"On the Firewall" is a online journal on the subject of network Firewalls and all things Internet security.
August 18, 2008
Telnet is still the most wide-open port
News out of DefCon earlier this month that Telnet is still the most wide open port that Fyodor and the folks at the NMAP Project found when scanning the Internet. The rest of the list shouldn't be a big surprise: HTTP, HTTPS, and SSH.
August 08, 2008
SourceForge Project: FWBuilder
If you have requirements to convert Linux Firewall rules over to the PIX, ASA, or IOS you probably want to look at the SourceForge (open source) project Firewall Builder. From the project summary "Object-oriented GUI and set of compilers for various firewall platforms. Currently implemented compilers for iptables, ipfilter, OpenBSD pf, ipfw, Cisco PIX firewall and routers access lists.". At the FW Builder do org site they added: "Firewall Builder uses object-oriented approach, it helps administrator maintain a database of network objects and allows policy editing using simple drag-and-drop operations.". Sounds pretty interesting. Version 3.0 beta was announced on July 15th.
August 06, 2008
BlackHat 2008 News...
August 05, 2008
Check Everything...
OK. Here is a really good post from Firewall-Wizards mail list.
The question:
I'm having some issues with FTP traffic through our Cisco PIX 515E.
Our corporate FTP server is located outside the firewall, and we recently upgraded the FTP server software. This resulted a noticeable increase in the speed uploading files to the server (5 MB/s+). However when attempts were made to download files from the server speeds average about 300 KB/s, rapidly fluctuating between 30KB/s and 600 KB/s. Downloading the same file to a server outside our firewall resulted in speeds of about 6MB/s.
Looking at the firewall: the default inspection scheme is enabled, and the FTP inspection is turned on. The FTP server requires active transfer mode, and everything works, albeit slowly. After turning off FTP inspection connections to the FTP server did not work until enabling passive mode, but that didn't change the speeds at all.
I should probably also mention that the PIX is not doing any NAT. All the workstations and servers here have Internet routable IP addresses (206.75.x.x).
Any suggestions?
A really good answer:
Many years ago we had a similar problem. Traffic moving one way (I forget if it was uploads or downloads) After weeks of troubleshooting, I inspected and replaced the network cable. Turns out one wire wasn't making complete contact and the slow speed was actually the result of retransmitting bad packets.
Recently we had a similar problem with traffic in both directions. Completely random. We replaced the firewall, server, etc. We were running a wireless T1. The internet provider insisted that the connection tested fine. Throughout the spring the problem became worse until one (windy) day last week when our connection became unusable. The internet provider came out and discovered trees had grown about 1/2 mile away in the path of the wireless tower. Over the spring the leaves grew in and on windy days caused havoc on the TCP transmissions.
Both incidents taught me never to rule out the lower layers when it comes to networking.
We used packet captures in both cases during the troubleshooting process.
The Firewall Wizards Archive.
The question:
I'm having some issues with FTP traffic through our Cisco PIX 515E.
Our corporate FTP server is located outside the firewall, and we recently upgraded the FTP server software. This resulted a noticeable increase in the speed uploading files to the server (5 MB/s+). However when attempts were made to download files from the server speeds average about 300 KB/s, rapidly fluctuating between 30KB/s and 600 KB/s. Downloading the same file to a server outside our firewall resulted in speeds of about 6MB/s.
Looking at the firewall: the default inspection scheme is enabled, and the FTP inspection is turned on. The FTP server requires active transfer mode, and everything works, albeit slowly. After turning off FTP inspection connections to the FTP server did not work until enabling passive mode, but that didn't change the speeds at all.
I should probably also mention that the PIX is not doing any NAT. All the workstations and servers here have Internet routable IP addresses (206.75.x.x).
Any suggestions?
A really good answer:
Many years ago we had a similar problem. Traffic moving one way (I forget if it was uploads or downloads) After weeks of troubleshooting, I inspected and replaced the network cable. Turns out one wire wasn't making complete contact and the slow speed was actually the result of retransmitting bad packets.
Recently we had a similar problem with traffic in both directions. Completely random. We replaced the firewall, server, etc. We were running a wireless T1. The internet provider insisted that the connection tested fine. Throughout the spring the problem became worse until one (windy) day last week when our connection became unusable. The internet provider came out and discovered trees had grown about 1/2 mile away in the path of the wireless tower. Over the spring the leaves grew in and on windy days caused havoc on the TCP transmissions.
Both incidents taught me never to rule out the lower layers when it comes to networking.
We used packet captures in both cases during the troubleshooting process.
The Firewall Wizards Archive.
August 04, 2008
Cisco PIX End of Sale Announcement
As of July 28, 2008, Cisco PIX Security Appliance platforms/bundles are no longer being sold. Customers can still purchase accessories and licenses until January 27, 2009. It is important to note that Cisco will continue to support Cisco PIX Security Appliance customers through July 27, 2013. Follow this link to the announcement on the Cisco web site.
For a Q&A regarding the End of Sale see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/qa_eos_for_sale_for_cisco_pix_products_customer.html
Any questions about PIX End of Sale? Post your questions to the PIX Firewall Group at Yahoo! here.
For a Q&A regarding the End of Sale see: http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5708/ps5709/ps2030/qa_eos_for_sale_for_cisco_pix_products_customer.html
Any questions about PIX End of Sale? Post your questions to the PIX Firewall Group at Yahoo! here.
Subscribe to:
Posts (Atom)