Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Strange entries in Cisco PIX 515e

from [Andrew Shore] Network Security [Permanent Link]
Subject: RE: Strange entries in Cisco PIX 515e
Date: Mon, 9 Jan 2006 16:03:47 -0000 
Of course these access list may not actually be applied to any interface
plus the access list is useless with out corresponding nat statements, so
don't burn the entire network quite yet.

 

  _____  

From: Chris Serafin [mailto:chris@chrisserafin.com] 
Sent: 02 January 2006 20:53
To: 'Compuoso'; firewalls@securityfocus.com
Subject: RE: Strange entries in Cisco PIX 515e

 

 

 

  _____  

From: Compuoso [mailto:compuoso@gmail.com] 
Sent: Sunday, January 01, 2006 4:38 AM
To: firewalls@securityfocus.com
Subject: Strange entries in Cisco PIX 515e

 

Would someone please tell me the overall meaning and implications of the
following PIX command lines? I discovered them in our PIX 515e configuration
earlier this morning. I suspect that our corporate network has been hacked.
Thanks for your collective insight. 

 

 

Naming the interface 'intf2' with a security level of '4'

nameif ethernet2 intf2 security4

 

permiting internal host 172.. to access anything = domain

access-list test permit udp host 172.17.7.10 any eq domain

 

permiting anyone to access internal = domain
access-list test permit udp any eq domain host 172.17.7.10

 

permiting external host 63.... to access anything = domain

access-list test1 permit udp host 63.176.109.161 any eq domain

permiting anything to access 63.. = domain

access-list test1 permit udp any eq domain host 63.176.109.161

 

permit anyone to access anyone = domain
access-list test1 permit udp any any eq domain

 

same
access-list test1 permit udp any eq domain any  

 

MTU size = means nothing

mtu intf2 1500

 

no ip address configured

no ip address intf2

 

 

Well whoever wrote the config's is an amateur, cause why configure 1
inetrnal , 1 external, and then configure EVERYONE for access.?

Act as if it was hacked, audit ALL config files , check flash: dir for weird
files , change passwords and log everything, assume all SNMP and syslog
server have been compromised

 

Or it could be nothing........just the last shitty admin's work

 

Chris Serafin

IT Security / Voice Engineer

chris@chrisserafin.com

Attachment: smime.p7s
Description: S/MIME cryptographic signature

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re: Tool for to test firewall, Daniel
Next by Date:  Re: CheckPoint Web Visualization Tool, yash
Previous by Thread:  RE: Strange entries in Cisco PIX 515e, Matias Siri
Next by Thread:  Log analyzers, Ganesh Iyyappan (IT)
Indexes:  [Date] [Thread] [Top] [All Lists]