Question

Locked

Pix 506e internet access intermmitant

By nngeek ·
I have been fighting this problem for over a year. A PIX 506e will not allow inside clients to access email/http first thing in the morning for 30 minutes or so. After that internet access will start working again. Nothing gets rebooted etc to make it work. Here is the config : http://www.nngeek.com/internet.txt There is nothing in the syslog that states any errors.

Can anyone tell what is going on by looking at the config? All internal machines are static IP with open DNS dns settings and 192.168.1.1 for the gateway.

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Ummm...dude, don't post your firewall ingress rules on the net!

by robo_dev In reply to Pix 506e internet access ...
Collapse -

ingress rules

by nngeek In reply to Ummm...dude, don't post y ...

Are you saying do not post the access-lists?

Collapse -

Yes.

by robo_dev In reply to ingress rules

There's no harm in posting the connection parameters and so forth, but your ingress rules tell me that there is a host at port xxx and address xxx behind your firewall.

The first step of hacking any system is to do port scan and ping scan for hosts and ports. Having this for your site in a text file would save a hacker about 30-45 minutes of work, plus you've got some usernames in there, which would be likely to be userids on the host.

Once somebody knows there's a host there and what port it's listening at, then from there it's on to OS fingerprinting, determining known vulns for that OS, crafting/deploying an exploit, and hacking into the system.

And don't forget that much of this work is done totally automatically by 'bots on the internet. So even if your server is completely hardened, patched, and secured, you may get tons of unwanted traffic attempting to hack the device.

I don't mean to sound alarmist, but seriously, you're exposing waay too much info.

With respect to the original problem, my guess is that somehow the WAN connection is timing out? Such as if it were a DSL line that were configured to connect on-demand.

Alternately, some sort of routing error such as multiple default gateways, a rogue DHCP server and so forth. To figure this problem out, you need to have a sniffer connected to the network at the time when the fault is happening to observer what's going on.

Cheers

Collapse -

Thanks

by nngeek In reply to Yes.

thanks for the info. I thought putting x.x.x.x in the ipaddresses would be wise because no one would know the outside ipaddress. Would wire shark running on the switch give me the sniffing information? Again connections from the outside coming in have no problems in the morning, only the workstation accessing the internet.

Thanks,

J.R.

Back to Software Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums