Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Odd SonicWall behavior

from [Pablo Hauser] Network Security [Permanent Link]
Subject: RE: Odd SonicWall behavior
Date: Fri, 28 Oct 2005 04:07:17 -0300 
Sorry because I will not answer your question (cause I don't know what could
be happening). Just wanted to say that SonicWall always works in mysterious
ways... I had one in front of a web server; when you telnet that server, it
aswered correctly... And here's the oddity: when the server was disconnected
from the FW, it *assumed* that the server was there the same, and the
SonicWall answered the telnet... WTF!!!

Nothing else to say, but SonicWall Sucks.
 
__________________________________________________

Pablo D. Hauser | pH

www.securearg.net
Secure from the source


-----Mensaje original-----
De: Ryan James [mailto:rjames@csulb.edu] 
Enviado el: Miércoles, 26 de Octubre de 2005 21:59
Para: security-basics@securityfocus.com
Asunto: Odd SonicWall behavior

I help out one of the labs at my university keep their network up and pcs
running.  They have a webserver with some sort of vaguely sensitive
information on it, enough so that they requested money for a small firewall
for it and some of the other computers in the lab.  They got a SonicWall
tele3 (I believe) and it was working well for a year or so, but around a
week ago the campus's network admin contacted us and said that our network
was broadcasting a *lot* of traffic.  From my (outside their firewall) I did
a packet dump (I can supply it if needed) and the only thing that was
unusual was that the sonicwall was sending massive amounts of ARP traffic
asking who has the gateway's IP.  By massive I mean around twenty a second.
Before talking to me, the lab director unplugged each pc one by one from the
firewall, but the spamming continued ever after everything--including the
webserver--had been disconnected.  After I was notified, I attempted to log
into the firewall to check its logs, but it didn't work.  I scanned the
firewall with nmap and it returned that all ports were filtered, even though
access from within the network to the admin console had been turned on.
I also tried connected to the 'console' port on the sonicwall but either I
didn't know how it worked or it wasn't working properly.  In addition, it
seems that pcs within the firewalled network can dhcp an address from the
subnet's gateway (which they couldn't before) and ettercap showed that you
can see all the connections on the subnet from within the firewall.  Since
keeping the webserver up is the lab director's primary goal he doesn't want
me to attempt to reflash the firmware unless it's absolutely necessary or if
the firewall's been compromised.  So I guess my question is:  is someone
tunneling a connection from our firewall to off-campus over ARP or has the
firewall just gone a bit nutty?


        

        
                
___________________________________________________________ 
1GB gratis, Antivirus y Antispam 
Correo Yahoo!, el mejor correo web del mundo 
http://correo.yahoo.com.ar
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco Books, invalid_addr3ss
Next by Date:  Any research on log correlation and aggregation?, ricci
Previous by Thread:  Re: Odd SonicWall behavior, Austin Murkland
Next by Thread:  RE: Odd SonicWall behavior, Jason Harris
Indexes:  [Date] [Thread] [Top] [All Lists]