Proxy. Spoofing.
Bill Hamel wrote:
Unless I am missing something in the question, no matter what you do,
what/whoever you connect to through a firewall will always know the IP
address of the the trusted interface of the firewall.
-bh
On Wed, 13 Nov 2002, Meritt James wrote:
an IP
is it possible to lock a cisco router to a point that even a password
recovery cant work to enter the router.
cheers
David Ziggy Lubowa
Network Engineer
One2net (U)
web: www.one2net.co.ug
Tel: +256 41 345466
For an existing install of IE6 you can find these options from IE or Control
Panel from: Internet Options-Content. Look for the auto complete button.
In the IEAK look under: Policies and Restrictions-Internet
Settings-Autocomplete. Make your changes there and then lock-down the
control from:
Hi,
Yet, the OS should perform cleanup by implementing a tcp timeout ( default 3600
seconds ). There are many protocols that doesn't send a FIN packet, yet they manage
to terminate the session.
Regards,
Leonard Ong
Network Security Specialist, APAC
NOKIA
Email. [EMAIL PROTECTED]
Mobile.
http://www.winguides.com/registry/display.php/772/
http://support.microsoft.com/default.aspx?scid=KB;en-us;q229940
If you have Windows 2K Group Policies can be used to edit the registry.
If not, look into scripting it. I hope these help.
Shannon Atkinson
-Original Message-
From: steve
Hi,
NAT does not reveal internal address space to external sources.
The NAT device creates an Address Translation Table where it keeps track
of each connection using source ports that 'it' assigns, and not internal
ip addresses.
Basically the table looks something like this:
Source Device
Hi,
As my previous email, there is no way you can 'hide' the firewall external interface
IP Address. It is generally an acceptable practice with a good comfort level to have
this in real world. There are something you can do :
1) Obscure the DNS name for firewall e.g. don't assign a DNS
Hello,
I am searching for a product that incorporates a Wireless Access Point
AND VPN authentication to use for nearly all of our wireless rollouts.
As you know SSID and WEP are possibly not enough to keep people out of
networks. An integrated VPN authentication after SSID and WEP, BUT
before
In-Reply-To: [EMAIL PROTECTED]
Have any of you used Webmin
http://www.webmin.com/
I'm looking into webmin software - thought it'd be cool to play with,
but I'm curious about security issues with it.
I've been using Webmin to control Solaris and FreeBSD servers for about 8
months
Such is not the case. I've done otherwise.
Bill Hamel wrote:
Unless I am missing something in the question, no matter what you do,
what/whoever you connect to through a firewall will always know the IP
address of the the trusted interface of the firewall.
-bh
On Wed, 13 Nov 2002,
Steve,
The following should turn this feature off:
ToolsInternet OptionsContentAuto Complete
Uncheck the checkboxes as desired for:
Web Addresses
Forms
User Names Passwords
Jim
- Original Message -
From: steve baker [EMAIL PROTECTED]
To: [EMAIL
The IP address that the destination replies to does not have to be where
the human sits. Consider that the originator's IP is not passed in the
example stated but the business firewall's is. That does not have to be
the only 'via' which alters the IP address. I know quite well that
breadcrumbs
My bank recently informed me that my account would be charged $10.00 for
each immigration and naturalization service or other government-initiated
review of my account. Presumably this comes from the PATRIOT Act -- my bank
wants me to bear the cost of the additional monitoring when it specifically
Then routing wise, how do the packets find their way back to the firewall
if they don't know the source IP ? ?
On Fri, 15 Nov 2002, Meritt James wrote:
Such is not the case. I've done otherwise.
Bill Hamel wrote:
Unless I am missing something in the question, no matter what you do,
I would also be interested in this, we're just about to setup a wireless
network for a company warehouse. I was thinking about using IPSec
underneath the WEP encryption, with a W2k server and XP pro desktops
it's relatively easy to setup IPSec but I am unsure if this will work
with pocket PC's or
Hi Javier,
Courtesy of the same people who bring you Security-Basics: Focus-Virus,
which you can find at: http://online.securityfocus.com/archive/100.
Stephen Entwisle
Moderator, Security-Basics
SecurityFocus
http://www.securityfocus.com
(403) 213 3939 ext. 235
1-Anyone knows the best mailing
We've deployed this exact solution for customers, except using IPSEC instead of PPTP.
We always set the client default route through the VPN. Also, the firewall/vpn
gateway attached to the AP *only* allows authenticated and encrypted traffic to pass.
IMO, this is the ONLY secure way to deploy
Best UNIX management tool is /dev/hands :)
Regards,
Sergey Kamyanov
System Administrator
R.I.S.K. Co
http://www.risk.az
-Original Message-
From: Chuck Spafford [mailto:[EMAIL PROTECTED]]
Sent: Friday, November 15, 2002 10:59 AM
To: [EMAIL PROTECTED]
Subject: Re: Webmin Security
I've used sshd under cygwin on win2k for academic access purposes.
Never dealt with it for general (i.e. varied trust level) sftp
access. Don't know enough to comment on whether it meets your
requirement
not to have some vulnerabilities related with FTP
commands such as FTP PORT / SITE / NLIST
Hi,
Of course, logically, you would offload your server. ICQ, MSN, Yahoo, will try its
best to connect directly between peers, and if they can't, they will have to route it
through their server. I tried Yahoo Voice chat, if I use unrestricted Public IP, I
can see I have direct connection with
Many of the remotely exploitable bugs found in FTPD programs require a
valid login to be able to overflow the buffer and thus exploit the
vulnerability. If you have anon turned on and don't need it you leave
that avenue of attack open. If for some reason you REQUIRE that it be
left open then do
On Sat, Nov 16, 2002 at 07:02:23AM +, [EMAIL PROTECTED] wrote:
On Wed, Nov 13, 2002 at 11:08:52AM -0600, Mike Cain wrote:
hi,
Anon root is fine with a locked down root. But you should take care to check if
there are any exploits on ur ftp server (wu-ftp ???). Check up if there are any
Yes, that is obvious due to NAT. Perhaps you got out of sync with the
thread, then again maybe it was me which is more than likely the case ;)
-b
On Fri, 15 Nov 2002, Meritt James wrote:
The IP address that the destination replies to does not have to be where
the human sits. Consider that
You might try http://www.pc-encrypt , they have 2 products available
that are pretty straight forward.
A-Lock (for email) and Pc-encrypt.
Hope you find something that helps you.
On Fri, 08 Nov 2002 14:00:01 -0500, Scott Plumlee wrote:
Can you tunnel through SSH as a start?
REPLY SEPARATOR -
Not to mention the fact that some financial institutions, in focusing on how
to finance The Inquisition rather than how to conduct it confidentially,
will probably tip off terrorists that they are being investigated by way of
charging them fees. This is further proof of the truism you can't expect
25 matches
Mail list logo
