Re: PIX - problem

a-orloff · ‎12-23-2003

Hi,

I have a question about PIX firewall :

1. I have connections from outside to inside throw 135 port.

PIX should deny this connections but it doesn't. I haven't rule on PIX that permit or deny these coonections.

How this can be that hosts from outside can establish connections to inside.

Thunks

tvanginneken · ‎12-23-2003

Hi,

The pix indeed should deny those connections. I am afraid there is something wrong with the config.

Is it possible to post the config of the pix? Please remove public addresses and passwords.

Kind Regards,

Tom

a-orloff · ‎12-24-2003

Hi,

Unfortunately I can't post the PIX config because there a lot of confidential information. The host that in inside have no static. I have the following line in config: conduit permit icmp any any. Thats all. All other conduit commands for static addresses only.

What you think about this?

What additional information you need to know about our current configuration?

Thanks.

jmia · ‎12-24-2003

Hi,

As Tom said it would be helpful if we can see your config, One thing you could try is to goto www.grc.com and use SHIELDS UP software to test your PIX and see what other ports you might have open, if you get a result stating that your firewall is 'Stealthed' then thats a good sign but somehow I think you might have other ports open to the outside world. The grc.com test is secure and I've used it many times for penetration testing.

Let me/us know your results.

Thanks - Jay.

a-orloff · ‎12-24-2003

Thanks for advice.

We are testing PIX now. We have some addresses in NAT that have 135 port opened.

What you think about this?