NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NBT-happy 4.0SP8 FW-1 on NT



Title: RE: [FW-1] NBT-happy 4.0SP8 FW-1 on NT

Although there's a good chance that the traffic is passing on rule 0 (allow outgoing packets originating from gateway (in Policy->Properties) and you're not logging implied rules, the real issue is making that traffic stop.  The Workstation and Computer Browser services, which are implicated in the generation of this traffic, really should *not* run on any internet-connected system, firewall or otherwise.  Please see Lance Spitzner's excellent article on "armoring" Windows NT (http://www.enteract.com/~lspitz/nt.html).

HTH

Dan Hitchcock
CCNP, CCSE, MCSE
Security Operations Technical Lead
Breakwater Security Associates, Inc.
"Safe Harbor for E-Business"
dhitchcock (at) breakwatersecurity (dot) com
http://www.breakwatersecurity.com
work

The information contained in this email message may be privileged, confidential and protected from disclosure.  If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited.  If you think you have received this email message in error, please email the sender at [email protected]


-----Original Message-----
From: Russell Washington [mailto:[email protected]]
Sent: Thursday, February 07, 2002 11:36 AM
To: [email protected]
Subject: [FW-1] NBT-happy 4.0SP8 FW-1 on NT


I have a Checkpoint firewall on my watch that is firing off NBT traffic to
the broadcast address on its external interface even though there is *no*
rule that we can find that allows this traffic.  The firewall is not using
its external IP in any hidden NAT rules, express or implied, and in fact it
has no hidden NAT rules at all.

Because the traffic (as best as we can tell) is not going out under any
defined rules, we can't log it to learn anything about how it is being
handled.  In short, we're completely out of ideas.  We even went so far as
to set up rule #1 to *allow* NBT traffic and log it, and nothing shows up in
the log even though other devices are detecting the traffic emanating from
this box.

The box is running Firewall-1 4.0, SP8, on an NT 4.0 server that is
up-to-date on its service packs.  Any suggestions?

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.