What the heck are you talking about? PIX is a stateful firewall. Why would you go from a $15,000 valued (at least, depending on the license and possible hardware cards) commercial product and downgrade to Astaro or Smoothwall? That just doesn't make sense.

It's a PIX 501 with 3DES VPN and a 50 user license. Still overkill, but very effective. Not quite $15,000, but a few thousand if I remember correctly. We used it at work for 2 years without a single problem. We would still be using it at work, but when SBC restored our DSL connection, their installer insisted on installing their Cayman. I was like "whatever" and took the 501 home to "test". I'm still "testing". Maybe I'll buy it if the price it right.

I used to use a Smoothwall Express gateway, but the Pix is small, dead quiet and emits no heat! The Smoothwall was the exact opposite, large and very loud, heating up the closet in about 10 minutes.

Wow, I knew SBC is dumb but that takes the cake... "no, you can't use a proven security device, here use our no-name one instead". WTF kind of service is that?

On the bright side, at least you get to "test" a PIX at home. Most people don't have that luxury

How dumb can SBC be? I guess you didn't read my other post about them accidentally cutting-off our DSL service for 10 days! Then instead of using a change order which would send someone out and reroute our line in our wiring closet to turn our old service back on, they put in a new order. Thus the 10 day delay! Then they sent out some rookie installer that had no idea what our situation was and wouldn't work on a PIX. He could only install the Cayman. I even had to put in the port forwarding data because he wasn't allowed too! That is how dumb they can be.

I guess I misunderstood your position/company size, your admin activities/powers, etc - of course if you (company you work for) can afford 15 grand for a firewall solution Astaro and Smoothwall fall off the hook. I got an impression your situation reflected SOHO environment, and a PIX was "given" away to you - my point was that if you don't posess license for the Cisco device all you would have a firewall w/o future upgrades, etc, and at some point you would be urged to upgrade it.

BTW CheckPoint has plenty of problems, too. Lately I've been seeing very good things about Netscreen, but now we're waaaaay off topic.

Hi,

What is the conclusion of this incident? Is it Slammer virus or an attack / Hacker event

Regards,

Sunil

Hi,

What is the conclusion? Is it a Slammer Virus attack or is it a Hacker?

Appreciate your detail comment on this

Regards,

Sunil

No conclusion. I also have yet to see a similar post on this or any other forum I frequent. It was a silly XP box so I just reloaded the OS and hardened my network. I didn't persue it any further.

The PIX still works great by the way.

Hi,

I am bit curious few queries:

In the Snort log it is indicating about password change? Was any password was changed?

Was there any entry about this event in the security log of the system?

Checked the property of Slammer but couldnt find any where mentioned about multiple exploits methods in short time? So can it be a virus issue

Sorry for bothering but would appreciate your understanding on this issue

Thanks & Regards,

Sunil

This was a stange event that was only caught because I was in the process of switching from dial-up service to DSL. The log file I posted was actually the Smoothwall Snort log I had setup to use my as my router and firewall when my DSL service was turned on, not from my XP machine. Smoothwall was not firewalling the dialup connection but the"as yet to be turned on" DSL service.

Being that my DSL service was not yet active I was still using a dial-up connection from my XP machine to download updates. The person that "got in" got into the XP machine through the dialup then used the XP machine to try to hack in to the Smoothwall router. The log file I posted was after the XP machine had already been compromised. XP, to my knowledge, does not have verbose logging like linux so the info that you are requesting was never logged for review. I don't even have an originating IP address. Like I said previously, I have yet to see a similar "signature" anywhere so I can assume it was a cracker and not a virus, but that is only a guess.

XP does have an Event Log IIRC; it's just turned off by default. Control Panel -> Administrative Tools should have an option to turn on the Event Log.

i just guess why you just don´t download the drivers for your modem an forget 2 use xp for ANY web connection? or a new modem just 10dlls?

Chort, thanks for the reply. My comment about verbose logging was regarding the actual content of the log, the "verbosity". In my experience, the logs just weren't that useful, however, I just checked the event logs for my XP machine here at work and it appears that the content of the logs has greatly improved since I last bothered to look at one. I'm running Service Pack 2. Was that changed in the last SP or have I just not been paying close enough attention?

I case you all missed these important words from his first post, the man has it right.
As most of the world still uses windows people that develope web pages need them to check their work and to see how it looks for most users. I have 2 safely hidden behind a Suse firewall.