[fw-wiz] pixen abnomalities;
From: R. DuFresne (dufresne_at_sysinfo.com)
Date: 08/19/03
- Previous message: Hoang, Binh P,,DMDCWEST: "RE: [fw-wiz] pix 501 as bridge firewall. Possible?"
- Next in thread: Melson, Paul: "RE: [fw-wiz] pixen abnomalities;"
- Maybe reply: Melson, Paul: "RE: [fw-wiz] pixen abnomalities;"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'firewall-wizards@honor.icsalabs.com'" <firewall-wizards@honor.icsalabs.com> Date: Tue, 19 Aug 2003 11:58:27 -0400 (EDT)
Folks,
It's ben awhile since I played in a firewall admin role, and worked mostly
with fw-1 ipchains/iptable kinda setups. But, in a new position as a
unix/web admin, I'm dealing with firewall admins that maintain that not
setting the pixies to send an rst upon idel timeout is a 'protection' in
case the connection that went idle was hijacked. Course, this will hose
up a console connetion for a good twenty minutes or more depending upon
the configuration of the sytems I'm using a console on. But, is this
really a concern and rationale for not sending an rst on idle timeout
limits?
I'm highly suspecting that this rationale is a coverup for the fact that
the firewal admins not knowing how to set their pixies to send and rst
upon reaching an idle time limit. Having not worked with these boxen, I
do not know the config parmas required to do so,can someone clue me to
both the config setting the pixies require to send the rst and whether or
not the rationale offered aboue about idle connections possibly being
hijacked stands to reason?
Thanks to all the pixie experts that might have time to lend a word here,
Thanks,
Ron DuFresne
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
admin & senior security consultant: sysinfo.com
http://sysinfo.com
"Cutting the space budget really restores my faith in humanity. It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
-- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Hoang, Binh P,,DMDCWEST: "RE: [fw-wiz] pix 501 as bridge firewall. Possible?"
- Next in thread: Melson, Paul: "RE: [fw-wiz] pixen abnomalities;"
- Maybe reply: Melson, Paul: "RE: [fw-wiz] pixen abnomalities;"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
