Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Pix command question

from [Kerry Thompson] Network Security [Permanent Link]
Subject: Re: Pix command question
Date: Thu, 12 Aug 2004 13:20:48 +1200 (NZST) 
Bob Smith said:

Does the "fixup protocol sqlnet" command only apply to Oracle or does it
apply to other DB's like MS-SQL ?  Cisco doc's seem to only allude to
Oracle.  If so and we add a "fixup protocol sqlnet <MS-SQL port>" to our
config are there any gotcha's anyone knows about?


Its probably not going to work with MS-SQL. In Oracle's SQL*Net the client
connects to server port 1521 and negotiates a secondary port to connect to
the actual database ( a bit like ftp does ). The server passes a port
number back to the client and the client reconnects to this port. The PIX
analyses the data packets looking for the pattern specifying the secondary
port, and when it sees it it implicitly permits the client to connect to
that secondary port ie. it performs a "fixup" for the port.

Unless MS-SQL does the same negotiation with the same protocol and same
data patterns then the PIX won't pick it up. I don't know how MS-SQL
connects, but I suspect all you need is a plain ole access-list permitting
the client through to the singular server port.

Kerry

-- 
Kerry Thompson, CCNA CISSP
Information Systems Security Consultant
http://www.crypt.gen.nz  kez@crypt.gen.nz
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: SMTP Relay, Dennis Dimka
Next by Date:  Re: SMTP Relay, Aaron
Previous by Thread:  Re: Pix command question, jamesworld
Next by Thread:  PIX interface statistics, Boylan, Heather \(C\)\(STP\)
Indexes:  [Date] [Thread] [Top] [All Lists]