Firewall Wizards mailing list archives

Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood)

From: Boni Bruno <bbruno () dsw net>
Date: Wed, 13 Nov 2002 10:06:07 -0800

FW-1 v 4.1 has configurable TCP timeout settings, just increase the
timeout setting in the firewall properties and you will be fine.

Regards,

-boni bruno

Message: 1
From: "Richard Worwood" <richardw () tdbnetworks com>
To: <richardw () tdbnetworks com>
Date: Tue, 12 Nov 2002 17:47:24 -0000
Subject: [fw-wiz] Sun FTP Server and Firewall-1 4.1

I've got a little problem with a customers network and a Solaris 8 box with
the standard FTP server. The problem is as followes the Solaris box is
behind a firewall running firewall-1 4.1 and functions fine as long as you
don't allow to long a time to elapse between commands else the client
appears to time out. The issue is that the definiation of "to long a time to
elapse" is approximately 10 seconds.

I've sniffed the client side of the network and found that in response to
sending the new command to the server a reset is sent back by the server.
However if I try and access the server locally or even through a standard
routed connection all is fine and the conversation continues as usual.
Unfortunately as of yet the customer hasn't permitted me to sniff on the
server side of the firewall so I'm not certain the two conversations match.

Any suggestions anyone can make will be greatfully received.

Regards

Richard



--__--__--

Message: 2
Date: Wed, 13 Nov 2002 08:44:05 -0500
From: Don Kendrick <don () netspys com>
To: firewall-wizards () honor icsalabs com
Subject: [fw-wiz] Mainframes on the Net?

OK...maybe a little of topic but this is the group that would know :)
There is quite a push from our IBM friends to use the S/390 box for aweb server using Websphere or Apache running under Linux (either as aVM or in it's own LPAR).
Needless to say, I considered this to be a joke....putting the crownjewels on the net? Where's the multi-tiered architecture? Where's the"defense in depth?" Sure the S/390 has "never been hacked" (theirwords) but who has ever put it in a position to be hacked?
They tell me that I don't understand LPARs. They're separate machines.You can still do your multi-tiered. It's just all on the same box. Myfear, they are separate because of software, written by humans. If thatis breeched, it's game, set and match.
If they were separate boxes, they would have to communicate via someinterface that I can monitor. This isn't true all on one box.
Anyone have any experience with this fight? Am I out of line?

Don



--__--__--

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest



_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood) Boni Bruno (Nov 13)
- <Possible follow-ups>
- RE: Re: Sun FTP Server and Firewall-1 4.1 (Richard Worwood) Carl Friedberg (Nov 13)