On Sat, Jul 12, 2014 at 8:56 PM, Blake Cornell
wrote:
> Its a TCP traceroute, not UDP nor ICMP. I need to provide TCP based
> services.
>
> I would prefer staying within the framework of the interface or nominal BSD
> magic.
>
Makes a little more sense in that context, but the point still stands,
Simplest answer: block outbound ICMP Time Exceeded type responses at the edge.
Then your internal layers of routers and hosts can respond to the SYN packets
from tcptraceroute, but they'll be dropped and the outside party will only see
the edge device.
Thanks!
-Adrian
- Original Messag
Then you stuck with setting up reverse proxies for those services.
Walter
On Sat, Jul 12, 2014 at 6:56 PM, Blake Cornell <
bcorn...@integrissecurity.com> wrote:
> Its a TCP traceroute, not UDP nor ICMP. I need to provide TCP based
> services.
>
> I would prefer staying within the framework of
Its a TCP traceroute, not UDP nor ICMP. I need to provide TCP based
services.
I would prefer staying within the framework of the interface or nominal
BSD magic.
--
Blake Cornell
CTO, Integris Security LLC
501 Franklin Ave, Suite 200
Garden City, NY 11530 USA
http://www.integrissecurity.com/
O: +
I don't see the point. If you don't want people to see the path, don't
allow traceroute in (or stop it after the first NAT). If you do, what do
you care if the layers of NAT can be enumerated. If anything even remotely
useful to an attacker can be done to your network because someone knows how
many
On Fri, Jul 11, 2014 at 11:17 AM, Alberto Moreno wrote:
> Hi.
>
> I'm working with CP, the voucher system can this info be genenerate with
> FRadius2 and save the info in a DB like MySQL.
>
> The ides is to go enterprise +500 users.
>
> Some is doing this now with the current voucher system with
Hello again Espen,
I do have OpenVPN installed, however that was not the problem.
I had 10.144.1.8 configured as my DNS server using my WAN gateway as an
interface. That was the root of all my problems.
Thank you Espen, Chris (off List), and anyone else who may have taken
the time to read an
Please note that dns configuration options can add route's. (what
gateway is configured behind the dns, if any?)
/* setup static routes for DNS servers. */
https://github.com/pfsense/pfsense/blob/master/etc/inc/system.inc#L159
Greets PiBa-NL
Espen Johansen schreef op 13-7-2014 0:44:
Other pac
Other packages?
OpenVPN?
Please list all your installed packages and I´ll have a look.
Or remove them one by one until the "automagic" route add stops.
You can always try to grep /* for the IP in question. But it might be part
of a DB file for a pkg. I´t might not be plain text.
Cant help you rem
No 3rd party routing installed.
-Stefan
On 7/12/2014 5:19 PM, Espen Johansen wrote:
Only thing I can think of is that a package with a seperate config
file installs it. Do you have quagga/openbgp or any other routing
package running/installed?
12. juli 2014 23:58 skrev "Stefan Maerz"
Only thing I can think of is that a package with a seperate config file
installs it. Do you have quagga/openbgp or any other routing package
running/installed?
12. juli 2014 23:58 skrev "Stefan Maerz" <
stefan.ma...@thecommunitypartnership.org> følgende:
> Thanks again Espen. I can't find anythin
Thanks again Espen. I can't find anything in /cf/conf/config.xml related
to this address *and* routing. The tag area is also
empty like the webconfiguration indicates.
more /cf/conf/config.xml | grep -n 10.144.1.8
outputs:
221:10.144.1.8
385:10.144.1.8
1055:
You might take a look in the cf/conf/config.xml .if it persists it should
originate from there. Just do a search for the IP.
12. juli 2014 05:04 skrev "Stefan Maerz" <
stefan.ma...@thecommunitypartnership.org> følgende:
> Thank you for the response Espen. This was actually the approach I took
> (f
13 matches
Mail list logo