The CyberGuard product line will validate the 3way handshake prior to
allowing mail to the internal server, depending on how you have
configured the SMTP SmartProxy. If your external MX record points mail
traffic to the external interface of your FS, then you would configure
the proxy as Inbound To. If the external MX record points traffic to the
internal mail server (or one on the DMZ) then you would configure the
proxy as Inbound Through. Double check your packet-filtering rules and
mail traffic should have a proxy entry.
What version are you running? I would also follow Don's advice for
blocking bogus source/destinations from hitting the FS on both sides. No
need to slow down the firewall with junk you don't allow or is invalid
from the start. True, it MAY slow your routers down a bit, but it will
free up your FS processing power for legitimate work. Overall, your
network will speed up a bit which is a plus.
HTH,
Lew
-----Original Message-----
From: Don Parker [mailto:hydra291@hotmail.com]
Sent: Wednesday, August 25, 2004 9:09 AM
To: Marc@MyCart.net
Cc: firewalls@securityfocus.com
Subject: Re: IDS & NetProwler
Hi Marc, please see the following link for bogon ranges and what they
are; http://www.cymru.com/Bogons/
Cheers,
Don
From: Marc O'Leary <Marc@MyCart.net>
To: Don Parker <hydra291@hotmail.com>
Subject: Re: IDS & NetProwler
Date: Wed, 25 Aug 2004 07:34:00 -0500
What are Bogon Ranges? "Bogus" ranges or is there a list called bogon?
On 8/25/04 6:20 AM, "Don Parker" <hydra291@hotmail.com> wrote:
Hi Marc, I don't have any info on NetProwler itself but you may want
to simply buy a PIX which has the ability to validate the 3way
handshake
prior
to handing it off to the internal network service. Also you may want
to
take
the time and disallow all the bogon ranges on your router. Hope this
helps.
Cheers,
Don
---------------------------------------
Don Parker, GCIA
Intrusion Detection Specialist
1.613.302.2910(c)
---------------------------------------
From: "Marc S. O'Leary" <marc@mycart.net>
To: <firewalls@securityfocus.com>
Subject: IDS & NetProwler
Date: Fri, 20 Aug 2004 18:01:42 -0500
I'm a recent victim of the "Pay Me $10,000 and I'll stop DOS'ing
You" email and subsequent DOS attack. We have killed it for now
via the ACL lists. My Firewall, an FS 250, has an option for IDS &
Shutdown affecting connections, but it wants to use NetProwler.
Any info on NetProwler or eqiv?
Marc
Have a spectacular day,
Marc O'Leary
913.681.2080 Ext.4305
913.681.2288 Fax
Marc@MyCart.net <mailto:Marc@MyCart.net>
7200 W 132nd St Suite 380
Overland Park, KS 66213
NOTICE: This communication may contain confidential or other
privileged information and has been sent in an unencrypted format.
If you are not the intended recipient, or believe that you have
received this communication in error, please do not print, copy,
retransmit, disseminate, or otherwise use the information. Also,
please indicate to the sender that you have received this email in
error, and delete the copy you received. Any communication that
does not relate to official business is that of the sender and is
neither given nor endorsed by the sender.
_________________________________________________________________
Powerful Parental Controls Let your child discover the best the
Internet
has
to offer.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&S
U=http:
//hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSNR Premium right now and get
the first two months FREE*.
_________________________________________________________________
Powerful Parental Controls Let your child discover the best the Internet
has
to offer.
http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU
=http://hotmail.com/enca&HL=Market_MSNIS_Taglines
Start enjoying all the benefits of MSNR Premium right now and get the
first two months FREE*.
