Concerned with software or hardware firewalls
-5
votes
0answers
25 views
How to bypass > < and " filters [on hold]
When I enter a script in the search box of a web application, like
<script> alert(0) </script>
then it is converted to
<script> alert(0) </script>
Can I ...
2
votes
2answers
78 views
Firewall & TCP Traffic
I have a question regarding network firewalls and TCP traffic. When a firewall rule is set to block either inbound traffic, outbound traffic, or both on a port, does that only apply to initial ...
1
vote
2answers
69 views
Mixing stateless and stateful firewall rules
I have been advised that mixing firewall rules that are both stateful and stateless can lead to trouble when it comes to troubleshooting. Is there any truth in this?
Take the following two rule sets ...
0
votes
2answers
50 views
IPTable Security between two servers
Is using IPTables to only allow traffic between two servers considered an acceptable practice? For example TCP traffic on a defined port. I realize this is referred to as an ACL but how secure is ...
-1
votes
0answers
26 views
May Firewalls and Intrusion Detection Systems also be used to secure data transmissions in WLAN?
This would be my answer, but I am not sure if it is correct:
Wireless Intrusion Detection Systems (WIDS) can be used to monitor wireless activity for signs of attack. Deployed as an integrated ...
-4
votes
0answers
27 views
Port forwarding woes [closed]
I have a dilemma on my hands and I'm looking for ideas or opinions on what else I can do in this regard.
I use port forwarding with my ISP to access my security systems (DVR) in the store through ...
-3
votes
0answers
62 views
How to tell if your internet is being filtered? [closed]
In his recent interview, Edward Snowden states that Hong Kong's internet isn't being firewalled more than "any other western nation." I take that to mean that the United States government filters our ...
0
votes
1answer
64 views
How are IaaS Virtual Machines Isolated?
I am currently examining Hypervisor firewalls for my graduate thesis, but I unfortunately don't have a lot of experience with IaaS environments. How are IaaS Virtual Machines network isolated from ...
0
votes
0answers
23 views
Is there a way to block all internet traffic for a user with windows firewall? [migrated]
I have an application that always runs under a dedicated local user account. I want to block all inbound and outbound traffic for that local user account. The other user accounts on the machine need ...
1
vote
1answer
88 views
Why are some ports reported as closed by nmap?
I was scanning a machine from inside the same LAN which is running and up to date Windows XP Home Edition which I suspect may be running some malware.
The target machine has an up to date antivirus ...
-1
votes
1answer
71 views
Is there a way to get OS X to start a VPN connection before allowing network traffic? [closed]
I'm running OS X 10.8 and have Tunnelblick set up so I can connect to my OpenVPN server at home. I've also used this at $WORK in the past.
When I'm out and about and want to jump on a public network, ...
-1
votes
1answer
49 views
File shares from a DMZ into an internal network
We have a firewall policy that prohibits MS RPC through firewall, particularly from internet facing DMZ's back to the internal network. There is a business unit requesting an alternative method to ...
-1
votes
1answer
32 views
Do I need logging enabled in my rules in IPFW for sshguard-ipfw to work/blacklist ip's?
From the FreeBSD handbook: "Even with the logging facility enabled, IPFW will not generate any rule logging on its own. The firewall administrator decides which rules in the ruleset will be logged, ...
0
votes
1answer
92 views
How can I better protect my LAN from Internet Hackers
My computer is connected to my Netgear router which is also the switch for my network, this in turn is connected to my cable modem which is just a bridging device.
My router is blocking scans and ...
1
vote
4answers
83 views
Enforcing personal firewall for OS X
We're currently doing PCI compliance, and one of the requirements is that mobile devices that have access to systems involved in processing card data have personal firewall software installed which ...
0
votes
1answer
73 views
What triggers a Firewall to block a TCP Socket?
I was wondering what would cause a Firewall to block a TCP Java Socket from connecting. What would trigger that? Thanks!
6
votes
3answers
159 views
Trying to firewall ports 1863, 5190
I'm using Debian's arno-iptables-firewall and I've configured it to only allow access on the ports I need.
But nmap shows ports 1863, 5190 open. What gives? How can I interrogate those ports further?
...
0
votes
1answer
97 views
Securing my firewall (both dedicated and iptables-based) [closed]
I have an ASA-5510, but I also intend to maintain strict IP tables on my server (Ubuntu 12.04.2), so that there are two layers of "protection".
My iptables look like this:
*filter
# Allows all ...
-3
votes
1answer
123 views
Web GUI for Snort + ModSecurity [closed]
I'm trying to find a suitable (or easily modifiable) web GUI for snort + modsecurity logs. As far as I know, Splunk can do that by installing the snort and modsecurity plugins. Is there any other ...
4
votes
2answers
122 views
Can a firewall tamper with email attachments?
I am using Thunderbird as an email client for managing my different email accounts. Yesterday my friend sent me an email with a PDF attachment. Today when I tried to open the attachment I get the ...
2
votes
2answers
236 views
What's the difference between an application-level and circuit-level gateway?
From Wikipedia, I understand that circuit level gateways look at TCP handshakes to filter illegitimate traffic and that application level gateways somehow filter application specific traffic.
But I ...
1
vote
1answer
74 views
Whats a secure firewall rules using UFW?
On my Ubuntu server I have these services running:
netstat -tlnp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program ...
4
votes
4answers
181 views
HTTPS firewall rule
Setting up Firewall rule for HTTPS websites on basic stateless packet filter firewall
This seems like a stupid question, but how do I set up a firewall rule to allow HTTPS on a basic packet filter ...
2
votes
2answers
195 views
How does a firewall help to protect a server?
Since a potential attacker will exploit the services that are already open to public by firewall rules, how will a firewall help to protect my server from attackers?
3
votes
3answers
134 views
Securing a network attached storage on the internet
I recently purchased a network attached storage for personal file storage and would like my family members to store files on the device from their computers as a remote backup.
I'd like to secure ...
-1
votes
3answers
207 views
What is the difference between a Gateway and a Firewall? [closed]
What is the difference between a Gateway and a Firewall and how do they relate to one another?
I am a developer trying to get a general understanding of network security.
-1
votes
1answer
116 views
Is there a tool I can use to see if my website is being blocked by common business content filters? [closed]
Not 100% sure this is the right site, but hey-ho,
Title sums it up, I'm getting sporadic reports from a couple of clients that people visiting bits of their sites are being blocked with a message ...
4
votes
3answers
187 views
The safest way to circumventing Iran's Internet censorship
We usually buy services like VPN, SOCKS, Kerio [Kerio Connect?]... to circumvent Iran's Internet censorship policy.
Recently, one of the shops started selling [one of] Kerio's products, for which I do ...
-1
votes
2answers
178 views
Allow embedded videos while keeping youtube blocked [closed]
Our organization has launched a training program for employees. the hosting server(internal), has YouTube videos embedded. we have YouTube blocked, and employees access the internet via proxy.
How can ...
1
vote
2answers
65 views
Remote File Injection in ARGS blocking form updating database
I am getting a page forbidden because mod_security blocks it with Remote File Injection in ARGS rule.
How do I stop this apart from not including URLs in the form fields or removing the http:// ...
2
votes
1answer
105 views
Barracuda antispam access to active directory in dmz : opening port or not?
I have a Barracuda Antispam unit and look to use recipient validation with active directory to stop sending NDRs (non-delivery reports) when we are being spammed.
What I see on the web is people ...
4
votes
1answer
232 views
How to use NMap to portscan a SonicWall that is blocking all attemtps?
It seems that SonicWall is blocking attemtps to scan its ports. I know it has some ports open, like 443, because if I access using the browser I get a web site. But when I try to use NMap I can't see ...
-1
votes
1answer
159 views
How to find IP Addresses that have been attacking my Computer Ports ?
I am a newbie at Info Sec, and wanted to know which IP addresses are sources of attack traffic.
Can I also find out which ports are being attacked?
Can this information be found in windows firewall? ...
2
votes
0answers
45 views
Could you attack a port without knowing what service was listening? [duplicate]
A lot of discussion I see suggests that changing default ports for services is just "security by obscurity" and is easily defeated by scanning for open ports.
My question is this, though, if the ...
1
vote
1answer
65 views
Are there any cross platform firewall solutions with a central management platform?
Currently I have a bunch of servers scattered across a few different providers e.g. EC2, rackspace. Some boxes are Linux and some are Windows. Currently I'm finding the administration of the ...
6
votes
3answers
248 views
TCP Sequence Prediction and it's prominence in modern systems/networks
I have a question regarding your experience of TCP Sequence Prediction that I am hoping someone could help with.
I am aware of how TCP Sequence Prediction works and how the connection can be hijacked ...
3
votes
1answer
212 views
Exploited by newbie3viLc063s
My debian server got exploited by some scriptiekiddie who used Newbie3viLc063
http://pastebin.com/jma8JRG1 .
Scriptkiddie uploaded logo_php.png to my server (My permissions sucked :s) and he did run ...
3
votes
2answers
2k views
What are the TCP/UDP ports used by torrent applications?
I want to block torrent traffic on my network because it is utilizing too much bandwidth and disrupted my network traffic. What port range should I use and what protocol TCP or UDP?
2
votes
1answer
61 views
SYN scan, determining scan vs large file upload
In a system attempting to detect SYN scans, one technique is to analyze the rate of change of (network packets sent from victim host per second). Processes such as uploading a large file would not be ...
4
votes
1answer
228 views
How to whitelist an Amazon ELB in a(ny) firewall?
We have a customer with a very locked-down network. Any outbound connections require whitelisting of the port and IP address.
However, we are running our system behind an Amazon Elastic Load Balancer ...
-1
votes
1answer
85 views
No data going through IPsec Tunnel [closed]
I encountered the question below in an exam, which I'm trying to understand, kindly help me out to decipher this.
Question: An IPSec tunnel between two firewalls has been set up. However, no data is ...
3
votes
1answer
86 views
Why guest's connections can pass host's firewall?
I've been wondering about this.
Assume a host with a strong firewall setup (for example only allowing port 80). That host has some virtual machines without firewall.
Why the connections made on ...
2
votes
3answers
135 views
State before getting whitelisted?
There is a data flow of incoming files (from untrusted, external sources), that get whitelisted by a kind of application layer firewall.
Is there a common name for the state of the files before they ...
0
votes
1answer
81 views
allowing inbounding UDP datagram if outbound has been done [closed]
Situation:
S: Server computer.
F: Hardware device between S and end-user clients
S uses both TCP and UDP for service.
A client (C) connect to S and establish UDP virtual connection.
For knowing ...
11
votes
4answers
4k views
How are spoofed packets detected?
My assumption:
When a firewall is configured to drop spoofed packets, it tries to ping (not necessarily ICMP) the source IP and sees if it belongs to a real host or if it's up, and if not, it drops ...
0
votes
0answers
1k views
What program could try to reach fbstatic-a.akamaihd.net:443 continuesly? [closed]
Social networking is blocked by K9 Web Protection. The keywords "fb", "facebook" are blokked as well. However K9 continuesly pops up the following:
http://i.stack.imgur.com/FviFb.png
It says ...
2
votes
1answer
150 views
Normalizing Windows Advanced Firewall rules
How can I best normalize our Windows Advanced Firewall rules while implementing network segmentation? I want them to be as clear and concise as possible for audit purposes. What few examples I've seen ...
0
votes
1answer
266 views
icmp packets not able to reach the firewall despite of adding a specific rule, why?
I am using iptables to allow the icmp traffic in/out of my host. Please find below are the entries from my firewall (linux based):-
[root@localhost ~]# iptables -L
Chain INPUT (policy DROP)
target ...
2
votes
3answers
393 views
Is it really better to use port 80 or 443 for outgoing traffic in order to bypass user firewall?
I recently created a reverse connection shell in C#. I tested it with some computers and I noticed that some computers connected back correctly and I established connection with them but another ...
1
vote
2answers
956 views
What justification is there for Comcast to block SMTP port 25 outbound from residential service?
Within the last week, Comcast seems to have started blocking port 25 outbound from their residential internet service.
I can sort of understand why they might justify blocking it inbound as perhaps ...
