Re: All rules = No rules?
From: Joseph V. Morris (jvmorris@erols.com)
Date: 11/28/02
- Next message: Walter Petelka: "Frontpage & Zonealarm"
- Previous message: Michael Ruck: "Generate Report from different LOG-Files"
- In reply to: dr.emailposter: "Re: All rules = No rules?"
- Next in thread: dr.emailposter: "Re: All rules = No rules?"
- Reply: dr.emailposter: "Re: All rules = No rules?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Joseph V. Morris" <jvmorris@erols.com> Date: Thu, 28 Nov 2002 10:00:54 -0500
The 'Undefined' Rules Category is of interest to me here, because I know
of a couple of ways to do that in earlier versions of NIS (like 3 and 4).
However, these shouldn't work in NIS 4.5 or NIS 6 (as I understand it).
I assume you've 'fixed' the rules now, from your most recent response, so
I realize you can't check for the answers to the following questions --
I'm just suggesting something you might want to look for in the future (if
anything like this happens again).
First, you opened the NIS Console and switched over to the System-Wide
settings. Did you, perchance, notice any rule names that you were
surprised to find in that list? For example, a rule for MSIE? or Outlook?
(again in the System-Wide settings) [In all honesty, it probably wouldn't
display, even if it _was_ there.]
Second, under View Statistics, in the Firewall Rules section: In NIS 4.5
and NIS/NPF 6, this is the only place where you can (now) see the actual
physical order in which the various rules are evaluated. By rights, you
should have the System-Wide rules at the beginning of the list, followed
by the Application-Specific Rules, and finally the Default Trojan Block
Rules. If this happens again, it would be worth your time to make a
_careful_ copy of the first rules (all the way down to the first
application-specific rule you see displayed, probably anywhere from 12 to
20 rules) and then compare _this_ list to the list you see under
System-Wide settings in the NIS Console. You _may_ find you have one or
more rules that aren't displaying in the System-Wide settings part of the
NIS Console (I don't know, just a possibility). If so, it's the NAME of
that 'invisible' rule that may provide some clues as to what's happened.
There's an earlier report on this at
http://www.wilderssecurity.com/index.php?board=23;action=display;threadid=
3683 (maybe CrazyM mentioned this one to you offline). In this instance,
it appeared that the original poster (OP) did, in fact, have at least one
extra rule in his System-Wide settings that was _not_ being displayed on
the NIS Console. Unfortunately, the OP simply jettisoned the firewall
before we were able to ascertain exactly what this rule was. (And, in that
thread, CrazyM gives one example of how he himself managed to create this
behavior with NIS 4.5.)
At any rate, if this happens (again!), it might be most useful to you, us,
and Symantec if you would at least take a look for either of the above two
discrepancies.
--
Regards,
Joseph V. Morris
jvmorris@erols.com
ICQ #29438199
This is a NEWSGROUP message; except for privacy reasons, please respond
therein; an e-mail COPY is always appreciated, of course.
Almost all electrons used in the creation of this message were recycled.
No electrons used in the production of this message were harmed or
mistreated in any manner.
"dr.emailposter" <dr.emailposter@freedom.invalid> wrote in message
news:as0si1$b3c$1@si05.rsvl.unisys.com...
. . . .
| No, no changes in the last months... I decided to check the rules,
removing
| MS Outlook from the ruleset, before applying Office SP3, and I noticed
all
| apps with "Undefined" category. Then I ran Outlook and the firewall did
not
| ask for permission to access... Strange, I thought, and then I checked
each
| System Wide rules - all with ALLOW, ANY, TCP or ALLOW, ANY, UDP
(depending
| on the original rule of course).
- Next message: Walter Petelka: "Frontpage & Zonealarm"
- Previous message: Michael Ruck: "Generate Report from different LOG-Files"
- In reply to: dr.emailposter: "Re: All rules = No rules?"
- Next in thread: dr.emailposter: "Re: All rules = No rules?"
- Reply: dr.emailposter: "Re: All rules = No rules?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
