Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] reject/drop auth connections??

To: "'Ralf Guenthner'" <[email protected]>, [email protected]
Subject: RE: [FW1] reject/drop auth connections??
From: "Luke, Jason (ISS Southfield)" <[email protected]>
Date: Tue, 20 Mar 2001 09:23:25 -0500
Sender: [email protected]

auth is ident.  both are tcp port 113.
The firewall objects.C file knows it as ident.  Your Windows box with the
gui knows it as auth (winnt/system32/drivers/etc/services..).   Your log
viewer is resolving using its local services file before it resolves using
the checkpoint defined services.
It should be covered by your 'any MailServer ident reject rule'.



-----Original Message-----
From: [email protected] [mailto:[email protected]]
Sent: Tuesday, March 20, 2001 5:36 AM
To: [email protected]
Subject: [FW1] reject/drop auth connections??



Hi list

I installed a new firewall yesterday and in the log I noticed lots of
dropped connections to the customer's mail server, the service being "auth"
(authentication).

Usually I have my firewalls reject "ident" connections directed at mail
servers and I think "auth" is also not necessary for standard SMTP
exchanges?!

My question: Is it okay to drop this service or should I rather reject it,
because of the same reason reject is preferred for "ident" (timeout-issue) ?

Thanks for any feedback
Ralf G.


z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z
Ralf Guenthner, Senior IT Security Consultant
Zentric  - IT Security & Groupware Solutions
Office Phone:     +49-6101-556060
Fax:       +49-6101-556065
mailto:[email protected]
http://www.zentric.com
+z+z+z+z+z++z++z+z+z+++z+z++z++z+++z+++z+++z++z+z+z+z++z




============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] SecuRemote connection is dropped, although "allowed" (auth succe eds)
Next by Date: RE: [FW1] Nokia Firewall-1 installation
Previous by thread: [FW1] reject/drop auth connections??
Next by thread: [FW1] Failing to connect to HTTP next proxy
Index(es):
- Date
- Thread