Firewall Wizards mailing list archives
Packeteer PacketShaper (Michel Ludolph)
From: <Michel.Ludolph () Postbankmail nl>
Date: Thu, 23 Jan 2003 10:18:27 +0100
My experiences with Packeteer Packetshaper: - easy to use, via browser interface. - good reporting utilities, showing relative bandwidth usage of each defined application. Handy to determine the effectiveness of your configuration. - application bandwidth limitation works well. Off topic: Packeteer also offers Appcelera, a compression tool, reducing bandwidth consumption by compressing your web-traffic. All major browsers are capable of decompression. Tests here have proven it to be effective. michel.ludolph () atosorigin com -----Original Message----- From: firewall-wizards-request () honor icsalabs com [mailto:firewall-wizards-request () honor icsalabs com] Sent: Wednesday, January 22, 2003 11:39 PM To: firewall-wizards () honor icsalabs com Subject: firewall-wizards digest, Vol 1 #838 - 10 msgs
---------- From: firewall-wizards-request () honor icsalabs com[SMTP:FIREWALL-WIZARDS-REQUEST () HONOR ICSALABS COM] Sent: Wednesday, January 22, 2003 11:39:08 PM To: firewall-wizards () honor icsalabs com Subject: firewall-wizards digest, Vol 1 #838 - 10 msgs Auto forwarded by a Rule
Send firewall-wizards mailing list submissions to firewall-wizards () honor icsalabs com To subscribe or unsubscribe via the World Wide Web, visit http://honor.icsalabs.com/mailman/listinfo/firewall-wizards or, via email, send a message with subject or body 'help' to firewall-wizards-request () honor icsalabs com You can reach the person managing the list at firewall-wizards-admin () honor icsalabs com When replying, please edit your Subject line so it is more specific than "Re: Contents of firewall-wizards digest..." Today's Topics: 1. RE: Blocking email through the web services (Noonan, Wesley) 2. RE: Blocking email through the web services (Nieveler, Juergen) 3. RE: Blocking email through the web services (Skough Axel U/IT-S) 4. Re: Blocking email through the web services (Martin Peikert) 5. RE: DHCP in a corporate MS environment - Security Risk? (Darden, Patrick S.) 6. Re: IP aliasing behind a PIX (Don Owens) 7. Re: Packateer (kaptain) 8. Re: Blocking email through the web services (Mikael Olsson) 9. RE: DHCP in a corporate MS environment - Security Risk? (David Lang) 10. RE: DHCP in a corporate MS environment - Security Risk? (Noonan, Wesley) --__--__-- Message: 1 From: "Noonan, Wesley" <Wesley_Noonan () bmc com> To: "'Paul D. Robertson'" <proberts () patriot net>, seadog () jb ro Cc: firewall-wizards () nfr net Subject: RE: [fw-wiz] Blocking email through the web services Date: Wed, 22 Jan 2003 09:15:42 -0600 Agreed. There are so many webmail services that it is near impossible to block if someone really wants to access them. For example, many Mom and Pop ISP's have webmail services that can connect to any POP server, meaning you would need to block all of them if you really want to keep people from accessing external mail. Like Paul says, this is a people policy issue that requires a people policy solution. Have your users sign an AUP, then enforce penalties when people violate the AUP. Thanks. Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: Paul D. Robertson [mailto:proberts () patriot net] Sent: Wednesday, January 22, 2003 08:30 To: seadog () jb ro Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Blocking email through the web services On 22 Jan 2003 seadog () jb ro wrote:Is there a common port I can block that will prevent users from downloading email from webmail services such as aol, hotmail or msn,usedby all - without blocking www service in general?No, you have to block Webmail services by either DNS or IP address and back it up with a strong policy. Paul -------------------------------------------------------------------------- --- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--__--__-- Message: 2 From: "Nieveler, Juergen" <Juergen.Nieveler () akzonobeldeco de> To: 'Martin Peikert' <Martin.Peikert () discon de>, firewall-wizards () nfr net Subject: RE: [fw-wiz] Blocking email through the web services Date: Wed, 22 Jan 2003 16:25:53 +0100
Is there a common port I can block that will prevent users from downloading email from webmail services such as aol,hotmail or msn, usedby all - without blocking www service in general?Try port 110 (pop3), 995 (pop3-ssl) and maybe 220 (imap3) and 993 (imap3-ssl), too.
That won't help - he's talking about Web-based services, and those go through port 80/443. The only chance is to block file downloads on the proxy-server - and even that won't work if the Webmail service offers SSL. -- Mit freundlichen Gru?en / Yours sincerely Juergen Nieveler Akzo Nobel Deco GmbH IT / Netzwerk & Systeme eMail: Juergen.Nieveler () AkzoNobelDeco de Disclaimer: Views are mine, not my employers' -- -------------> IMPORTANT <---------------- This message, including attachments, is confidential and may be privileged. If you are not an intended recipient, please notify the sender then delete and destroy the original message and all copies. You should not copy, forward and/or disclose this message, in whole or in part, without permission of the sender. Diese Nachricht, einschliesslich anhaengender Dateien, ist persoenlich und kann vertraulich sein. Wenn Sie diese Nachricht irrtuemlich erhalten, benachrichtigen Sie bitte den Absender und loeschen Sie bitte die Originalnachricht und alle Kopien. Sie sollten die Nachricht ohne die Zustimmung des Absenders weder ganz noch teilweise kopieren, weiterleiten oder sonstwie weiterverbreiten. --__--__-- Message: 3 Subject: RE: [fw-wiz] Blocking email through the web services Date: Wed, 22 Jan 2003 16:26:26 +0100 From: "Skough Axel U/IT-S" <axel.skough () scb se> To: "Martin Peikert" <Martin.Peikert () discon de>, <firewall-wizards () nfr net> Sorry for that. These are normal mail ports used, but the question = concerns Web mail. Most commonly the TCP port 80 is used and you cannot = recognise this Web traffic as being mail access in other ways than = filtering on the combination server address and TCP port number.=20 Sometimes other TCP ports than 80 are used, also, SSL encrypted Webmail = acces can occur (TCP port 443). You should consider your needs in detail = to have a propert blocking rule set out!!! Regards, Axel -----Original Message----- From: Martin Peikert [mailto:Martin.Peikert () discon de] Sent: den 22 januari 2003 15:37 To: firewall-wizards () nfr net Subject: Re: [fw-wiz] Blocking email through the web services seadog () jb ro wrote:
Is there a common port I can block that will prevent users from=20 downloading email from webmail services such as aol, hotmail or msn, =
used=20
by all - without blocking www service in general?
Try port 110 (pop3), 995 (pop3-ssl) and maybe 220 (imap3) and 993=20 (imap3-ssl), too. GTi _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards --__--__-- Message: 4 Date: Wed, 22 Jan 2003 17:21:05 +0100 From: "Martin Peikert" <Martin.Peikert () discon de> Organization: discon GmbH Cc: firewall-wizards () nfr net Subject: Re: [fw-wiz] Blocking email through the web services Nieveler, Juergen wrote:
Is there a common port I can block that will prevent users from downloading email from webmail services such as aol,hotmail or msn, used by all - without blocking www service in general? Try port 110 (pop3), 995 (pop3-ssl) and maybe 220 (imap3) and 993 (imap3-ssl), too.That won't help - he's talking about Web-based services, and those go through port 80/443.
Right - my mistake. But blocking those ports would make those services a little more uncomfortable ;-) The users have to log in in their webmail account and download one message after another instead of receiving them all at once...
The only chance is to block file downloads on the proxy-server - and even that won't work if the Webmail service offers SSL.
Or, as Paul D. Robertson mentioned before, block those services offering webbased mail services. But to find out all those offering webbased mail - that's not that easy :-( GTi --__--__-- Message: 5 From: "Darden, Patrick S." <darden () armc org> To: 'Ben Nagy' <ben () iagu net>, Eye Am <eyeam () optonline net>, firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? Date: Wed, 22 Jan 2003 12:13:06 -0500 Another possibility would be a more secure alternative to DHCP. With Radius (just one example) you can require that people authenticate off of user database (Unix passwd/shadow file, LDAP, NT Domain, ADS....) Of course, a sniffer on your network, arp poisoning, etc. would obviate a lot of the security gains.... --Patrick Darden -----Original Message----- From: Ben Nagy [mailto:ben () iagu net] Sent: Wednesday, January 22, 2003 3:21 AM To: Eye Am; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] DHCP in a corporate MS environment - Security Risk? Put me down as a "me too" for Wes's post. Static IP assignment for individual clients is insane. If you want strong(ish) machine-based security then look at switch port MAC filters; they're also insane from a management point of view but at least they actually offer a positive security delta. If you desperately want to write ACLs based on groups of machines then you may as well use DHCP reservations and start buying antacid in bulk for your sysadmin. Better, if you're in an MS environment, is to look at something like a proxy server or an IAS server to do real user-based authentication (if there's a working non-MS way to do it, someone let me know) based on the domain or AD. Be sure not to confuse this with a real network-level firewall, though, it's just a way to do some user restriction that's not SOCKS. I would expect to see a "proper" firewall as well. Please ask your security consultant to send us a short note explaining the risks of "DHCP database compromise". I shall pin it on my wall. For finer points, I usually do static config on servers (old fashioned), and I agree that you should get rid of your multihomed in/out devices as soon as you can. Cheers, ben ----- Original Message ----- From: "Eye Am" <eyeam () optonline net> To: <firewall-wizards () honor icsalabs com> Sent: Tuesday, January 21, 2003 5:06 AM Subject: [fw-wiz] DHCP in a corporate MS environment - Security Risk?
I'm looking for opinions, experiences and references on the subject.
Downed
and searched the entire Firewall-Wizards list. Found little discussion either way. This may be a bit OT for the board except that some security may well be set at the public-facing firewall as well as risks may be apparent
there.
Our corporate network is reasonably well set up with private and public
DNS,
no wireless IP connections and blocking all RFC1918 traffic in or out of
the
public side. Some security consultants highly recommended static
addressing
across the board for security and control reasons - i.e.. access-list control and the potential for compromise of the DHCP database. I have searched google etc and found a few articles and whitepapers. We have historically configured static IPs on servers, routers, switches
and
all outside-facing devices. We do have several multi-homed devices with static, public IP and a second interface facing inside (these are being migrated to DMZ where multi-homing will no longer be necessary.) However this does get to be a pain when making across-the-board changes. Documentation is a bear as well since we are a small company with little resources available to keep detailed network drawings up-to-date. Lately we are leaning towards regular lease-based DHCP for workstations
and
reserved DHCP addresses on servers on the private side. This will, of course, make life much easier when making widespread changes or additions such as adding secondary DNS. I have been wavering back and forth. Is there any experience with compromised DHCP databases in MS
environments?
Any strong opinions or reasoning pro or con the use of DHCP? Any recommendations for shoring up the service and it's traffic? Much Appreciated In Advance Chuck _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards --__--__-- Message: 6 From: Don Owens <don () xlogistics com> To: firewall-wizards () honor icsalabs com Organization: Express Logistics Date: 22 Jan 2003 09:27:41 -0800 Subject: [fw-wiz] Re: IP aliasing behind a PIX The problem has been resolved. Thanks to Mike Scher for pointing me to the "static" lines in the conf. The intention was to map the entire network behind the PIX (1-1 mapping, since the network is public), but the entry had a netmask of 255.255.255.255 instead of 255.255.255.224. Once I added a line with the correct netmask, the aliases began working. However, now I wonder why the main IP on each interface worked in the first place ... Don On Fri, 2003-01-17 at 18:04, Don Owens wrote:
Hi guys, I'm overloading interfaces on Solaris and Linux boxen to have multiple IPs (same network though) behind a PIX firewall. From within the network, the aliases work fine (i.e., the machines are accessible using the aliased IPs). However, when trying to get to them from outside the network, the IPs are unreachable. These are public IPs and the routing works fine for each IP if that IP is the main IP of the box. If I swap the IP of one of the aliases with the main IP, that IP is then reachable. Then the alias works as well until I reboot the PIX. It seems to me this has to be the PIX, as I have not had this problem in the past using access lists on routers as firewalls. Has anyone else seen this problem? Am I missing a simple setting on the PIX or something? Any ideas? Don -- Don Owens don () xlogistics com www.xlogistics.com Express Logistics 48541 Warm Springs Blvd., Ste. 505 Fremont, CA 94539
-- Don Owens don () xlogistics com www.xlogistics.com Express Logistics 48541 Warm Springs Blvd., Ste. 505 Fremont, CA 94539 --__--__-- Message: 7 Date: Wed, 22 Jan 2003 18:03:52 +0000 (GMT) From: kaptain <kaptain () kaptain com> To: =?iso-8859-1?q?m=20p?= <sumirati () yahoo de> Cc: Tim Chettle <chettltj () hotmail com>, <firewall-wizards () honor icsalabs com> Subject: Re: [fw-wiz] Packateer I've used Packeteers for about 3 years now and I think they are excellent tools. Great for protocol based bandwidth throttling and absolute traffic shaping. -K On Wed, 22 Jan 2003, [iso-8859-1] m p wrote:
Hi Tim, --- Tim Chettle <chettltj () hotmail com> schrieb:Im due to deploy a Packateer on one of my customers connections to control their internet connection as it is heavily used. I was curious to see if anyone had any real worls experience or gotchas they had come acrossFor what reason do you deploy the "Packeteer"? Which product of the company are you using? Are you doing it to look into the traffic for a usage analysis or are you doing it for QoS? How fast is their internet connection? How many users with what kind of traffic are _expected_ to use the internet? How do you want to "control their internet connection"? What for? Maybe it is cheaper to install a proxy (if it is not there) or simply a bigger pipe. I never heard since now anything about that company. But for traffic analysis an tcpdump, Ethereal and some knowledge about what _should_ go over the link in conjunction with perl and gnuplot should do it. As for QoS the most routers today can do it on service level. If that is not enough a Packeteer PacketShaper or similiar products from other vendors may suite you (I have not looked into the product specs). Hope that helps Marc __________________________________________________________________ Gesendet von Yahoo! Mail - http://mail.yahoo.de Bis zu 100 MB Speicher bei http://premiummail.yahoo.de _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--__--__-- Message: 8 Date: Wed, 22 Jan 2003 19:13:29 +0100 From: Mikael Olsson <mikael.olsson () clavister com> Organization: Clavister AB To: Martin Peikert <Martin.Peikert () discon de> Cc: Firewall Wizards <firewall-wizards () honor icsalabs com> Subject: Re: [fw-wiz] Blocking email through the web services Martin Peikert wrote:
seadog () jb ro wrote:Is there a common port I can block that will prevent users from downloading email from webmail services such as aol, hotmail or msn, used by all - without blocking www service in general?Try port 110 (pop3), 995 (pop3-ssl) and maybe 220 (imap3) and 993 (imap3-ssl), too.
*ahem* No one uses imap3. Really. It hardly left the test bed. Everyone uses imap4, which uses the same ports as imap2 did. imap2/4 lives on port 143. The SSL version lives on 993. In either case, this is useless for the big webmail services. They only provide access via their web interfaces; why would they provide service over pop3/imap where they can't serve up ads? I have however seen some smaller webmail services that let you use POP3 if you pay for it. So: best bet is to block by DNS/IP, just as Paul said. Unfortunately, you won't catch them all that way. Just the common ones. Establish an acceptable use policy, get management backing, and educate your users with a clue-by-four. -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" --__--__-- Message: 9 From: David Lang <david.lang () digitalinsight com> To: "Paul D. Robertson" <proberts () patriot net> Cc: "Noonan, Wesley" <Wesley_Noonan () bmc com>, 'Eye Am' <eyeam () optonline net>, firewall-wizards () honor icsalabs com Date: Wed, 22 Jan 2003 13:56:16 -0800 (PST) Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? Paul (and others refering to the headachs of static addresses) if you staticly assign the addresses via DHCP does your opposition still stand? doing this gains you the central management advantages of DHCP since the leases are fixed you only have to backup the config, not the leases (hopefully something that changes less frequently) backup servers become trivial becouse the primary and backup will be issuing the same IP, no need for any complicated syncing between them since the address management is centralized it's much easier to avoid duplicates. it gives you the ability to do analysis over time of firewall/IDS logs without having to lookup each entry to see which machine had that IP at that time. no it's not foolproof (as per notes about manually setting IP addresses) but it seems like it provides advantages over dynamic addresses at the cost of additional work when a new machine is introduced on the network. David Lang On Wed, 22 Jan 2003, Paul D. Robertson wrote:
Date: Wed, 22 Jan 2003 09:23:19 -0500 (EST) From: Paul D. Robertson <proberts () patriot net> To: "Noonan, Wesley" <Wesley_Noonan () bmc com> Cc: 'Eye Am' <eyeam () optonline net>, firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? On Tue, 21 Jan 2003, Noonan, Wesley wrote:Absolutely no doubt in my mind, I have and will continue to use DHCP as much as I can, provided of course it is technically and logistically feasible. AsI don't like static DHCP for servers because it creates an unnecessary dependency on a system that's easy to MITM. For clients, I don't mind at all. A lot of it has to do with how the network is structured though- if it's a small, flat network, then that's not as much of an issue as if the network's routed and reliant on DHCP helpers to get an answer back before any attacker might (DoS on a local DHCP server is a different issue.) I wouldn't manage client addresses manually any more though unless I was specifically trying to do a specific static addressing/routing/ARP table thing. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--__--__-- Message: 10 From: "Noonan, Wesley" <Wesley_Noonan () bmc com> To: "'David Lang'" <david.lang () digitalinsight com>, "Paul D. Robertson" <proberts () patriot net> Cc: "Noonan, Wesley" <Wesley_Noonan () bmc com>, "'Eye Am'" <eyeam () optonline net>, firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? Date: Wed, 22 Jan 2003 16:47:31 -0600 I don't mind that (aside from the point that statically assigning via DHCP really isn't an accurate description), and in fact that is what I encourage (reservations). I am sure I am in the minority, but that is always how I have deployed my servers that I can get away with running as DHCP clients (basically, everything except the DHCP server). Assign a reservation and run with it. It makes it incredibly easy to know what server has what address without needing to pour through a ton of spreadsheets. The only caveat that I would throw out is I tend to extend my lease duration to something on the scale of 2-4 weeks so that I have that much time to fix any potential meltdown of the DHCP databases (As a note, never set them as "unlimited" as in MS speak this means don't ever pay attention to any other DHCP server, including the current one, ever again... might as well be static at that point). With proper backups (daily) and the nature of MS DHCP (hands out the same address to a client as much as possible) recovery has never taken me more than 10-15 minutes, and most of that is me copying the files in place to run the restore process. When I need to make network changes (i.e. new DNS servers, etc.) it simply becomes a matter of scripting a refresh/renew and poof, 99% of my hardware starts using the change. Network upgrades that previously (a) weren't feasible or (b) took a weekend become 5 minute processes. Auditing, to me at least, is a non-issue here. I can correlate the data between logs (it is, after all, what we get paid for) just as easily with DHCP everywhere as I can with statics or reservations in place. Thanks. Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+ Senior QA Rep. BMC Software, Inc. (713) 918-2412 wnoonan () bmc com http://www.bmc.com
-----Original Message----- From: David Lang [mailto:david.lang () digitalinsight com] Sent: Wednesday, January 22, 2003 15:56 To: Paul D. Robertson Cc: Noonan, Wesley; 'Eye Am'; firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - Security Risk? Paul (and others refering to the headachs of static addresses) if you staticly assign the addresses via DHCP does your opposition still stand? doing this gains you the central management advantages of DHCP since the leases are fixed you only have to backup the config, not the leases (hopefully something that changes less frequently) backup servers become trivial becouse the primary and backup will be issuing the same IP, no need for any complicated syncing between them since the address management is centralized it's much easier to avoid duplicates. it gives you the ability to do analysis over time of firewall/IDS logs without having to lookup each entry to see which machine had that IP at that time. no it's not foolproof (as per notes about manually setting IP addresses) but it seems like it provides advantages over dynamic addresses at the cost of additional work when a new machine is introduced on the network. David Lang On Wed, 22 Jan 2003, Paul D. Robertson wrote:Date: Wed, 22 Jan 2003 09:23:19 -0500 (EST) From: Paul D. Robertson <proberts () patriot net> To: "Noonan, Wesley" <Wesley_Noonan () bmc com> Cc: 'Eye Am' <eyeam () optonline net>, firewall-wizards () honor icsalabs com Subject: RE: [fw-wiz] DHCP in a corporate MS environment - SecurityRisk?On Tue, 21 Jan 2003, Noonan, Wesley wrote:Absolutely no doubt in my mind, I have and will continue to use DHCPas muchas I can, provided of course it is technically and logisticallyfeasible. AsI don't like static DHCP for servers because it creates an unnecessary dependency on a system that's easy to MITM. For clients, I don't mindatall. A lot of it has to do with how the network is structured though-ifit's a small, flat network, then that's not as much of an issue as ifthenetwork's routed and reliant on DHCP helpers to get an answer backbeforeany attacker might (DoS on a local DHCP server is a different issue.) I wouldn't manage client addresses manually any more though unless I was specifically trying to do a specific static addressing/routing/ARP table thing. Paul -----------------------------------------------------------------------------Paul D. Robertson "My statements in this message are personalopinionsproberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecureCorporation_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
--__--__-- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards End of firewall-wizards Digest ----------------------------------------------------------------- ATTENTION: The information in this electronic mail message is private and confidential, and only intended for the addressee. Should you receive this message by mistake, you are hereby notified that any disclosure, reproduction, distribution or use of this message is strictly prohibited. Please inform the sender by reply transmission and delete the message without copying or opening it. Messages and attachments are scanned for all viruses known. If this message contains password-protected attachments, the files have NOT been scanned for viruses by the ING mail domain. Always scan attachments before opening them. ----------------------------------------------------------------- _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Packeteer PacketShaper (Michel Ludolph) Michel.Ludolph (Jan 23)