RE: [fw-wiz] PIXen spewing udp packets at port 111?!
From: R. DuFresne (dufresne@sysinfo.com)
Date: 01/08/03
- Next message: ark@eltex.ru: "Re: [fw-wiz] Antivirus on a free UN*X (Linux/*BSD) platform"
- Previous message: Manlio Frizzi: "[fw-wiz] FIRESTARTER QUESTION"
- Maybe in reply to: R. DuFresne: "[fw-wiz] PIXen spewing udp packets at port 111?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "R. DuFresne" <dufresne@sysinfo.com> To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com> Date: Wed Jan 8 17:46:43 2003
Thanks to all for the replies. And an update;
I was first clued this might be a pixen issue when it came to my attention
that at least two of our clients were behind a pix PAT'ed gateway with
repeats on blocks of their gateways due to port 111 spews. Additionally,
the thread on pix logging issue recently gave another clue as the pix
admins could find nothing in their logs to correspond with the traffic we
were seeing and blocking upon reception, thus my including those folks
from that thread in this update <also in preperation should Paul request
we take this issue off list>.
The suggestions and ways of disabeling RPC on solaris are informative,
thanks to those folks for the updates to my dated info/understanding,
but, unimplimentable at present without intensive testing to see if it
breaks other issues on these web servers. Additionally, it would be a
short term fix as these web hosts are soon to be replaced with a load
balancing consolidation in the next few months.
Anyways, I'm slowly confirming my earlier suspicions that this is a pixen
issue, at least in part. This is the information I have so far:
At least two of our clients are running pixies, with PAT for their
clients. One suggestion from the group that this migh be related to a pre
6.x OS on the boxen seems to be dispelled by the fact that one of them is
running 6.2 <the other is indeed pre 6.x at about ver 5.1 with plans to
upgrade within the next few weeks>. Now this maybe incorrect, but as far
as I can verify with these admins, the logging levels for both systems
differs slightly, ones logging at level 7, the other might be logging at
level 6. I'm currently in the process of trying to verify if some of our
other clients that have had issues in the past are also behind pixies.
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
- Next message: ark@eltex.ru: "Re: [fw-wiz] Antivirus on a free UN*X (Linux/*BSD) platform"
- Previous message: Manlio Frizzi: "[fw-wiz] FIRESTARTER QUESTION"
- Maybe in reply to: R. DuFresne: "[fw-wiz] PIXen spewing udp packets at port 111?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
