Hi all again...
I have tried different options to block "nimda style" http and smtp
incoming requests...
I am using a Nokia IP330 firewall running CP FW-1
Resources for SMTP block, reject (why???) all incoming SMTP
connections...
to be clear:
ANY --> mailserver --> smtp_resource --> drop (drops everything)
ANY --> mailserver --> smtp_resource --> accept (drops nothing)
These are not allowed by the policy manager...
ANY --> mailserver --> NOT smtp_resource --> drop
ANY --> mailserver --> NOT smtp_resource --> accept
Resources for HTTP do not block anything if I do not use the any to any
rule...
Explaining in better details:
any --> any --> HTTP_Resource --> DROP (drops everything)
in effect I see NO gets for admin.dll and the like... But it blocks
incoming requests for my webmail service too, and I need it for my
remote workers!
What is strange is that outlook webmail has no components using the
{*cmd.exe, *root.exe, *admin.dll, *readme.exe, default.ida} stuff...
any --> "my lan" --> HTTP_Resource --> DROP (seems to drop nothing)
NOT "my lan" --> "my lan" --> HTTP_Resource ---> DROP (seems to drop
nothing)
In effect looking at the IIS logfiles i see incoming "nimda style" gets.
Do I definitely need to configure the Security Servers options ?
CVP Server ? Someone have details about ?
Just because I do not want to go crazy doing hotfixes on the servers
(have plenty to care) everyday :)
Tnx in advance to all.
ciao
Daniele
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
