gmane.comp.security.firewalls.wizards

c0c0n 2012 - Call For Papers and Call For Workshops

Yashartha Chaturvedi — 2012-03-18T14:23:16

       ___        ___          ____   ___  _ ____
  ___ / _ \  ___ / _ \ _ __   |___ \ / _ \/ |___ \
 / __| | | |/ __| | | | '_ \    __) | | | | | __) |
| (__| |_| | (__| |_| | | | |  / __/| |_| | |/ __/
 \___|\___/ \___|\___/|_| |_| |_____|\___/|_|_____|
     ###################################################
c0c0n 2012 - Call For Papers and Call For Workshops
###################################################

August 2-4, 2012 - Cochin, India

Buenos días from the God’s Own Country!

We are extremely delighted to announce the Call for Papers and Call
for Workshops for c0c0n 2012 <http://www.is-ra.org/c0c0n/>, a 3-day
Security and Hacking Conference (1 day pre-conference workshop and 2
day conference), full of interesting presentations, talks and of
course filled with fun!

The conference topics are divided into four domains as follows:


We are expecting conference and workshop submissions on the following
topics, but are not limited to:


#####################
CFP Review Committee:
#####################

0x01 - Armando Romeo
0x02 - Dinesh O Bareja
0x03 - Peter Giannoulis
0x04 - Simon Bennetts (a.k.a. Psiinon)
0x05 - Vahan Markarov

For more details about the Review Committee, visit -
http://is-ra.org/c0c0n/cfp.html

#####################
Submission Guidelines:
#####################

Email your submission to: cfp [at] is-ra [dot]org
Email subject should be: CFP c0c0n2012 - <Paper Title>
Email Body:

Personal Information:
=====================



Presentation Details:
=====================

Other Needs & Requirements:
===========================


#####################
Remember these Dates!
#####################


*NOTE:* We should not promote vendor/product oriented submissions
hence it will be rejected.

##################
Speaker Benefits:
##################


Thanks and Regards,

  -c0c0n Team-

http://is-ra.org/c0c0n/
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

How MSRPC flow is handled? How to delete the flows after successful transfer of data

rahul sharma — 2012-02-17T14:36:18

Hi All,

I am trying to get details about MSRPC and its working. So far I have come
to know that when a Client requests for a particular service, first it
comes to End Point Mapper. Then in response to Map Request, the Port and IP
address are sent to client in Response's Tower id 4 and 5 respectively. Now
I have the port and IP address.  I simply connect to that service. Now
suppose I am firewalling it. Now if I allowed the MSRPC packets, then I
will create an embryonic flow for that connection, and then the firewall
will allow those packets.

Now my problem is how I will detect for how long I need to keep that flow
open? If the communication on that port has finished, then how should I
make sure that now its exited and I need to delete the flow ID? Can anyone
help me how should I go for this or how is this actually implemented??

Thanks and Regards
Rahul Sharma
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Ruxcon 2011 Final Call For Papers

2011-08-15T10:53:08

Ruxcon 2011 Final Call For Papers

The Ruxcon team is pleased to announce the final call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 15th of October.

* What is Ruxcon?

Ruxcon is the premier technical computer security conference in the Australia-Pacific region. The conference aims to bring together the individual talents of the best and brightest security folk in the region, through live presentations, activities and demonstrations.

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information, please visit http://www.ruxcon.org.au

* Presentation Information

Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech.

* Presentation Submissions

Ruxcon would like to invite people who are interested in security to submit a presentation.

Topics of interest include, but are not limited to:

o Mobile Device Security
o Virtualization, Hypervisor, and Cloud Security
o Malware Analysis
o Reverse Engineering
o Exploitation Techniques
o Rootkit Development
o Code Analysis
o Forensics and Anti-Forensics
o Embedded Device Security
o Web Application Security
o Network Traffic Analysis
o Wireless Network Security
o Cryptography and Cryptanalysis
o Social Engineering
o Law Enforcement Activities
o Telecommunications Security (SS7, 3G/4G, GSM, VOIP, etc)

Submissions should thoroughly outline your desired presentation subject.

If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations () ruxcon org au

The deadline for submissions is the 15th of October.

If approved we will additionally require:

i. A brief personal biography (between 2-5 paragraphs in length).
ii. A description on your presentation (between 2-5 paragraphs in length).

* Contact Details

Presentation Submissions: presentations () ruxcon org au

Securing email by inhibiting urls

Chris — 2011-08-01T18:46:45

A company I work for has been having great difficulty in securing against
email attacks.  So far we have disabled access to webmail, implemented
rules and processes to block freemail services like hotmail etc until the
sender registers the address and of course a spam filter (BrightMail).
Attachment filtering is pretty strict as well.

 

The threat that presents the biggest challenge is url links in emails.  The
common method of attack is an email from somedomain.com where they change
one character or otherwise make the address look valid (ie:
joe< at >s0medomain.com or j0e< at >somedomain.com etc).

 

I was looking for a way to spot and block hyperlinks but it looks like the
only option I have is to filter on these and send them to a spam bin.  I'd
rather yank the offending hyperlink and replace it with a message of some
sort.  Unfortunately BrightMail doesn't offer that capability.

 

Any products that do this or ideas on a solution?

 

Thanks

_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

CFP Securitybyte India

Papers, Call For — 2011-07-24T14:47:25

Hi All,
The first round of speakers have been selected for Securitybyte, please
follow us on twitter < at >securitybyte to get the latest updates on speakers and
event.

Deral Heiland, From Printer to Owned: Leveraging Multifunction Printers
During Penetration Testing
Nithya Raman, Security threats on social networks
Alexander Polyakov, A Crushing Blow At the Heart of SAP J2EE Engine
Bishan Singh, Enabling Un-trusted Mashups
Krzysztof Kotowicz, HTML5: Something Wicked This Way Comes
John McColl, Hacking Corporate Telephony
Aseem Jakhar, Runtime thread injection and execution in Linux processes
George Nicolaou, Alternative Exploitation Vectors (A study of CVE-3333)
Michele Orru, Securing the Browser
Kanwal K. Mookhey, The Data Theft Epidemic in India
Vivek Ramachandran, Enterprise Wi-Fi Worms, Backdoors and Botnets for Fun
and Profit

The 2nd round of CFP is out

CFP/CTP

Securitybyte is proud to announce its Second Annual International
Information Security Conference, "Securitybyte 2011" in Bangalore, India.
This 4-day event features two days of conferences and two days of
post-conference hands-on Trainings & Certifications covering every aspect of
Information Security. The Securitybyte conference features some of the most
respected names in the Security space and is focused around new research and
innovation. The Securitybyte Conference 2011 is planned for Sept 6th through
9th, 2011 at The Taj Hotel in Bangalore, India.

The two-day conference (Sept 6th & 7th) will have the following three
tracks:

    Deep Technical
   Government & Governance
    Management

Submission Deadline: The first round of submission of papers for conference
talks and trainings should be done no later than August 5th, 2011. Please
send all your submissions to cfp< at >securitybyte.org, keeping subject line as
"SB 2011 CFP Submission".

TOPICS

Got a new attack against any technology or device? We want to see it.

Topics of interest include, but are not limited to, the following:

Management
                Case studies around any of the topics above of how the
implementation was done and what were some of the lessons learned.

Technology-Focused

                Cloud Security
                Electronic Device Security (Cell Phones / PDA's)
                Defeating Biometrics
                WLAN, RFID and Bluetooth Security
                Data Recovery and Incident Response
                Virtualization Security
                Database Security
                Forensic & Cyber security

Regulatory & Law

                Copyright infringement and anti-copyright infringement
enforcement technologies
                Critical infrastructure issues
                Data security and privacy issues
                Identity theft, identity creation & identity fraud
                Corporate Espionage


National Security

               Cyber forensics
               Cyber warfare
               Cyber Espionage
               Next hyphenGen Cyber threats
               Critical Infrastructure protection
    Surveillance & counter-surveillance

Speaker Submission:

Please use the following submission form template to respond:

    Name, title, address, email, and phone/contact number
    Short biography, qualifications, occupation, achievements, and
affiliations (limit 250 words.)
    Summary or abstract of your presentation (limit 1250 words.)
    Technical requirements (video, internet, wireless, audio, etc.)
    References (Contact name, title, and email address of two conferences
you have spoken at or comparable references.)

**Please note, product or vendor pitches are not accepted. If your talk
involves an advertisement for a new product or service your company is
offering, please do not submit a proposal.


Regards
SecurityByte
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

CISCO ASA 7.0(8) - internal users cannot browse.

Rocker Feller — 2011-05-25T08:04:08

Hi all,

I am a newbie and would like assistance on an asa.

I have a cisco asa factory default that i configured.

this is my configuration,  thank you.


1. I cannot ping the gw ip when connected on console though from teh gw
which is a cisco router i can pick the asa mac address.

2. I have the two acls 101 and cmd  icmp permit any outside which should
enable me to ping from any outside host to the outside interface of the asa
to no avail.

3. public ip and gw are public ips.

Q. Any assistance to get this working so that i can configure an ra vpn will
be appreciated.



SA Version 7.0(8)
!

domain-name ciscoasa.co.ke

names
dns-guard
!
interface Ethernet0/0
 description Link to Service Provider
 nameif outside
 security-level 0
 ip address publicip 255.255.255.252
!
interface Ethernet0/1
 description Link to Local LAN
 nameif inside
 security-level 100
 ip address 192.168.168.11 255.255.255.0
!
interface Ethernet0/2
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Management0/0
 nameif management
 security-level 100
 ip address 192.168.1.1 255.255.255.0
 management-only
!
ftp mode passive
access-list ANY extended permit ip any any
access-list ANY extended permit icmp any any echo-reply
access-list ANY extended permit icmp any any time-exceeded
access-list ANY extended permit icmp any any unreachable
access-list ANY extended permit icmp any any
access-list OUT extended permit icmp any any echo-reply
access-list OUT extended permit icmp any any echo
access-list 101 extended permit icmp any any echo-reply
access-list 101 extended permit icmp any any source-quench
access-list 101 extended permit icmp any any unreachable
access-list 101 extended permit icmp any any time-exceeded
pager lines 24
logging asdm informational
mtu outside 1500
mtu inside 1500
mtu management 1500
icmp permit any outside
asdm image disk0:/asdm-508.bin
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 1 192.168.168.0 255.255.255.0
access-group ANY in interface inside
route outside 0.0.0.0 0.0.0.0 gw 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
http server enable
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map global_policy
 class inspection_default
  inspect dns maximum-length 512
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
!
service-policy global_policy global
Cryptochecksum:6f78bb9efb6b013ce7eb3cf8d77268ae

Rocker
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

obscure email address formats

ArkanoiD — 2011-05-23T20:30:24

Is there any good reason to allow email addresses (in smtp, imap and alikes)
in any format different from mailbox< at >fqdn ?

There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
I should *not* just filter it out.

Ruxcon 2011 Call For Papers

2011-05-17T06:37:09

Ruxcon 2011 Call For Papers

The Ruxcon team is pleased to announce the call for papers for the seventh annual Ruxcon conference.

This year the conference will take place over the weekend of 19th and 20th of November at the CQ Function Centre, Melbourne, Australia.

The deadline for submissions is the 30th of July.

* What is Ruxcon?

The conference is held over two days in a relaxed atmosphere, allowing attendees to enjoy themselves whilst networking within the community and expanding their knowledge of security.

Live presentations and activities will cover a full range of defensive and offensive security topics, varying from previously unpublished research to required reading for the security community.

For more information, please visit http://www.ruxcon.org.au

* Presentation Information

Presentations are set to run for 50 minutes, and will be of a formal nature, with slides and a speech.

* Presentation Submissions

Ruxcon would like to invite people who are interested in security to submit a presentation.

Topics of interest include, but are not limited to:

Submissions should thoroughly outline your desired presentation subject.

If you have any enquiries about submissions, or would like to make a submission, please send an e-mail to presentations () ruxcon org au

The deadline for submissions is the 30th of July.

If approved we will additionally require:

i. A brief personal biography (between 2-5 paragraphs in length).
ii. A description on your presentation (between 2-5 paragraphs in length).

* Contact Details

Presentation Submissions: presentations () ruxcon org au

Solsoft NSM still alive?

ArkanoiD — 2011-05-14T13:02:08

I was surprised to find it is!

It is now called HAL-GK (Hybrid Application Layer Gatekeeper) and being developed by Edenwall
(there appears to be a commercial appliance based on it and NuFW).

I checked the sources, but it looks like most interesting parts are missing -- no SQL and Netbios proxies anymore.
Does anyone still have old NSM source tarball? I cannot find it.

Cyberoam Firewalls

Greg Marcom — 2011-05-10T21:01:45

Has anyone had any experience with these? My company was using
SnapGears and since McAfee stopped making them, we had to switch.
Anybody else have any other good makes and models that they use?

is the ASA a true hardware solution?

Greg Whynott — 2011-05-05T17:11:50

in the context of the never ending debates related to software/hardware firewalls...


i was looking inside of our newest 5580,   it appears to be a standard HP server box (DL585)  with a hardware encryption accelerator option card inserted into a pci slot.  everything else appears to be verbatim to what you would receive from HP if you ordered their high end x86 server box.

should one not have any sort of encryption needs,  would this box considered a software firewall?    I couldn't find one custom asic,  module  or other chip with a cisco brand stamp on it,  beyond the flash.


thanks!

-g



--

This message and any attachments may contain confidential and/or privileged information for the sole use of the intended recipient. Any review or distribution by anyone other than the person for whom it was originally intended is strictly prohibited. If you have received this message in error, please contact the sender and delete all copies. Opinions, conclusions or other information contained in this message may not be that of the organization.

Yest another application-specific firewall-like tool (ldap)

ArkanoiD — 2011-05-03T17:33:30

http://resources.idgenterprise.com/original/AST-0024304_Quest_WP_Its9AMKnowWhatDirectoryDoing.pdf

what is most interesting in tools like that is 

a) similar functionality is rarely integrated in firewalls, despite the fact it is most obvious place for deployment.
firewall vendors show little to no interest, though
b) tool vendors are likely to avoid the word "firewall"
c) there is zillion of it for various protocols and scenarios and no one ever thinks on making uniform solution of those
components

OpenFWTK snapshot

ArkanoiD — 2011-04-29T14:50:11

For those of you curious enough to download it: the one on the sourceforge was almost year old,
so better try the new one I just uploaded.

proxy firewalls -vs- packet filters

Bennett Todd — 2011-04-28T19:35:01

Probably a naive question, but is there any possibility ipv6 might
tear open a gap in the range of available firewall products that
user-space application layer proxy firewalls could fill faster than
the heuristics for packet filtering can run over enough toes to
discover the necessary subtlties?

How to keep firewall rules clean and up-to-date

Ilias - — 2011-04-26T11:12:06

Hello,

What do you do to keep your firewall rules clean and up-to-date?
Procedures, for which?

Keep in mind;

-Servers that change from IP
-Server which has been discarded
etc.

Thanks in advance
Best regards,
Ilias


       _______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Proxies,opensource and the general market: what's wrong with us?

ArkanoiD — 2011-04-24T17:27:34

In early days, proxy firewalls and opensource (or just "crystal box" :-) solutions dominated the market.

Now both are either extinct or forced to an ulgy low end (for opensource, it usually means having no
security-centric framework, no common API, no real code review -- just a bunch of "functionally fit"
free things installed on a linux box with some simple web interface). For proxy firewalls the future is
even more questionable. Multiple state-of-the-art technology leaders were merging (quite obviously being
unable to stay competitive with cheapo crap) until there was only One left.. SC, later bought by McAfee.
And now McAfee is owned by Intel and it seems to show no interest in high end firewall solutions at all,
they seem to think they just bought an "antivirus company".

I asked guys on LinkedIn (having to admit LinkedIn security community sucks big time, some sane people are still there :-)
, if they still have some interest in opensource firewall solutions. The short answer
was "NO". The long ones were:

Cisco ASA5585

Morley, Morven — 2011-04-19T10:49:08

Hi all,
                        Does anyone have any experience of the Cisco ASA5585 appliances,  specifically the IPS capabilities of the devices,  how do they compare with a Tipping Point IPS device regarding ease of administration, false/positives, automatic updates of digital vaccines?


Regards
Morven


Mrs Morven Morley, Network Manager, ICT Systems
x2187

[cid:image001.gif< at >01CBFE87.CAC10AC0]


_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

Query: Role of Firewalls within a SAN environment itselfnot just the periphery

brian dorsey — 2011-04-12T10:11:56

Hi all,

I am wondering what your view point is with respect to firewalls within a
Storage Area Network (SAN) environment.

I am a SAN novice and I am interested in getting to know this area further.

The literature that I have found since yesterday does not seem to have major
role for a firewall within the SAN environment itself. I see that some
documentation places a firewall a the edge of the SAN. But what about
firewalls between switches/routers etc within the SAN?

As I understand it, SAN switches like those from Cisco (just reading
documentation on Cisco 9000 series switches) provide IP/port filtering of
packets and can create VLAN-like SAN's called VSAN's.

The thing is, would it not also be wise to install firewalls either
network-based or locally on end SAN systems to provide defense in depth and
also provide greater filtering granularity if required?


Has anyone any documentation or diagrams of a typical SAN architecture that
also include (traditional non-switch based) firewalls?

These switches maybe managed over telnet and ssh ports etc. And I presume a
firewall in conjunction with a switch's own access controls would provide
additional security in restricting who (administrator IP address) can
communicate with the switch over such ports.

Similarly, there maybe a requirement for DPI or stateful inspection of some
packets/communications for whatever reason. A firewall such as Linux
iptables (is what I am familiar with) can provide this level of fine-grained
access control on behalf of the switches where the switches don't appear to
have this level of granularity.

I also notice, that the Cisco 9000 series switches only allow a maximum of
250 IP filter rules. I have not read up on other technologies yet, but this
may or may not be the normal limit for filtering at a switch level.

I also notice that the SAN switches seem capable of filtering/firewall at
the layers 3 and 4 of the TCP/IP stack! I always presumed that switches
operated at layer 2 (MAC addresses). So, this is interesting for me to have
learnt.

So basically, I want to discover what your opinions are with respect to the
role of firewalls (be that packet filters, SPI and/or DPI) within the SAN
network itself. [I presume IDS has a role also]

[I know that it is considered best practice that firewalls be placed upfront
in the traditional way: at the gateway/Internet, in between the DMZ and
application servers network and in between the application server tier and
the SAN at the back-end.

many thanks,
Brian.
_______________________________________________
firewall-wizards mailing list
firewall-wizards< at >listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

PIX 515 7.1 vs: 8.0

Brian Blater — 2011-03-09T01:24:50

I was recently able to pick up another pix to play with. I currently
have a PIX 515e with 7.1, but this new one comes with 8.0. I'm
wondering if there is something new in the 8.0 version that is working
differently and has me stumped. One difference between the two PIXs I
have is that the new one has a 4 port card for a total of 6 ethernet
ports. I've setup DHCPD on two of the interfaces, but I can't get it
to assign an address to anything connected to those interfaces (dmz
and vonage). Also, if I manually assign an IP to a device on one of
those networks I can't even get out the internet. So, either some ACL
or static mapping is interfering there, but I can't see what I've
messed up. The DMZ port on the PIX 515e with 7.1 just works both with
DHCPD and internet access, but even if I try the same ACLs and statics
on the 8.0 PIX I"m still not getting anything working. Basically I'm
stumped.

I've attached the 8.0 config below. If anyone can give me a hand and
let me know what I'm missing that would be great.

Thanks for your help.

Brian



PIX Version 8.0(4)32
!
hostname brb-pix
domain-name bfamily.org
enable password xxxxxx encrypted
passwd xxxxxxx encrypted
names
!
interface Ethernet0
 nameif outside
 security-level 0
 ip address 24.199.216.33 .255.255.255.248
!
interface Ethernet1
 nameif inside
 security-level 100
 ip address 192.168.99.1 255.255.255.0
!
interface Ethernet2
 nameif dmz
 security-level 50
 ip address 192.168.109.1 255.255.255.0
!
interface Ethernet3
 nameif vonage
 security-level 25
 ip address 192.168.149.1 255.255.255.0
!
interface Ethernet4
 shutdown
 no nameif
 no security-level
 no ip address
!
interface Ethernet5
 shutdown
 no nameif
 no security-level
 no ip address
!
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns domain-lookup inside
dns server-group DefaultDNS
 name-server 192.168.99.201
 domain-name bfamily.org
access-list outside remark access list for outside
access-list outside extended permit icmp any any echo-reply
access-list outside extended permit icmp any any unreachable
access-list outside extended permit tcp any any eq https
access-list outside extended permit tcp any any eq 2525
access-list dmz remark access list for dmz
access-list dmz extended permit icmp 192.168.109.0 255.255.255.0
192.168.99.0 255.255.255.0 echo-reply
access-list dmz extended permit icmp 192.168.109.0 255.255.255.0
192.168.99.0 255.255.255.0 unreachable
access-list dmz extended permit udp 192.168.109.0 255.255.255.0 host
192.168.99.201 eq domain
access-list dmz extended permit ip 192.168.109.0 255.255.255.0 any
access-list nonat remark nonat for dmz and inside interfaces
access-list nonat extended permit ip 192.168.99.0 255.255.255.0
192.168.109.0 255.255.255.0
access-list nonat extended permit ip 192.168.109.0 255.255.255.0
192.168.99.0 255.255.255.0
access-list nonat extended permit ip 192.168.99.0 255.255.255.0
192.168.129.0 255.255.255.0
access-list nonat extended permit ip 192.168.129.0 255.255.255.0
192.168.99.0 255.255.255.0
access-list vonage remark access list for vonage network
access-list vonage_access_in extended permit ip 192.168.149.0 255.255.255.0 any
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu vonage 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
no asdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.99.0 255.255.255.0
nat (dmz) 0 access-list nonat
nat (dmz) 1 192.168.109.0 255.255.255.0
nat (vonage) 0 access-list nonat
nat (vonage) 1 192.168.149.0 255.255.255.0
static (dmz,outside) tcp interface https 192.168.109.44 https netmask
255.255.255.255
static (inside,outside) tcp interface 2525 192.168.99.202 smtp netmask
255.255.255.255
static (inside,dmz) 192.168.99.0 192.168.99.0 netmask 255.255.255.0
static (inside,vonage) 192.168.99.0 192.168.99.0 netmask 255.255.255.0
access-group outside in interface outside
access-group dmz in interface dmz
access-group vonage_access_in in interface vonage
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.99.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet 192.168.99.0 255.255.255.0 inside
telnet timeout 5
ssh 192.168.99.0 255.255.255.0 inside
ssh 192.168.109.0 255.255.255.0 dmz
ssh timeout 60
console timeout 0
dhcpd dns 4.2.2.1 8.8.8.8
dhcpd lease 259200
dhcpd ping_timeout 750
dhcpd domain bfamily.org
!
dhcpd address 192.168.109.101-192.168.109.110 dmz
dhcpd dns 208.67.222.222 208.67.220.220 interface dmz
dhcpd lease 259200 interface dmz
dhcpd ping_timeout 750 interface dmz
dhcpd domain bfamily.org interface dmz
dhcpd enable dmz
!
dhcpd address 192.168.149.101-192.168.149.110 vonage
dhcpd enable vonage
!
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
username bblater password xxxxxxxxx encrypted privilege 15
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect netbios
  inspect rsh
  inspect rtsp
  inspect skinny
  inspect esmtp
  inspect sqlnet
  inspect sunrpc
  inspect tftp
  inspect sip
  inspect xdmcp
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:
brb-pix#

Final Penultimate last Call for Papers for CanSecWest 2011(deadline Jan. 17th, conf March 9-11)

Dragos Ruiu — 2011-01-13T11:28:30

"First they ignore you, then they ridicule you, 
then they fight you, then you win." -- Mahatma Ghandi.

Well if Fox's new comedy show "Breaking In" is any
indication, infosec has now entered Ghandi's second 
stage. http://goo.gl/ZpLDp [youtube] (hat tip to Adam 
O'Donnell for this humorous find, and Sam Bowne for 
the quote/quip)

But on a slightly more serious note.

CanSecWest is nearing in the second week of March, and 
this year I've waited on sending out the CFP note/reminder. 
It's been up on the site for a while with a Dec 29 deadline, 
but this is the real last call for submissions. If you don't get 
them in by this weekend they won't make the selections 
review process next week. We'll try to announce the 
selections the week following. After 11 years, most 
of you should know the drill, but for those who haven't 
submitted or attended before, the fine print and usual 
further information is attached below.

Other info:

We are doing more dojo training courses  than ever this 
year (17!) and they will be up for registration next week. 
I've also confirmed with Aaron/TippingPoint/HP that we 
will again be holding PWN2OWN with both browser and 
mobile targets, so stand by for some announcements 
there. There will also be some other new experiments 
and conference goings on, some fascinating keynotes 
that have been invited, as well as some interesting new 
sponsors exhibiting new security wares that you'll see 
announced on the conference site in the coming weeks, 
but for now, get your talk proposals in so that our grumpy, 
cynical, and battle-scarred reviewers can complain about 
them, err, I mean provide informative feedback.;-)

cheers,
--dr (< at >dragosr)

The usual CFP boilerplate info:

Call For Papers

   The CanSecWest 2011 CFP is now open.

   Deadline is January 17th, 2011.

CanSecWest CALL FOR PAPERS

   VANCOUVER, Canada -- The twelfth annual CanSecWest applied technical
   security conference - where the eminent figures in the international
   security industry will get together share best practices and
   technology - will be held in downtown Vancouver at the the Sheraton
   Wall Centre on March 9-11, 2011. The most significant new discoveries
   about computer network hack attacks and defenses, commercial security
   solutions, and pragmatic real world security experience will be
   presented in a series of informative tutorials.

   The CanSecWest meeting provides international researchers a relaxed,
   comfortable environment to learn from informative tutorials on key
   developments in security technology, and to collaborate and socialize
   with their peers in one of the world's most scenic cities - a short
   drive away from one of North America's top skiing areas.

   The CanSecWest conference will also feature the availability of the
   Security Masters Dojo expert network security sensei instructors, and
   their advanced, and intermediate, hands-on training courses -
   featuring small class sizes and practical application exercises to
   maximize information transfer.

   We would like to announce the opportunity to submit papers, and/or
   lightning talk proposals for selection by the CanSecWest technical
   review committee. This year we will be doing one hour talks, and some
   shorter talk sessions.

   Please make your paper proposal submissions before January 17th,
   2011.

   Some invited papers have been confirmed, but a limited number of
   speaking slots are still available. The conference is responsible for
   travel and accommodations for the speakers. If you have a proposal for
   a tutorial session then please make your submission  by emailing a 
   synopsis of the material and your biography, papers and, speaking
   background to secwest11< at >cansecwest.com . Only slides will be needed 
   for the March paper deadline, full text does not have to be submitted - but
   will be accepted if available. This year we will be opening  CanSecWest 
   presentation guidelines to include talks not in English (particularly
   Chinese and Korean) which we will offer to translate for the speaker 
   if you are not a native English speaker. 
 
   The CanSecWest 2011 conference consists of tutorials on technical
   details about current issues, innovative techniques and best practices
   in the information security realm. The audiences are a multi-national
   mix of professionals involved on a daily basis with security work:
   security product vendors, programmers, security officers, and network
   administrators. We give preference to technical details and new
   education for a technical audience.

   The conference itself is a single track series of presentations in a
   lecture theater environment. The presentations offer speakers the
   opportunity to showcase on-going research and collaborate with peers
   while educating and highlighting advancements in security products and
   techniques. The focus is on innovation, tutorials, and education
   instead of product pitches. Some commercial content is tolerated, but
   it needs to be backed up by a technical presenter - either giving a
   valuable tutorial and best practices instruction or detailing
   significant new technology in the products.

   Paper proposals should consist of the following information:
    1. Presenter, and geographical location (country of origin/passport)
       and contact info (e-mail, postal address, phone, fax).
    2. Employer and/or affiliations.
    3. Brief biography, list of publications and papers.
    4. Any significant presentation and educational
       experience/background.
    5. Topic synopsis, Proposed paper title, and a one paragraph
       description.
    6. Reason why this material is innovative or significant or an
       important tutorial.
    7. Optionally, any samples of prepared material or outlines ready.
    8. Will you have full text available or only slides?
    9. Language of preference for submission.
   10. Please list any other publications or conferences where this
       material has been or will be published/submitted.

   Please include the plain text version of this information in your
   email as well as any file, pdf, sxw, ppt, or html attachments.

   Please forward the above information to secwest11< at >cansecwest.com
   to be considered for placement on the speaker roster, or have your
   lightning talk scheduled. If you contact anyone else at our
   organization please ensure you also cc the submission address with
   your proposal or else it may be omitted from the review process.

IPv6

Paul D. Robertson — 2010-12-26T16:56:45

Is anyone doing anything interesting with v6 and firewalls?  We're              
supposedly coming up on the year that v6 will break out, and most               
organizations I know still don't even route it.                                 
                                                                                
Paul                                            
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul< at >compuwar.net       which may have no basis whatsoever in fact."
           Moderator: Firewall-Wizards mailing list
           Art: http://www.PaulDRobertson.net/