Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Adding bad IP to firewall

To: [email protected]
Subject: Re: [FW-1] Adding bad IP to firewall
From: "Martin, Jeffrey" <[email protected]>
Date: Wed, 7 Nov 2001 09:48:37 -0500
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

It is possible, but there is a problem with false positives. Trying to use
an IDS to detect and block ICQ etc could cause a lot of problems if a simple
web session triggers the signature and block response. It could also impact
some legitimate activity, e.g. some vendors are now supplying tech support
via an online chat program based on IRC protocols. If your IDS is configured
to block IRC traffic, employees will be unable to use this service. And so
on. I've always heard it said that excessive online chatting and similar
problems are better addressed at the human level rather than with some
technical restriction. It's a lot easier to configure a program to use a
non-standard port number to get around a block than it is to ignore the boss
coming around and saying 'stop doing that!'

-----Original Message-----
From: FYSLau [mailto:[email protected]]
Sent: Wednesday, November 07, 2001 6:00 AM
To: [email protected]
Subject: Re: [FW-1] Adding bad IP to firewall


can the ids that you mentioned, can it captured on ICQ, IRC or some other
chatting software which available in the market, if yes, is there a way to
secure the chatting program that we are commonly used now?


----- Original Message -----
From: "Wesley Maness" <[email protected]>
To: <[email protected]>
Sent: Tuesday, November 06, 2001 9:27 PM
Subject: Re: [FW-1] Adding bad IP to firewall


> Which IDS are your referring too ?
>
> Thanks!
> Wesley
>
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:[email protected]]On Behalf Of
> Martin, Jeffrey
> Sent: Tuesday, November 06, 2001 9:41 AM
> To: [email protected]
> Subject: Re: [FW-1] Adding bad IP to firewall
>
>
> Our IDS can do this. I don't see anything inherently wrong with the idea,
> but there is a lot of potential for things to go wrong. E.g. suppose your
> application is misconfigured (or hijacked) and starts telling the firewall
> to block everything, including control connections! Then you have a
problem
> until the block times out. A subtle misconfiguration can be hard to track
> down.
>
> As long as you are confident about your application and configuration, go
> ahead and implement it after a LOT of testing...
>
> -----Original Message-----
> From: Wesley C. Maness [mailto:[email protected]]
> Sent: Monday, November 05, 2001 1:58 PM
> To: [email protected]
> Subject: [FW-1] Adding bad IP to firewall
>
>
> Guys,
>
> Can you tell me if there is anything wrong in having an application that
can
> configure itself to an FW and tell it to block an IP ?
>
> Thanks!
>
> Wesley
>
> Mailing list for discussion of Firewall-1
> <[email protected]> wrote:
> > Thanks for the reply but I have to change the architecture because I
have
> done what you said and I cannot use the GUI client to get the logs from a
> management server on the heartbeat network either. I've checked the rule
> base very, verycarefully - it's not the rules stopping it from working.
>
> I hear you on the backup issue. I'm quite good a doing the backups before
I
> change stuff!
>
> The real problem is that the heart beat network is a registered address.
> Crazy people did the original install. I'm left to pick up the pieces.
>
> Thanks again,
>
> Mike H
>
> -----Original Message-----
> From: Patrick Lotti [mailto:[email protected]]
> Sent: Monday, November 05, 2001 11:05 AM
> To: [email protected]
> Subject: Re: [FW-1] Changing firewall object IP address
>
>
> I think you just need a rule to allow a gui client
> from the "lan" to access your managment server in
> the "heartbeat" network. Maybe some NAT & routing
> is required as well, it depends. I'm pretty sure
> you don't have to change your firewall object at
> all.
>
> Get working backups and training before doing any
> change, just in case.
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>
>
> >
>
> This electronic mail is intended only for the use of the addressee(s)
named
> herein. Unless otherwise specifically stated, the views contained and
> expressed in this electronic mail are strictly those of the individual
> sender and are not the views of the Company or any of its Directors or
other
> employees. If you are not the intended recipient of this electronic mail,
> you are hereby notified that any dissemination, distribution or coping of
> this electronic mail is strictly prohibited. If you received this
electronic
> mail in error please immediately notify us by return electronic mail and
> delete this electronic mail from your system.
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Prev by Date: Re: [FW-1] RealSecure training?
Next by Date: Re: [FW-1] How to create TCP Service for remsh in CP2000
Previous by thread: Re: [FW-1] Adding bad IP to firewall
Next by thread: [FW-1] Eric Fauchereau est absent.
Index(es):
- Date
- Thread