pixen abnomalities;

["R. DuFresne" <dufresne () sysinfo com>]

Folks,

It's ben awhile since I played in a firewall admin role, and worked mostly
with fw-1 ipchains/iptable kinda setups.  But, in a new position as a
unix/web admin, I'm dealing with firewall admins that maintain that not
setting the pixies to send an rst upon idel timeout is a 'protection' in
case the connection that went idle was hijacked.  Course, this will hose
up a console connetion for a good twenty minutes or more depending upon
the configuration of the sytems I'm using a console on.  But, is this
really a concern and rationale for not sending an rst on idle timeout
limits?

I'm highly suspecting that this rationale is a coverup for the fact that
the firewal admins not knowing how to set their pixies to send and rst
upon reaching an idle time limit.  Having not worked with these boxen, I
do not know the config parmas required to do so,can someone clue me to
both the config setting the pixies  require to send the rst and whether or
not the rationale offered aboue about idle connections possibly being
hijacked stands to reason?

Thanks to all the pixie experts that might have time to lend a word here,

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards