Question

  • Creator
    Topic
  • #2224127

    Pix 506e internet access intermmitant

    Locked

    by nngeek ·

    I have been fighting this problem for over a year. A PIX 506e will not allow inside clients to access email/http first thing in the morning for 30 minutes or so. After that internet access will start working again. Nothing gets rebooted etc to make it work. Here is the config : http://www.nngeek.com/internet.txt There is nothing in the syslog that states any errors.

    Can anyone tell what is going on by looking at the config? All internal machines are static IP with open DNS dns settings and 192.168.1.1 for the gateway.

All Answers

  • Author
    Replies
    • #2663791

      Clarifications

      by nngeek ·

      In reply to Pix 506e internet access intermmitant

      Clarifications

    • #2663782

      Ummm…dude, don’t post your firewall ingress rules on the net!

      by robo_dev ·

      In reply to Pix 506e internet access intermmitant

      !!!!

      • #2663738

        ingress rules

        by nngeek ·

        In reply to Ummm…dude, don’t post your firewall ingress rules on the net!

        Are you saying do not post the access-lists?

        • #2663716

          Yes.

          by robo_dev ·

          In reply to ingress rules

          There’s no harm in posting the connection parameters and so forth, but your ingress rules tell me that there is a host at port xxx and address xxx behind your firewall.

          The first step of hacking any system is to do port scan and ping scan for hosts and ports. Having this for your site in a text file would save a hacker about 30-45 minutes of work, plus you’ve got some usernames in there, which would be likely to be userids on the host.

          Once somebody knows there’s a host there and what port it’s listening at, then from there it’s on to OS fingerprinting, determining known vulns for that OS, crafting/deploying an exploit, and hacking into the system.

          And don’t forget that much of this work is done totally automatically by ‘bots on the internet. So even if your server is completely hardened, patched, and secured, you may get tons of unwanted traffic attempting to hack the device.

          I don’t mean to sound alarmist, but seriously, you’re exposing waay too much info.

          With respect to the original problem, my guess is that somehow the WAN connection is timing out? Such as if it were a DSL line that were configured to connect on-demand.

          Alternately, some sort of routing error such as multiple default gateways, a rogue DHCP server and so forth. To figure this problem out, you need to have a sniffer connected to the network at the time when the fault is happening to observer what’s going on.

          Cheers

        • #2661830

          Thanks

          by nngeek ·

          In reply to Yes.

          thanks for the info. I thought putting x.x.x.x in the ipaddresses would be wise because no one would know the outside ipaddress. Would wire shark running on the switch give me the sniffing information? Again connections from the outside coming in have no problems in the morning, only the workstation accessing the internet.

          Thanks,

          J.R.

Viewing 1 reply thread