A selective reply ... At 02:01 PM 3/9/02 -0600, Michael D. Schleif wrote: [...] >> The difference is that holes caused by dialout workstations are old news, >> and there is really no way to address this problem at the firewall (except >> by blocking traffic routed through it with the martians rules, as you are >> already doing). So it's not really a LEAF issue. > >Perhaps, this is ``old news'' to you; but, not to me -- hence, my >question. Again, I do not find this in the troubleshooting docs, nor >did I find such in the archives. Please, point me to the documentation >and I will rtfm . . .
This is not a LEAF issue, so it is unlikely to be covered in any LEAF materials. It is abasic routing observation that I would think doesn't need explaining to any experienced sysadmin -- if you have 2 routes out of the LAN (in this case, one via a LEAF router, the other via a dialup connection), both routes need to be protected. It's so old a problem that I'm at a loss to figure out what to say about it, let alone to suggest any docs that explain it. What is, perhaps, less obvious is that a tunneled route is still a route, and its security needs to be addressed as well. That is what is different, and interesting, about the "tunneled AOL" topic you introduced here. >[ snip ] > >> >It maybe interesting to know that aol installs a special ``adapter'' >> >that is purported to behave similarly to an hardware nic. In fact, on >> >win9x, at least, it is next to the nic in network neighborhood >> >properties and is near identically configured. >> >> This certainly suggests to me that AOL is somehow tunneling through your >> firewall, causing the behaviors you note, and creating the sort of hole that >> is at least potentially exploitable. When you have access to an offending >> workstation, perhaps you will be able to tell us if this characteristic >> applies to the sorts of logins your users are doing or just to AOL's dial-up >> service. > >Thank you, for this useful suggestion. Do you know how to quantify >this? What do you mean by "quantify" in this context? Either the "special adapter" you refer to is present or it is not. If it is present, either it is used by this connection or it is not. These are threshhold questions, not quantitative ones. >Also, since I do not know everything there is to know about networks and >quantifying everything quantifiable about same, regarding your sniffer >questions, can you describe a simple, open source process to accomplish >these tasks? The usual Linux apps for sniffing are tcpdump and sniffit; I suppose there are Windows-based sniffers too, but I'm not acquainted with them. Any full-size Linux distro will include them, as well as specialized small distros like Trinux and tomsrtbt (look for them at www.ibiblio.org or via any search engine). I think David may have packaged tcpdump for Oxygen, but I'm not sure, since I don't use LEAF in heavyweight settings ... but you can check that as easily as I can. -- ------------------------------------"Never tell me the odds!"--- Ray Olszewski -- Han Solo Palo Alto, CA [EMAIL PROTECTED] ---------------------------------------------------------------- _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user