Search This Blog

Tuesday, December 15, 2009

firewall-wizards Digest, Vol 44, Issue 3

Send firewall-wizards mailing list submissions to
firewall-wizards@listserv.icsalabs.com

To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com

You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com

When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."


Today's Topics:

1. Re: Analyzing a Cisco firewalls connection table (Carson Gaspar)
2. Re: Analyzing a Cisco firewalls connection table (Tim Eberhard)


----------------------------------------------------------------------

Message: 1
Date: Mon, 14 Dec 2009 15:20:57 -0800
From: Carson Gaspar <carson@taltos.org>
Subject: Re: [fw-wiz] Analyzing a Cisco firewalls connection table
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <4B26C859.5060404@taltos.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

Paul D. Robertson wrote:

> 2. Why do people insist on archiving using rar instead of zip? I can't
> imagine letting a RAR file through a content filter, heck I don't even
> like to allow .zips!

RAR has a much better compression ration than ZIP. And _anything_ has to
be better as a file format than ZIP is. I've written a ZIP file
validation tool for use in email attachment scanning, and it isn't
pretty (the filename is in 2 places - which do you use?). There are at
least 2 corner cases where you can't reliably parse the ZIP file at all
(Hint: _never_ put ZIP magic numbers inside comments if you want to get
your data back...)

Of course I haven't looked at RAR's file format, so it's possible that
it's even worse. But that would take effort...

--
Carson

------------------------------

Message: 2
Date: Tue, 15 Dec 2009 06:01:40 -0600
From: Tim Eberhard <xmin0s@gmail.com>
Subject: Re: [fw-wiz] Analyzing a Cisco firewalls connection table
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<2c52b84e0912150401o6c2264d4j3684e6924e2e694c@mail.gmail.com>
Content-Type: text/plain; charset="iso-8859-1"

Thanks for the Feedback Paul.

The binary only tool doesn't connect to a firewall at all. It requires no
connection and can be ran 100% within a sandbox. It simply takes data from
your firewall. I find that binaries tend to be more user friendly rather
than saying install python, wx.python..etc.

But I do agree with you. This was a sneak peak that I wanted feedback on. I
had always planned to make this open source much like my other project tpcat
(a packet capture analyzer http://sourceforge.net/projects/tpcat/)

Anyhoo. Updated binary and source available here:
http://sourceforge.net/projects/ciscoconnection/

It will run on all modern systems all you need to do is install python and
wx.python. I've tested it on Windows/OSX/Linux.

Thanks again all.
-Tim Eberhard

On Mon, Dec 14, 2009 at 8:22 AM, Paul D. Robertson <paul@compuwar.net>wrote:

> On Thu, 10 Dec 2009, Tim Eberhard wrote:
>
> > It is in .exe format and is completely virus free. It requires no
> internet
> > connection. Please give it a try and give me some feedback good/bad/ugly.
> > You can download a copy here: performanceclassifieds.net/CCA.rar
>
> Feedback:
>
> 1. I'm not sure how someone is supposed to evaluate a binary-only tool
> that wants to connect to their firewall- the potential for malice is
> large, and it's difficult to imagine someone with firewall issues setting
> up an appropriate sandbox.
>
> 2. Why do people insist on archiving using rar instead of zip? I can't
> imagine letting a RAR file through a content filter, heck I don't even
> like to allow .zips!
>
> 3. Windows-only tools aren't very useful to me (one of the reasons I'm
> moving away from firewalls like Watchguard that require a Windows box to
> administer.)
>
> Paul
>
> -----------------------------------------------------------------------------
> Paul D. Robertson "My statements in this message are personal opinions
> paul@compuwar.net which may have no basis whatsoever in fact."
> Moderator: Firewall-Wizards mailing list
> Art: http://PaulDRobertson.imagekind.com/
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.icsalabs.com/pipermail/firewall-wizards/attachments/20091215/2643a9d7/attachment-0001.html>

------------------------------

_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


End of firewall-wizards Digest, Vol 44, Issue 3
***********************************************

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)