simon.burke at gmail.com
Fri Oct 8 09:37:18 BST 2004
> Do you mean that the subnet mask is 255.255.255.248 ?
Sorry, yeah its my subnet mask.
> i.e. 11111111.11111111.11111111.11111000 in binary, so only the last 3
> bits are useable for addresses 208 + (0 to 7)
Ish as im on the network after 208 to 14.
> That should make 184.108.40.206 your network address (last bytes 11010
> 000). By convention the '+ 1' address is reserved for default routers so
> the '+ 2' address, 209 would be the sensible place for a cracker to
> start probing for holes in firewall rules.
That would make snese but BT has put th router at 214 which we cant
change. 209 is the firewall and all other usable addressses are in a
> Could your firewall log be using 208 as shorthand for "an address in our
Its a possibility, thoguh doubtful, that would imply the problem is
inside and no-one here would have the need nor really the knowedge to
do so, as most the clinets on this connection are graphic designers so
tech stuff they dont do.
> Is all your software patched?
Everything it as up to dat as possible, mind we do not have a ssupport
subscription for the PIX firewall so we cant get updates for it, witch
may be an issue
> Most people only worry about
> inbound firewall rules so some exploits use a known vulnerability in
> software on your systems to look for holes in the firewall rules for
> outbound traffic. Have you got any network monitoring looking for weird
> packets on your LAN, though looking can cause paranoia.
I have etherreal installed on all our servers for such an event, i may
have to try and run it on the relevant one.
> I may be starting to ramble so I'll stop but I find that someone telling
> me in a different way what I already know sometimes triggers a useful
> I'm afraid I know more about the dangers than how to fix them. I'm sure
> the regulars here can help more with firewalls but the list is quiet
> today, probably because of the expo so I thought I'd wade in.
More information about the Wolves