Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Strange entries in Cisco PIX 515e

from [Wyatt, Jon] Network Security [Permanent Link]
Subject: RE: Strange entries in Cisco PIX 515e
Date: Wed, 4 Jan 2006 08:22:50 -0000 
 

________________________________

From: Compuoso [mailto:compuoso@gmail.com] 
Sent: 01 January 2006 10:38
To: firewalls@securityfocus.com
Subject: Strange entries in Cisco PIX 515e


Would someone please tell me the overall meaning and implications of the
following PIX command lines? I discovered them in our PIX 515e
configuration earlier this morning. I suspect that our corporate network
has been hacked. Thanks for your collective insight. 
 
nameif ethernet2 intf2 security4
 
access-list test permit udp host 172.17.7.10 any eq domain
access-list test permit udp any eq domain host 172.17.7.10
access-list test1 permit udp host 63.176.109.161 any eq domain
access-list test1 permit udp any eq domain host 63.176.109.161
access-list test1 permit udp any any eq domain
access-list test1 permit udp any eq domain any  
 
mtu intf2 1500
 
no ip address intf2 
 
 
 
nameif ethernet2 intf2 security4
mtu intf2 1500
no ip address intf2
 
This last line renders the interface inoperable.
 
The access-list lines look like someone's been messing about, two of the
lines 
  access-list test1 permit udp host 63.176.109.161
<http://63.176.109.161/>  any eq domain
access-list test1 permit udp any eq domain host 63.176.109.161
<http://63.176.109.161/> 

Are superceeded by the next two lines which allow domain traffic both
ways from any device to another.
 
Do you have any access-groups set up called test or test1, or failing
that, do you have any interfaces called test or test1?
 
Jon.
 

========================================================================================================================
The information contained in this e-mail is intended only for the individual to 
whom it is addressed. It may contain privileged and confidential information. 
If you have received this message in error or there are any problems, please 
notify the sender immediately and delete the message from your computer. The 
unauthorised use, disclosure, copying or alteration of this message is 
forbidden. Neither Vertex Data Science Limited nor any of its subsidiaries will 
be liable for direct, special, indirect or consequential damage as a result of 
any virus being passed on, or arising from alteration of the contents of this 
message by a third party. The following Vertex companies are authorised and 
regulated by the Financial Services Authority: 

- Exchange FS Ltd trading as The Exchange 
- Marlborough Stirling Mortgage Services Ltd trading as Marlborough Stirling 
Mortgage Services 
- Vertex Administration Ltd 

Vertex Administration (IOM) Limited is supervised by the Isle of Man Insurance 
and Pensions Authority.
Vertex Data Science Limited (England and Wales No. 3153391) registered office 
Vertex House, Greencourts Business Park, 333 Styal Road, Manchester, M22 5TX
========================================================================================================================
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Firewall technology, Barrett, Jason
Next by Date:  Re: Strange entries in Cisco PIX 515e, Compuoso
Previous by Thread:  RE: Strange entries in Cisco PIX 515e, David Gillett
Next by Thread:  RE: Strange entries in Cisco PIX 515e, Matias Siri
Indexes:  [Date] [Thread] [Top] [All Lists]