Sep 22, 2010

The gateway address is wrong, but I have access to the Internet. Why?

In order to reach unknown networks, a host needs to use a gateway to forward the traffic. The gateway is some device connected to the local network and at least one external network. That device should be able to route packets, then it can forward the traffic to reach unknown destinations. Ok, we know that. What's the big news?

Is it possible to reach the Internet whether the gateway address is wrong? Yes. Maybe. I will demonstrate how, using the following scenario:

Sep 17, 2010

How to view historical performance data on PIX/ASA?

Recent performance data can be collected with some show commands (show cpu, show memory, etc.). For historical performance data, however, ASDM History Tracking is required. This feature was introduced in OS 7.0(1) to replace the PDM History feature.

Sep 15, 2010

How to control webmail traffic?

Sender Policy Framework is an open standard that can be used to hinder activities of spammers. Using SPF, domain administrators can specify which mail servers they use to send mail from their domain, then receivers can check whether the message came from a valid server.

Also, it is useful when we need to implement access rules to control traffic going to or coming from webmail servers.

Sep 6, 2010

How to bypass SMTP Inspection?

The default SMTP Inspection policy blocks messages that match one of the following conditions:
  • Method line length greater than 512 bytes
  • More than 100 recipient email addresses set
  • Body line length greater than 998 bytes
  • Header line length greater than 998 bytes
  • Sender email address length greater than 320 bytes
  • Mime filename length greater than 255 bytes

Sep 1, 2010

Blocking WebDAV methods

WebDAV is an extension to the HTTP protocol described in the RFC 2518. There are vulnerabilities in Windows applications that could be exploited over WebDAV. Therefore, blocking outbound WebDAV traffic is a best practice technique.