are available at http://www.cisco.com/go/psirt.
-
------------------------------------------------------------------------
-------
This notice is Copyright 2002 by Cisco Systems, Inc. This notice may be
redistributed freely after the release date given at the top of the
text,
provided that redistributed copies are complete and unmodified, and
include all
date and version information.
-
------------------------------------------------------------------------
-------
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.2
iQEVAwUBPKH6iQ/VLJ+budTTAQF4agf+PxNFolVA3VyYhLeIO5VyvbWNTgy+ltoa
RW1kkABf2oAZtBxop01gpyQyiVtOEbdkp+XbeWkTk8wlQwfnWT26yf2R8YTMCg6M
iBp7FZ6jbGIRMcllVVnsktmKIXo3SyH4R02PLR8DoRoX+X9LQ1ii6Xd3VTMtREtP
N6Wgib3NjWCbXpw6wKGPO/96FYITQ/23iptwlHYkXTcpPv0ORraftv9RvfArd/v8
DO3agB8K3IIud8WlIZUjZTEEwAIUEYE4GB7+hOMDKcUCh6Z8bIdAz1e/RBGkKOBh
ge6my3nt1LtuPa4JMrwAzzuP8QMRNLhOpmCJivguqDBDL8bywt2NzQ==
=GJbW
-----END PGP SIGNATURE-----
--__--__--
Message: 8
From: "Stetser, Dan" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: RE: unsubscribe
Date: Wed, 27 Mar 2002 07:29:47 -1000
Heres how to unsubscribe:
First, ask your Internet Provider to mail you an Unsubscribing Kit.
Then follow these directions.
The kit will most likely be the standard no-fault type. Depending on
requirements, System A and/or System B can be used. When operating
System A, depress lever and a plastic dalkron unsubscriber will be
dispensed through the slot immediately underneath. When you have
fastened the adhesive lip, attach connection marked by the large "X"
outlet hose. Twist the silver- coloured ring one inch below the
connection point until you feel it lock.
The kit is now ready for use. The Cin-Eliminator is activated by the
small switch on the lip. When securing, twist the ring back to its
initial condition, so that the two orange lines meet. Disconnect.
Place the dalkron unsubscriber in the vacuum receptacle to the rear.
Activate by pressing the blue button.
The controls for System B are located on the opposite side. The red
release switch places the Cin-Eliminator into position; it can be
adjusted manually up or down by pressing the blue manual release
button. The opening is self- adjusting. To secure after use, press
the green button, which simultaneously activates the evaporator and
returns the Cin-Eliminator to its storage position.
You may log off if the green exit light is on over the evaporator .
If the red light is illuminated, one of the Cin-Eliminator
requirements has not been properly implemented. Press the "List Guy"
call button on the right of the evaporator . He will secure all
facilities from his control panel.
To use the Auto-Unsub, first undress and place all your clothes in
the clothes rack. Put on the velcro slippers located in the cabinet
immediately below. Enter the shower, taking the entire kit with you.
On the control panel to your upper right upon entering you will see a
"Shower seal" button. Press to activate. A green light will then be
illuminated immediately below. On the intensity knob, select the
desired setting. Now depress the Auto-Unsub activation lever. Bathe
normally.
The Auto-Unsub will automatically go off after three minutes unless
you activate the "Manual off" override switch by flipping it up. When
you are ready to leave, press the blue "Shower seal" release button.
The door will open and you may leave. Please remove the velcro
slippers and place them in their container.
If you prefer the ultrasonic log-off mode, press the indicated blue
button. When the twin panels open, pull forward by rings A & B. The
knob to the left, just below the blue light, has three settings, low,
medium or high. For normal use, the medium setting is suggested.
After these settings have been made, you can activate the device by
switching to the "ON" position the clearly marked red switch. If
during the unsubscribing operation, you wish to change the settings,
place the "manual off" override switch in the "OFF" position. You may
now make the change and repeat the cycle. When the green exit light
goes on, you may log off and have lunch. Please close the door behind
you.
--__--__--
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
End of Firewalls Digest
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
