Thursday, October 26, 2006

HTML Coded Character Set (ex : é, è, à, ...)

See on the following link

http://www.w3.org/MarkUp/html-spec/html-spec_13.html

posted by Hervé SCHLECHT @ 5:32 PM

Scan CheckPoint logs and send email if VPN User connect

Below an example of CheckPoint Logs scan through vbscript.

If a VPN user connect, we send an email to the manager.

Set objShell = CreateObject("WScript.Shell")
Set objWshScriptExec = objShell.Exec("fw log -ft -l -n")
Set objStdOut = objWshScriptExec.StdOut
While Not objStdOut.AtEndOfStream
strLine = objStdOut.ReadLine
Found = InStr (strLine, "Authenticated")
If Found Then
myString = strLine
myArray = Split(myString)
myUser = Split (myArray(10), ",")

'Send EMail to firewall Manager
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = "New VPN Connection for user " & myUser(0)
objMessage.From = mailfrom@domain.com
objMessage.To = "rcpt1@receiverdom.com;rcpt1@receiverdom.com"
objMessage.TextBody = strLine

'==This section provides the configuration information for the remote SMTP server.
'==Normally you will only change the server name or IP.
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2

'Name or IP of Remote SMTP Server
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "MailRelayIP"

'Server port (typically 25)
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25

objMessage.Configuration.Fields.Update

'==End remote SMTP server configuration section==
objMessage.Send
End If
Wend

posted by Hervé SCHLECHT @ 1:00 PM

Tuesday, October 10, 2006

Why do I need a deny rule to make an allow rule for a custom protocol work correctly?

Protocol definitions include lists of primary connections, secondary connections, and associated application filters. Each primary connection includes a port range, which may cover one or more port numbers. When traffic is sent to an ISA Server computer, ISA Server uses the port on which it arrives to identify its protocol.

When a policy rule allows traffic for a certain protocol, the Firewall service checks the definition of the protocol and passes the traffic to all the application filters associated with the protocol definition for processing.

If traffic of a specific type is sent to a port corresponding to a predefined protocol that is associated with an application filter and you do not want the application filter to process this traffic, you can define a custom protocol that has the same primary and secondary connections as the predefined protocol but is not associated with the application filter. Then you can use your custom protocol in a policy rule that allows this traffic. Protocol definitions with primary connections that include the same port are called overlapped protocol definitions.

As an example, let’s say that you have an internal server to which VPN clients send nonstandard HTTP traffic through TCP port 80. When this traffic is allowed by a matching access rule that uses the predefined HTTP protocol and is configured to allow traffic from the VPN Clients network to the Internal network, the Web Proxy Filter is invoked and rejects this traffic because it does not comply with HTTP standards. To allow nonstandard HTTP traffic to reach your nonstandard HTTP server, you can create a custom protocol definition that has a primary connection for outbound traffic through TCP port 80 and is not associated with the Web Proxy Filter. We will refer to this protocol as the CustomHTTP protocol.

To allow the nonstandard HTTP traffic, you need to create two access rules:
· An access rule that uses the CustomHTTP protocol and allows traffic from the VPN Clients network to the computer object representing the nonstandard HTTP server.
· An access rule that uses the predefined HTTP protocol and denies traffic from the VPN Clients network to the computer object representing the nonstandard HTTP server.

The new allow rule must come before your original rule that allows HTTP traffic from the VPN Clients network to the Internal network in the ordered list of policy rules, and the new deny rule should be placed immediately after the new allow rule.


So why do I need the new deny rule (the second rule)? The short answer is that this rule is needed to prevent the third rule or any other rule from invoking the Web Proxy Filter for traffic that matches the first rule.

To understand why this rule is needed, you need to know how ISA Server processes traffic sent to a port that is associated with overlapped protocols. When traffic arrives at a port that is associated with overlapped protocols, the first policy rule that matches the traffic for each of the overlapped protocols (the HTTP and CustomHTTP protocols) is found, and the rule that is highest in the list of rules is applied. In our case, that would be the first rule with the CustomHTTP protocol, which allows traffic to the nonstandard HTTP server but does not invoke the Web Proxy Filter. In addition, all the rules for the overlapped protocols in the ordered list of rules are processed, their secondary connections are added to the session, and the application filters associated with them are invoked until an access rule that denies traffic is encountered. In our case, the second rule, which is a deny rule, stops this processing. Without the second rule, the third rule would be processed for traffic that matches the first rule, and the Web Proxy Filter would be invoked for it.

If the Web Proxy Filter would be invoked by the third rule, the Web Proxy Filter would discover that the traffic does not conform to HTTP standards. The Web Proxy Filter would then block the traffic and add an entry to the Web Proxy log indicating that the Allow HTTP to Internal Servers rule blocked the traffic.

posted by Hervé SCHLECHT @ 9:32 PM

Internet Explorer ne peut pas accéder à des serveur FTP

When Internet Explorer is configured to use FTP folders, Internet Explorer tries to connect to an FTP server if the FTP server name can be resolved. If the direct connection to the FTP server cannot be established because of a time-out issue, Internet Explorer uses the proxy server. However, Internet Explorer does not use the proxy server if a direct connection to the FTP server is unsuccessful.

WORKAROUND

To work around this problem, turn off the Enable folder view for FTP sites setting in Internet Explorer. This prevents Internet Explorer from establishing a direct FTP connection to the target server. To do this, follow these steps:
1. Click Start, click Run, type iexplore.exe, and then click OK.
2. On the Tools menu, click Internet Options.
3. Click the Advanced tab, and then click to clear the Enable folder view for FTP sites check box.
4. Click Apply, and then click OK.

http://support.microsoft.com/kb/918208/en-us

posted by Hervé SCHLECHT @ 9:21 PM

Thursday, October 05, 2006

Greylisting


Greylisting rejects messages with a previously unseen combination of email address and sending mail server IP address. Greylisting relies on the automatic retry feature in standard SMTP servers to resend legitimate greylisted messages; most spammers don't use the automatic retry feature.

posted by Hervé SCHLECHT @ 11:32 AM

Sunday, October 01, 2006

F5 Link Controler - License and Registration key

To view the serial number and the registration key of a BIGIP Link Controler device, check the /config/bigip.license file that give you :

#
Auth vers : 5b
#
#
# BIG-IP System License Key File
# DO NOT EDIT THIS FILE!!
#
# Install this file as "/config/bigip.license".
#
# Contact information in file /CONTACTS
#
Usage : Production
#
#
# Only the specific use referenced above is allowed. Any other uses are prohibited.
#
Vendor : F5 Networks, Inc.
#
# Module List
#
active module : Add SSL 100 TPS(Qty 2)DEFRGTY-DEFRFRD
active module : BIG-IP LC ModuleDEFRDSS-NEJGZIB
optional module : Add Compression (X 1 MBPS)
optional module : Add Compression 5 Mbps
optional module : BGP Routing Module
optional module : BIG-IP LTM
optional module : Compression 100 Mbps
optional module : IPv6 Gateway Module
optional module : OSPF Routing Module
optional module : RIP Routing Module
optional module : Routing Modules Bundle
#
# License Tokens for Module BIG-IP LC Module key QSQSQQ-SZSSSS
#
mod_lc : enabled
ltm_bandw_rate_tosque : enabled
ltm_bandw_rate_fairque : enabled
ltm_bandw_rate_classl7 : enabled
ltm_bandw_rate_classl4 : enabled
ltm_bandw_rate_classes : enabled
#
# Licensing Information
#
Licensed date : 2006XXXX
Service check date : 2006XXXX
#
# Platform Information
#
Registration Key : AZSDED-EDFRTG-DEFFS-EFEDS-DESSZSSL
Licensed version : 9.2.3
Platform ID : xxxx
Appliance SN : bipxxxxxxs
#
# Outbound License Dossier Validation
#
Dossier : xxxxxxxx
#
# Outbound License Authorization Signature
#
Authorization : xxxxxxx
#
#-----------------------------------------
# Copyright 1996-2006, F5 Networks, Inc.
# All rights reserved.
#-----------------------------------------

posted by Hervé SCHLECHT @ 2:56 PM