Firewall Wizards mailing list archives
pixen abnomalities;
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 19 Aug 2003 11:58:27 -0400 (EDT)
Folks, It's ben awhile since I played in a firewall admin role, and worked mostly with fw-1 ipchains/iptable kinda setups. But, in a new position as a unix/web admin, I'm dealing with firewall admins that maintain that not setting the pixies to send an rst upon idel timeout is a 'protection' in case the connection that went idle was hijacked. Course, this will hose up a console connetion for a good twenty minutes or more depending upon the configuration of the sytems I'm using a console on. But, is this really a concern and rationale for not sending an rst on idle timeout limits? I'm highly suspecting that this rationale is a coverup for the fact that the firewal admins not knowing how to set their pixies to send and rst upon reaching an idle time limit. Having not worked with these boxen, I do not know the config parmas required to do so,can someone clue me to both the config setting the pixies require to send the rst and whether or not the rationale offered aboue about idle connections possibly being hijacked stands to reason? Thanks to all the pixie experts that might have time to lend a word here, Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- pixen abnomalities; R. DuFresne (Aug 19)
- <Possible follow-ups>
- RE: pixen abnomalities; Melson, Paul (Aug 26)
- RE: pixen abnomalities; Wes Noonan (Aug 26)