r*****3
发帖数: 143 | 1 中文名: 思科防火墙
原名: Cisco Firewalls
作者: Alexandre M.S.P. Moraes
图书分类: 软件
资源格式: PDF
版本: 英文文字版
出版社: Cisco Press
书号: 978-1-58714-109-6
发行时间: 2011年
地区: 美国
语言: 英文
简介:
内容介绍:
Concepts, design and deployment for Cisco Stateful Firewall solutions
“ In this book, Alexandre proposes a totally different approach to the
important subject of firewalls: Instead of just presenting configuration
models, he uses a set of carefully crafted examples to illustrate the theory
in action. A must read!” —Luc Billot, Security... 阅读全帖 |
|
l*l
发帖数: 225 | 2 the information of firewall is no use.
有一点可以利用,firewall can open X in/outside of it's self.
So, I guess your firewall is *NIX system which have two net card.
Can you access the consol of firewall? If you can, and want open X
on this firewall, tell your admin to set start X for your.
防火墙本身就是代价,不过你现在的防火墙可以为你提供更多的虚拟地址。 |
|
j**n
发帖数: 13789 | 3 【 以下文字转载自 ChinaNews 讨论区 】
发信人: jnyn (hamster), 信区: ChinaNews
标 题: Kindle 3G bypasses China's Great Firewall
发信站: BBS 未名空间站 (Mon Nov 8 17:18:07 2010, 美东)
Summary
People in China have found that Amazon's Kindle e-reader allows them to
bypass the country's 'Great Firewall', according to a report.
Topics
China, Network, Amazon.com Inc., 3G, Firewalls, Network Security, Cellular
Phones, Security, Wireless And Mobility, Consumer Electronics, Personal
Technology, Networking
People in China have found... 阅读全帖 |
|
j*****o
发帖数: 320 | 4 You---Internet----Firewall--Server
Ask the network admin to grant your access to visit your servers behind
the firewall.
or
You--Firewall-----Internet--Server?
By default, the firewall allows LAN users to access anywhere. If you can't
ask your firewall administrator. |
|
j**n
发帖数: 13789 | 5 Summary
People in China have found that Amazon's Kindle e-reader allows them to
bypass the country's 'Great Firewall', according to a report.
Topics
China, Network, Amazon.com Inc., 3G, Firewalls, Network Security, Cellular
Phones, Security, Wireless And Mobility, Consumer Electronics, Personal
Technology, Networking
People in China have found that Amazon's Kindle e-reader allows them to
bypass the country's 'Great Firewall', according to a report.
An article in the South China Morning Post on T... 阅读全帖 |
|
v*****r
发帖数: 1119 | 6 OS: RedHat 5.3服务器上装了两个网卡:eth0 and eth1. eth0 是连internet的
public interface, eth1 是 private interface (for cluster nodes
interconnections). 按要求防火墙需要打开 (iptables), 在 RedHat 4 (or under 4
) 下面,通常我都是打开防火墙(enable iptables),同时设 eth1 为 "Trusted Device
“ to bypass firewall. (在 Security Level and Firewall 窗口里,以上设置可一
步完成。)发现在 RedHat 5 里的 Security Level and Firewall 窗口下,没有了 “
Trusted Devices" 的选项,google 了一下,也没找到答案。我的问题是:1. RedHat
5 里,如何设置 eth1 为 “Trusted Device" to bypass iptables firewall.2. 如果
GUI window |
|
z*******w
发帖数: 79 | 7 Building Your Firewall Rulebase
Lance Spitzner
Last Modified: January 26, 2000
Building a solid rulebase is a critical, if not the most
critical, step in implementing a successful and secure
firewall. Security admins and experts all over the
Internet
argue what platforms and applications make the best
firewalls. We compare stateful inspection tables,
application based filtering, fragmentation and reassembly,
etc.
However, all of this is meaningless if your firewall
rulebase is misconfigure |
|
l*l
发帖数: 225 | 8 I think your firewall is IP-mask style, you will have your own IP
such as 192.168.XXX.XXX, this kind firewall is simple but it disable
the real IP of the internet. So the outside program can't get the real
DISPLAY env.
Other firewall like IP forward, and IP Proxy, some time you can enable
the service of transfer PORT/6000 , it can work.
So, check your local IP, if it is local such as 192.168...., you have trouble. |
|
s*****g
发帖数: 1055 | 9 Many ITSPs are now offering hosted VoIP services to small/medium size
enterprises where customers just need to plug&play cheap SIP phones to their
internal network behind firewall, call control etc will be located in the
cloud. Customer does not have to do anything special on their firewall. I am
wondering typically how the call works, remember that the firewall/NAT
device does not need to be SIP aware, so how does internal SIP phone tell
other party where to send media to? using STUN to find i |
|
s******y
发帖数: 1 | 10 【 以下文字转载自 Internet 讨论区,原文如下 】
发信人: shoutsky (啸天), 信区: Internet
标 题: Help: firewall got me big problem!
发信站: The unknown SPACE (Mon May 6 18:49:21 2002) WWW-POST
I installed Norton Internet Security version 4.0. But this firewall disabled
my JavaScript. The software also got some other problem so that I can't change
this firewall's setting. So I decided to uninstall this software. But after
that, my JavaScript is still blocked. Also when I visit bbs.mit.edu, there's
no content but only blank pa |
|
L****u
发帖数: 18 | 11 一直用windows 本身带的firewall,最近开机后一直有security alert,"firewall is
off",按照instruction 去turn on,说是under group policy.以前能turn on,是不是
windows为了推销起windows care one, 最近取消了built in firewall? |
|
s******n
发帖数: 15 | 12 【 以下文字转载自 Windows 讨论区 】
【 原文由 skyocean 所发表 】
先在机器位于一firewall控制下,想利用firewall外面主机的x软件,
不知可不可以?现在总是不能将图形界面的程序显示出来。困惑呀!
thanks. |
|
s******n
发帖数: 15 | 13
you mean i can telnet to the firewall, then telnet to the X client,
and take the firewall as the X server?
block me a lot, can't use email client to check email, some website can't
be logon.
不过你现在的防火墙可以为你提供更多的虚拟地址。
//nod, this is the only advantage that i can think. |
|
w********e
发帖数: 1416 | 14 noroot firewall开始用感觉很精炼,后来k88升级了系统。。。很长时间后发现
freedompop的卡显示连接好好的,就是上不了网了。apn什么都设置了,甚至系统都
reset了还是不行。
后来发现要想连上,必须用vpn类型的防火墙;似乎是noroot firewall悄悄把系统的什
么地方给改了,使得default block掉所有的通道。唯一发现不用开防火墙也能上的地
图。
所有浏览器显示: net::ERR_PROXY_CONNECTION_FAILED
两外,感觉这个板子的reset不彻底,两分钟就reset完了,不是真的重装了下系统,所
以noroot firewall捣乱的地方抹不掉;所以这个板子要小心。
当然版上可能有高人,知道解决这个问题或者谁有stock rom请告知。多谢! |
|
f********e
发帖数: 283 | 15 ☆─────────────────────────────────────☆
xiaxie (publish, or perish) 于 (Wed Jul 28 12:19:38 2004) 提到:
XP's built-in firewall only blocks incoming traffic, but it's a perfect
defense when you download Windows updates after re-installation.
Last year, when a firewall was not present, it took me 3 minutes to be
infected by MS BLAST; this year, it took me just 3 seconds :-)
(I have a group of computers hooked up so I did the experiments)
After you install a lot of stuff, however, XP's built-in f |
|
a***n
发帖数: 262 | 16 I am always curious about how big service provider
do this.
Take an example, I have two sites, running BGP with
one service provider at each location. How do you
implement the firewall failover at these two locations?
For Cisco ASA or FWSM, my understanding is that you
have to run ASA/FWSM in transparent mode, and put them
in a failover pair which means these two sites has to
be in HSRP/VRRP for the pass thru VLANs.
Another mode I used in our campus, just stateless
symmetric routing failover. E... 阅读全帖 |
|
m********d
发帖数: 188 | 17 还是那个问题,是在说SP网络呢,还是corp IT网络?
firewall failover cross two remote sites?HA可能比firewall本身的
硬件更不可靠吧? |
|
m********d
发帖数: 188 | 18 firewall failover across multiple sites, 我能想到的问题有两个:
1,ha会不会比硬件本身更不可靠
2,firewall failover和routing不配合怎么办?
至于整体网络结构有多“创新”,倒不是最重要的了,喜欢就行,呵呵。 |
|
c********n
发帖数: 1577 | 19 NAS啊,firewall啊 htpc啊这些东西都玩很久了
不知道市面上有没有一体的solution?
集成NAS,firewall,router,wireless,htpc于一体?
我知道小米做了一个类似router+里面一个drive的产品,可也不能直接播放 |
|
i**p
发帖数: 902 | 20 【 以下文字转载自 CS 讨论区 】
发信人: isup (No), 信区: CS
标 题: NAT, router, firewall
发信站: BBS 未名空间站 (Mon Sep 19 15:44:07 2005)
I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it? |
|
k****n
发帖数: 52 | 21 【 以下文字转载自 EmergingNetworking 讨论区 】
发信人: ketten (ketten), 信区: EmergingNetworking
标 题: HELP: VPN Firewall/Router/Switch
发信站: BBS 未名空间站 (Thu Feb 26 12:37:19 2009)
Any recommendation on a VPN firewall/router/switch at a budget < $500? It is
for setting up a small private network at work.
I have read some comments from the web complaining that the throughput of
VPN router within this budget range is too low due to underpowered CPUs.
Ideally, I am looking for a model: easy to setup and with a reasona |
|
b*********d
发帖数: 20 | 22 I used to use JDBC to connect to SQL server. It worked well. Recently, I
reinstalled my computer(including Jdk1.3 Microsoft SQL 2000 Jdbc driver), and
firewall is stalled into the server with SQL database.
When I run the Java program, it can not work. The error messages are as
follows:
I wonder if the server is configured with firewall, can I still use the JDBC
to access the server?
Thanks a lot!
DriverManager.initialize: jdbc.drivers = null
JDBC DriverManager initialized
registerDriver:
driver[ |
|
u**********e
发帖数: 282 | 23 Anybody knows how to make RMI bypass firewall without using http tunneling?
In other words, how to fix port in RMI so that it can be used when firewall is
in between?
Many thanks. |
|
c*********e
发帖数: 16335 | 24 很多公司不愿意用aws,而是用传统的2个firewall,2个server.这样花不了多少钱,而且
database绝对不会被hacker搞到手。
aws上怎么实现web server,app server分离,2个firewall的?还有那个https,ssl
certificate,token搞起来好麻烦。aws上的token是哪个server发出的,哪个server来
检验token是否正确的? |
|
B*********s
发帖数: 292 | 25 千辛万苦把无线网络装上了,上网没有问题,下载skype能达到500kbps,却看不到网络
邻居的内容。
我怀疑是firewall的问题。从那台电脑访问路由器 http://192.168.0.1 是 Failed to Connect。我从另一台ubuntu上ping那台电脑都是 0 reached:
987 packets transmitted, 0 received, 100% packet loss, time 986149m
或者,跟“Workgroup”有关么?
请问:怎么查firewall? 新装的系统,没有修改太多东西。 |
|
a*******e
发帖数: 3021 | 26 问题是这样的,
...........
The License Manager operates on 2 ports: 50001, + 1 other (usually random)
port. The firewall is able to handle keeping 27004 open for the LM, but
since
port 2 is randomly determined by default, the firewall can't differentiate
between LM traffic and other traffic on those random ports.
............
我可以用这个来打开50001口,但是那个随机的咋办?
iptables -A tcp_packets -p TCP -s 0/0 --dport 27004 -j allowed
下面是我关掉防火墙时的输出,
netstat -a | grep al
Proto Recv-Q Send-Q Local Address Forei... 阅读全帖 |
|
t******q
发帖数: 117 | 27 Highhands,
how to evaluate linux as firewall,
I just knows ipchains and masq.
if setup a linux box with the two methods to be a firewall.
how do you guys evaluate it, what is the weak points
compare commercial ones?
thanks |
|
o*******k
发帖数: 562 | 28 刚装了norton 2002的firewall,我选择了那个缺省block一切,然后再
选择链接那个选项.后来问题就来了.因为我在局域网,需要logon到系里
的机器上才能上网(就是网络服务由系里提供).可能我block了一些网络
程序,机器的速度变得很慢.很多网页联很久才能连上.
最ft的是我重启了一次,结果以后再也改不了norton firewall的设置了,
告诉我不是supervisor.本来想改改让机器快点的.我可是正儿八经的
administrator啊,怎么不行了呢?卸载也不让,还是说没有权限.这怎么办?
大侠指教. |
|
x**l
发帖数: 12 | 29 想到一个游戏站点,可是学校的FIREWALL禁止访问任何"GAME"的网站....有什么网站/工具
可以透过LOCAL FIREWALL 访问所有INTERNET 站点么? |
|
m**c
发帖数: 90 | 30
具
That is what FIREWALL is for :-) If you can break it without admin privilege,
then we would say there is a security "hole" in the FIREWALL :-) |
|
j***i
发帖数: 4975 | 31 是买Virusscan 7.0附赠的
刚开始好好的,后来重新装了一次机器
再想启动防火墙,就会出现
McAfee Firewall encountered an error attempting to start the Firewall service.
The dependency service or group failed to start.
的提示,于是就只有CANCEL了.
请问有没有哪位大虾有过类似经历或者是解决办法
谢谢了 |
|
s*****o
发帖数: 76 | 32 我一直用免费的zonealarm,可是这两天想把家里的
机器共享起来.发现如果zonealarm开着的话没法弄.如果
只用XP的防火墙倒是可以共享.
想知道XP的防火墙是不是和zonealarm差不多(对于一般
应用来说)?不知道XP有没什么漏洞影响它的防火墙?
如果没有的话也许以后就用XP的firewall了.
或者谁能告诉一下在zonealarm或者其他第三方firewall
的情况下怎么共享资源?
thx |
|
A*****o
发帖数: 222 | 33 Firewall is quite straight forward. You tell it to block the traffic.
As for your situation, zonealarm might block file sharing ports such as 135-13
9,445 etc by default.
Windows Firewall by default might enables those ports. |
|
k*****u
发帖数: 14053 | 34 【 以下文字转载自 Internet 讨论区 】
发信人: kaylaxu (kayla), 信区: Internet
标 题: my firewall says 192.xxx.xxx.xx prohibit ping! what does that mean
发信站: BBS 未名空间站 (Thu Nov 29 14:57:42 2007)
以前用IE 网页打不开 自动关掉 我用杀毒软件和木马清道夫都查过了 删掉了
昨天下了 firefox 网页也打不开 说
“连接被重置。
载入页面时到服务器的连接被重置
。此站点暂时不可用或太忙。请稍后重试――经常不行
。如果你无法载入任何页面,请检查您的网络连接” ―――能上MSN 和QQ的
。如果您的计算机受到防火墙或代理保护器的保护,请确认firefox被授权访问网页”
――防火墙设置允许的
这到底为什么 谢谢
and my firewall says 192.xxx.xxx.xx prohibit ping! what does that mean
is it related to disconnection? |
|
s******n
发帖数: 15 | 35 我的ip确实是192.168.*.*形式,而且有些ftp也访问不了,象TAR,
真是faint。
另外,那儿有关于firewall的信息,多谢。 |
|
|
s**********g
发帖数: 14942 | 37 自己下载
只要是正版windows就可以随便用
一般人不需要多彪悍的firewall吧? |
|
l*****7
发帖数: 8463 | 38 My computer has been broken in too often even with Antivirus and firewall
softwares!!! My money on these softwares are total waste of money!!! |
|
a**e
发帖数: 103 | 39 求除MOLD ,不FIREWALL 的CONTRACTOR号码.
THANKS |
|
t*****e
发帖数: 1700 | 40 把windows 自己的那个firewall激活,到底有没有用?还是装另外的软件才比较好 |
|
|
t****e
发帖数: 4821 | 42 可以 Enable Firewall Log,也可以把 Log 定期发到 Email 里。对 DoS Attack 这种
一般 Log 里都能标出来。 |
|
s**********i
发帖数: 711 | 43 the client must use non-passive mode. if the client
is also behind a firewall, it probably still won't work,
and you might have to configure your FTP server as DMZ. |
|
i**p
发帖数: 902 | 44 I found most vendors talking NAT in the firewall category. I thougt NAT is
main for IPv4 shortage, which will reuse private IPs in Internet. The effect
is to hide internal IP. In this sense, it is rather routing than security. Any
guru like to comment/discuss it? |
|
h****r
发帖数: 2056 | 45 Try to use SQLPLUS to connect a oracle database server behind firewall.
$sqlplus
scott/tiger@"(description=(address_list=(address=(protocol=tcp)(port=1521)(hos
t=FireWallHostName))(address=(protocol=tcp)(port=1521)(host=192.168.1.35)))(co
nnect_data=(INSTANCE_NAME=oradb))(source_route=yes))"
Got error message as follow, |
|
S******n
发帖数: 617 | 46 【 以下文字转载自 Internet 讨论区 】
发信人: Sheraton (喜来登), 信区: Internet
标 题: 大牛们推荐个VPN+FIREWALL的路由器吧
发信站: BBS 未名空间站 (Thu Apr 5 12:02:13 2007), 转信
预算范围$200-$250,最好能带无线网功能。
昨晚查了几个,LINKSYS RV042, NETGEAR PorSafe系列,Amazon/newegg的用户反馈
好坏都很多,晕了。哪位老大有实际经验的指点一二,多谢! |
|
z**r
发帖数: 17771 | 47 cisco pix是不行了,不过cisco自己也淘汰了pix了,新的asa还是很好用。
netscreen已经被卖了,juniper控股。不过netscreen创始人又搞了那个fortinet也不
错,号称firewall, anti-virus, ips全部在asic里做。要支持同胞的,就用这个吧,
哈哈 |
|
z**r
发帖数: 17771 | 48 fortinet号称有最大的firewall,看网站有10个slot的,半个rack那么大的 |
|
k****n
发帖数: 52 | 49 Any recommendation on a VPN firewall/router/switch at a budget < $500? It is
for setting up a small private network at work.
I have read some comments from the web complaining that the throughput of
VPN router within this budget range is too low due to underpowered CPUs.
Ideally, I am looking for a model: easy to setup and with a reasonable
throughput. If possible, I would prefer to choose a model supported by
OpenVPN client. I do not want to pay for the extra client software license.
Any commen |
|
s*****g
发帖数: 1055 | 50 SBC in customer premise? as I mentioned there is nothing that is voice aware
in customer's network, no SIP aware firewall/ALG, no SBC/CUBE.
Whether SBC is deployed in ITSP's network it is transparent to customer. |
|
