[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] - Is rule0 cirvumventing my alert rules?

To: FW-1 Mailing List <fw-1-mailinglist@lists.us.checkpoint.com>
Subject: [FW1] - Is rule0 cirvumventing my alert rules?
From: "Woods, Chris" <Chris-Woods@forum-financial.com>
Date: Thu, 1 Apr 1999 08:09:41 -0500

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]



Spent the better part of an afternoon perusing Lance Spitzner's website
(very good - http://www.enteract.com/~lspitz ) and used his ideas for
setting up intrusion detection
by adding a rule that looks for certain services going directly to the
firewall, dropping them
and alerting the admin.

Currently we are running 3.0b on NT sp3.  My mail command is this:

sendmail -s Alert -t mymailserver.com -f Firewall-1
chris-woods@forum-financial.com

Running this from the command line works fine, however when I tried to test
my new rules
by trying to remotely connect to the FW running a service I am looking for,
I get no mail
alert.

I am wondering if rule 0 is somehow circumventing this?

If I use that mail command from the command line it waits for information
from stdin
and a ctrl+z.

As it stands now I get no mail alert (I specified drop & mail as the actions
in the
rulebase)

Any help would be appreciated!!


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] User data base lost
Next by Date: [FW1] FW-1 ver 4 GUI client for Win95 and NT
Prev by thread: Re[2]: [FW1] User data base lost
Next by thread: Re: [FW1] - Is rule0 cirvumventing my alert rules?
Index(es):
- Date
- Thread