Firewall Wizards mailing list archives
Re: PIXen spewing udp packets at port 111?!
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 7 Jan 2003 14:30:49 -0500 (EST)
Howdy Dave, Thanks for the reply. Are you suggesting that the webhosts, indeed sun boxen, might be initiating the udp exchange with the gateway of the PAT'ed addresses behind it? My understanding, and it's a tad dated, and might be outdated, is that it's near to impossible <hoop jumping and kernel hacks if I recall> to tune out RPC on solaris, which is better trained via filtering and such. Is this still valid understanding, or dated? solaris 6 and 7 at present, with considerations of solaris 9 in some future context. Thanks, Ron DuFresne On Tue, 7 Jan 2003, Dave Mitchell wrote:
I've never seen this on any PIX I've worked with. I'd first check that you don't have a problem with a *nix box running RPC portmap (tcp/udp 111). I'd first check any Solaris boxen. -dave On Mon, Jan 06, 2003 at 08:29:10PM -0500, R. DuFresne wrote:Out of curiosity, I'm wondering if the PIX admins on the list might be able to point me at the misconfiguration that would cause a PIX, doing PAT for one or more subnets behind it, might spew udp packets to port 111 on systems the PAT'ed users behind it are connecting to. The services offered to the users are FTP and HTTP, being web hosts and all. From the recent loging thread on pix'en, it seems to clarify why the admins we are dealing with have not been able to trace the issues on their end, and leads us to suspect the packets are from the pix itself rather then the clients behind it... Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIXen spewing udp packets at port 111?! R. DuFresne (Jan 07)
- Re: PIXen spewing udp packets at port 111?! Dave Mitchell (Jan 07)
- Re: PIXen spewing udp packets at port 111?! R. DuFresne (Jan 07)
- Re: PIXen spewing udp packets at port 111?! Dave Mitchell (Jan 07)
- Re: PIXen spewing udp packets at port 111?! Charles W. Swiger (Jan 07)
- Re: PIXen spewing udp packets at port 111?! Mordechai T. Abzug (Jan 07)
- Re: PIXen spewing udp packets at port 111?! R. DuFresne (Jan 07)
- <Possible follow-ups>
- RE: PIXen spewing udp packets at port 111?! R. DuFresne (Jan 08)
- Re: PIXen spewing udp packets at port 111?! Dave Mitchell (Jan 07)