Re: [fw-wiz] Help

FirewallWizards

Re: [fw-wiz] Help

To:	Firewall Wizards Security Mailing List <firewall-wizards@listserv.cybertrust.com>
Subject:	Re: [fw-wiz] Help
From:	Aaron Smith <smitha@byui.edu>
Date:	Wed, 15 Nov 2006 09:27:17 -0700
Cc:	dave@corecom.com
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	fwwizards-list2@consult.net
Delivered-to:	firewall-wizards@listserv.cybertrust.com
In-reply-to:	<B82BCF823645DB469C47C37CE12C7FA449D409@sc-dh-dc-01.itsc.local>
List-archive:	<https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help:	<mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id:	Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post:	<mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe:	<https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
Organization:	BYU Idaho
References:	<B82BCF823645DB469C47C37CE12C7FA449D409@sc-dh-dc-01.itsc.local>
Reply-to:	smitha@byui.edu, Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender:	firewall-wizards-bounces@listserv.icsalabs.com

On Wed, 2006-11-15 at 08:26 -0600, Utz, Ralph wrote:
> I haven't run your test, but I have delt with this problem on a
> consulting basis in the past.  Here's some info: PIX 6.3.5 and below
> block any DNS packet larger than 512 by default.  When EDNS forces a
> packet larger than 512 the firewall will drop the packet.  In Windows
> installations I've seen this cause the DNS service to hang and stop
> responding to requests.  The PIX can be configured to allow larger DNS
> packets.  

And, conversely, Windows EDNS0 can be disabled, as we did in our
environment.

@@ron Smith
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[fw-wiz] bypassing PIX limitation, Paolo Supino Re: [fw-wiz] bypassing PIX limitation, Horvath, Kevin M. Re: [fw-wiz] bypassing PIX limitation, Paolo Supino Re: [fw-wiz] bypassing PIX limitation, Josh Re: [fw-wiz] bypassing PIX limitation, David Swafford Re: [fw-wiz] bypassing PIX limitation, Paolo Supino Re: [fw-wiz] bypassing PIX limitation, Marcus J. Ranum Re: [fw-wiz] bypassing PIX limitation, Chris Blask [fw-wiz] Help, Dave Piscitello Re: [fw-wiz] Help, Utz, Ralph Re: [fw-wiz] Help, Aaron Smith <= Re: [fw-wiz] bypassing PIX limitation, Horvath, Kevin M. Re: [fw-wiz] bypassing PIX limitation, Paolo Supino Re: [fw-wiz] bypassing PIX limitation, David Swafford

Previous by Date:	Re: [fw-wiz] firewalls and routers, sai
Next by Date:	Re: [fw-wiz] Mis-attribution - Re: How automate firewall tests, Crispin Cowan
Previous by Thread:	Re: [fw-wiz] Help, Utz, Ralph
Next by Thread:	Re: [fw-wiz] bypassing PIX limitation, Horvath, Kevin M.
Indexes:	[Date] [Thread] [Top] [All Lists]