Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] NBT logging

To: [email protected]
Subject: Re: [FW-1] NBT logging
From: Matthias Leu <[email protected]>
Date: Wed, 19 Jun 2002 18:59:52 GMT
In-reply-to: <[email protected]>
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi,
if you have a rule in your rulebase to drop these packets without logging -
and they are dropped and logged, then you should have a close look at the
log (e.g. field Info).
Mostly AntiSpoofing is configured and CP does not only check the source,
but also the destination address (outbound AntiSpoofing). So the packets
are beeing dropped by rule 0 with logging caused by AntiSpoofing.
To let the packets reach your "NBT-DROP-Rule" you should accept the
Broadcast addresses where the NBT packets are directed to. If you have
selected "specific" in the AS-rule of the NIC's, you should include the
Broadcast-addresses to the networks (4.1: allow, NG: include).
The other way is to create a Workstation object for each Broadcast address,
create a group with the accepted network(s) + Broadcast address(es). Then,
go to the configuration of AntiSpoofing, select "specific" and accept this
group.
Then the packets pass the AntiSpoofing check and your explicite rule will
"throw them out".
Hope it helps,
best regards,
Matthias
http://www.fw-1.de

Devon Harding - GTHLA writes:

> All NBT stuff still seems to be logging and not relating to any rules.
>
> My rule (second to last) is as follows:
>
> Source  Dest.           Service Action  Track
> Any             Any             NBT             Drop            None
>
> The NBT packets are dropped but are still logged.
>
> -Devon
>
---
AERAsec Network Services and Security GmbH
Wagenberger Strasse 1
D-85662 Hohenbrunn, Germany
http://www.aerasec.de

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- Re: [FW-1] NBT logging
  - From: Devon Harding - GTHLA <[email protected]>

Prev by Date: Re: [FW-1] SMTP Question
Next by Date: Re: [FW-1] FW-1 Security Server
Previous by thread: Re: [FW-1] NBT logging
Next by thread: Re: [FW-1] NBT logging
Index(es):
- Date
- Thread