Sunday, August 28, 2005

firewall-wizards digest, Vol 1 #1652 - 8 msgs

Send firewall-wizards mailing list submissions to
firewall-wizards@honor.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@honor.icsalabs.com

You can reach the person managing the list at
firewall-wizards-admin@honor.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."

Today's Topics:

1. Secure Computing Buys Rival CyberGuard (lists@infostruct.net)
2. Re: FW: [fw-wiz] VOIP versus PBX (DonNg)
3. PIX denying SSH Access - until I run PDM? (Paul Pershing)
4. Re: UPS Worldship connection problems with new firewall
device (Keith A. Glass)
5. RE: UPS Worldship connection problems with new firewall device (Bruce Smith)
6. RE: UPS Worldship connection problems with new firewall device (Paul Melson)
7. RE: UPS Worldship connection problems with new firewall device (List Account)

--__--__--

Message: 1
Reply-To: gideon@infostruct.net
From: "lists@infostruct.net" <lists@infostruct.net>
To: firewall-wizards@honor.icsalabs.com
Date: Thu, 18 Aug 2005 20:53:38 -0400
Subject: [fw-wiz] Secure Computing Buys Rival CyberGuard

http://biz=2Eyahoo=2Ecom/ap/050818/secure=5Fcomputing=5Fcorp=5Fmerger=2Eht=
ml=3F=2Ev=3D3

Gideon T=2E Rasmussen
CISSP, CISA, CISM, SCSA
Wellington, FL
gideon@infostruct=2Enet

http://www=2Eussecurityawareness=2Eorg

--------------------------------------------------------------------
mail2web - Check your email from the web at
http://mail2web=2Ecom/ =2E

--__--__--

Message: 2
Date: Tue, 23 Aug 2005 19:30:05 +0800
From: DonNg <sayhockng@gmail.com>
To: firewall-wizards@honor.icsalabs.com
Subject: Re: FW: [fw-wiz] VOIP versus PBX

Hi all, are there anyone that knows the definitive history of how
borderware was founded.

I had many versions told to me in the past.

One version was.

1. Secure sold the code to ex employees who went up north to set up a
new company.
When Secure wanted to get out of the firewall game.

Just trying to verify some truths.

Thanks
Don Ng

--__--__--

Message: 3
Date: Tue, 23 Aug 2005 16:25:58 -0400
From: Paul Pershing <streamfile@gmail.com>
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] PIX denying SSH Access - until I run PDM?

Hi,=20

I have run across a problem several times with different PIX models
and on different networks; and I'm wondering if I just don't mix well
with PIX's - or if someone else has seen the same issue?

All of the PIX's have been running at least 6.x code and all have had
PDM run against them at some point. I have tried open source and
commercial SSH clients on the same PIX's - no change. Also get the
same results whether attaching to the outside or inside interface.

The symptom is that a few weeks will pass since I last logged onto the
fw using ssh; and I'll attempt to; but instead of being prompted for a
userid/password the client will simply sit there and stare at me while
doing nothing - no errors. If I'm using Kermit (usual) it'll just sit
on the blank black screen until it times out. Other clients produce
similar behavior.

The odd part is that I discovered through trial and error that if
access the PIX via PDM after the failed SSH attempt - even if the PDM
connection is not completed - I can then attach via SSH.

This is such a bizarre problem that I've been reluctant to post it;
but I've encountered it so many times now that my curiousity has
gotten the better of me!

Just curious,=20
Paul

--__--__--

Message: 4
From: "Keith A. Glass" <salgak@speakeasy.net>
To: "Servie Platon" <servie_tech@yahoo.com>,
firewall-wizards@honor.icsalabs.com
Date: Fri, 26 Aug 2005 17:32:29 +0000
Subject: Re: [fw-wiz] UPS Worldship connection problems with new firewall
device

For starters:

1. Create a rule allowing all ports to and from the 153.2.x.x network.

That should get you connected. It's not as secure, but should work. . .

2. Call the UPS help desk. Ask SPECIFICALLY what ports and protocols are used by the following apps: gethostip.exe, shipups.exe, upslnkmg.exe

Then tailor the rule you created in #1 to allow bi-directional traffic on those ports and protocols (or port ranges) specified by the UPS Helpdesk. . .

> -----Original Message-----
> From: Servie Platon [mailto:servie_tech@yahoo.com]
> Sent: Thursday, August 18, 2005 12:52 AM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] UPS Worldship connection problems with new firewall device
>
>
> Hello FW-Wizards and gurus,
>
> I have upgraded my Sonicwall SOHO3 to TZ170 a couple
> of weeks back for my small office network.
>
> Everything seems to be working fine except for one
> laptop which accesses UPS (United Parcel Service)
> Worldship network.
>
> As its description from the UPS website. UPS
> WorldShip� is a full featured, Windows�-based,
> shipping software application for customers with high
> volume shipping needs. WorldShip allows customers to
> accelerate, streamline and enhance not only their
> shipping processes, but financial and customer service
> processes as well.
>
> When we first installed the program in one of the
> laptops, it seems to be working fine with the SOHO3
> firewall.
>
> And when, we upgraded to the Sonicwall TZ170, that's
> when the problem started to set in. We were told by
> UPS technical support since we have upgraded a
> firewall appliance, the firewall rules may have
> blocked inbound and outbound communication between our
> small office network and UPS's network.
>
> Furthermore, we were told that we need to enable
> support for gethostip.exe, shipups.exe, upslnkmg.exe
> alongside allowing access for 153.2.x.x network.
>
> Since I don't see any documentation on this Sonicwall
> TZ170 to do the adding of .exe files to the firewall
> that supports this method.
>
> I am uncertain though, whether my firewall rules have
> something to do with it? AFAIK, other services such as
> mail, terminal services are working fine except for
> this one.
>
> One odd thing that puzzles me is that if my boss
> brings this laptop to his house and connect it to his
> Home network through his router, he could connect to
> UPS and be able to do work and send info in a
> bi-directional manner.
>
> Whereas, if he returns to the office he gets an Error
> Code 53670 which according UPS has something to do
> with our firewall and dns resolution.
>
> I have attempted and failed to enable this feature and
> am hoping that maybe someone may have encountered this
> problem in the past who may have the solution.
>
> Again, thank you very much.
>
> Very sincerely yours,
> Servie
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

--__--__--

Message: 5
From: "Bruce Smith" <bruce_the_loon@tiscali.co.za>
To: "'Servie Platon'" <servie_tech@yahoo.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] UPS Worldship connection problems with new firewall device
Date: Fri, 26 Aug 2005 19:56:49 +0200

Hi Servie

I don't have any experience with the specific firewalls mentioned, so I will
limit my discussion to general comments.

First about the .exe requirements mentioned by UPS. The techie who suggested
this probably thinks you have a personal firewall like ZoneAlarm on the
machine and not a network gateway device. Those firewalls allow access based
on which executable app is requesting the connection in addition to the
normal rulesets. Since the software works when the user took the computer
home, there is definitely no personal firewall problem.

The rest of my suggestions are general to most firewalls.

It sounds like the SOHO3 was running a generic permit all traffic from
inside to outside while the TZ170 probably has a deny-all allow specific
ruleset from inside to outside. A lot of the discussion on this list has
been about the differences and which is preferable.

Since UPS doesn't appear to be very helpful, the only way to find out what
needs to be opened up is to look at the logs to see what is being denied by
what rule when the software attempts to connect to the UPS network. Try it a
number of times to see if it uses the same destination ports or wanders up
and down a range of ports.

Hopefully someone else on the list has had experience with the application
and knows that needs to be opened, but if not, then this methodology should
assist in finding out what is needed besides the simple yet insecure method
of adding a rule to allow the laptop to connect to any port through the
firewall.

Regards

Bruce Smith

-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Servie
Platon
Sent: Thursday, August 18, 2005 2:52 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] UPS Worldship connection problems with new firewall device

Hello FW-Wizards and gurus,

I have upgraded my Sonicwall SOHO3 to TZ170 a couple
of weeks back for my small office network.

Everything seems to be working fine except for one
laptop which accesses UPS (United Parcel Service)
Worldship network.

As its description from the UPS website. UPS
WorldShipR is a full featured, WindowsR-based,
shipping software application for customers with high
volume shipping needs. WorldShip allows customers to
accelerate, streamline and enhance not only their
shipping processes, but financial and customer service
processes as well.

When we first installed the program in one of the
laptops, it seems to be working fine with the SOHO3
firewall.

And when, we upgraded to the Sonicwall TZ170, that's
when the problem started to set in. We were told by
UPS technical support since we have upgraded a
firewall appliance, the firewall rules may have
blocked inbound and outbound communication between our
small office network and UPS's network.

Furthermore, we were told that we need to enable
support for gethostip.exe, shipups.exe, upslnkmg.exe
alongside allowing access for 153.2.x.x network.

Since I don't see any documentation on this Sonicwall
TZ170 to do the adding of .exe files to the firewall
that supports this method.

I am uncertain though, whether my firewall rules have
something to do with it? AFAIK, other services such as
mail, terminal services are working fine except for
this one.

One odd thing that puzzles me is that if my boss
brings this laptop to his house and connect it to his
Home network through his router, he could connect to
UPS and be able to do work and send info in a
bi-directional manner.

Whereas, if he returns to the office he gets an Error
Code 53670 which according UPS has something to do
with our firewall and dns resolution.

I have attempted and failed to enable this feature and
am hoping that maybe someone may have encountered this
problem in the past who may have the solution.

Again, thank you very much.

Very sincerely yours,
Servie

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

--__--__--

Message: 6
From: "Paul Melson" <pmelson@gmail.com>
To: "'Servie Platon'" <servie_tech@yahoo.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] UPS Worldship connection problems with new firewall device
Date: Fri, 26 Aug 2005 15:22:18 -0400

Ask UPS technical support for a description of ports that need to be allowed
both outbound and inbound. But don't let them sell you on '1024-65535 both
directions.' That's an answer that vendors that 1) write crappy
applications and 2) don't know the workings of said crappy applications give
to customers in the hope that it doesn't matter.

Following that, the next step is to turn up firewall logging and/or a
sniffer and see what the Worldship client is trying to connect to that it
can't.

With SonicWall boxes, things like PortShield or web proxy settings could
potentially disrupt this type of traffic even if the access rules don't
explicitly prohibit them. Also, if Worldship uses any sort of VPN
tunneling, like PPTP/L2TP/IPSec, the firewall might be disrupting that -
trying to respond to key exchange requests instead of forwarding them on,
etc.

PaulM

-----Original Message-----
Since I don't see any documentation on this Sonicwall TZ170 to do the adding
of .exe files to the firewall that supports this method.

I am uncertain though, whether my firewall rules have something to do with
it? AFAIK, other services such as mail, terminal services are working fine
except for this one.

One odd thing that puzzles me is that if my boss brings this laptop to his
house and connect it to his Home network through his router, he could
connect to UPS and be able to do work and send info in a bi-directional
manner.

Whereas, if he returns to the office he gets an Error Code 53670 which
according UPS has something to do with our firewall and dns resolution.

I have attempted and failed to enable this feature and am hoping that maybe
someone may have encountered this problem in the past who may have the
solution.

--__--__--

Message: 7
From: "List Account" <list.account@cerdant.com>
To: "'Servie Platon'" <servie_tech@yahoo.com>,
<firewall-wizards@honor.icsalabs.com>
Subject: RE: [fw-wiz] UPS Worldship connection problems with new firewall device
Date: Fri, 26 Aug 2005 16:36:00 -0400

What version of SonicOS are you running? Standard or Enhanced?=20
Are there any log messages generated in the SonicWALL when the user =
attempts
to connect to the site?
If you're running SonicOS Enhanced 3.1 or greater, have you done a =
packet
capture and saved it to a libpcap file? Can you post this file if so.

Nathan Grandbois, CISSP, CSSA
Cerdant, Inc.
614.717.0123 ext. 26=20

>-----Original Message-----
>From: firewall-wizards-admin@honor.icsalabs.com=20
>[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf=20
>Of Servie Platon
>Sent: Wednesday, August 17, 2005 8:52 PM
>To: firewall-wizards@honor.icsalabs.com
>Subject: [fw-wiz] UPS Worldship connection problems with new=20
>firewall device
>
>
>
>Hello FW-Wizards and gurus,
>
>I have upgraded my Sonicwall SOHO3 to TZ170 a couple
>of weeks back for my small office network.
>
>Everything seems to be working fine except for one
>laptop which accesses UPS (United Parcel Service)
>Worldship network.
>
>As its description from the UPS website. UPS
>WorldShipR is a full featured, WindowsR-based,
>shipping software application for customers with high
>volume shipping needs. WorldShip allows customers to=20
>accelerate, streamline and enhance not only their shipping=20
>processes, but financial and customer service processes as well.
>
>When we first installed the program in one of the
>laptops, it seems to be working fine with the SOHO3
>firewall.
>
>And when, we upgraded to the Sonicwall TZ170, that's
>when the problem started to set in. We were told by
>UPS technical support since we have upgraded a
>firewall appliance, the firewall rules may have
>blocked inbound and outbound communication between our
>small office network and UPS's network.
>
>Furthermore, we were told that we need to enable
>support for gethostip.exe, shipups.exe, upslnkmg.exe
>alongside allowing access for 153.2.x.x network.
>
>Since I don't see any documentation on this Sonicwall
>TZ170 to do the adding of .exe files to the firewall
>that supports this method.
>
>I am uncertain though, whether my firewall rules have
>something to do with it? AFAIK, other services such as
>mail, terminal services are working fine except for
>this one.
>
>One odd thing that puzzles me is that if my boss
>brings this laptop to his house and connect it to his
>Home network through his router, he could connect to
>UPS and be able to do work and send info in a
>bi-directional manner.
>
>Whereas, if he returns to the office he gets an Error
>Code 53670 which according UPS has something to do
>with our firewall and dns resolution.
>
>I have attempted and failed to enable this feature and
>am hoping that maybe someone may have encountered this
>problem in the past who may have the solution.
>
>Again, thank you very much.
>
>Very sincerely yours,
>Servie
>
>__________________________________________________
>Do You Yahoo!?
>Tired of spam? Yahoo! Mail has the best spam protection around=20
>http://mail.yahoo.com=20
>_______________________________________________
>firewall-wizards mailing list firewall-wizards@honor.icsalabs.com
>http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
>

--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

End of firewall-wizards Digest

1 comment:

  1. Imnot sure when I leave if the guy thought I was serious or not but myplans were made. Julie whispered to him.
    free underage taboo stories
    aunt and niece lesbian sex stories
    fuck me mommy stories
    rape survivors stories
    interracial pregnant stories
    Imnot sure when I leave if the guy thought I was serious or not but myplans were made. Julie whispered to him.

    ReplyDelete