Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX Questions

from [Sven Hillebrecht] Network Security [Permanent Link]
Subject: RE: PIX Questions
Date: Mon, 23 Aug 2004 09:43:14 +0200 (MEST) 
Hi there,


1. The PIX 506E scans for 55 known attacks, what are they?


Table 2-4   IDS Syslog Messages
Message #       Signature ID    Signature Title         Signature Type 
400000  1000    IP options-Bad Option List      Informational
400001  1001    IP options-Record Packet Route  Informational
400002  1002    IP options-Timestamp    Informational
400003  1003    IP options-Security     Informational
400004  1004    IP options-Loose Source Route   Informational
400005  1005    IP options-SATNET ID    Informational
400006  1006    IP options-Strict Source Route  Informational
400007  1100    IP Fragment Attack      Attack
400008  1101    IP Unknown IP Protocol  Attack
400009  1103    IP Fragments Overlap    Attack
400010  2000    ICMP Echo Reply Informational
400011  2001    ICMP Host Unreachable   Informational
400012  2002    ICMP Source Quench      Informational
400013  2003    ICMP Redirect   Informational
400014  2004    ICMP Echo Request       Informational
400015  2005    ICMP Time Exceeded for a Datagram       Informational
400016  2006    ICMP Parameter Problem on Datagram      Informational
400017  2007    ICMP Timestamp Request  Informational
400018  2008    ICMP Timestamp Reply    Informational
400019  2009    ICMP Information Request        Informational
400020  2010    ICMP Information Reply  Informational
400021  2011    ICMP Address Mask Request       Informational
400022  2012    ICMP Address Mask Reply Informational
400023  2150    Fragmented ICMP Traffic Attack
400024  2151    Large ICMP Traffic      Attack
400025  2154    Ping of Death Attack    Attack
400026  3040    TCP NULL flags  Attack
400027  3041    TCP SYN+FIN flags       Attack
400028  3042    TCP FIN only flags      Attack
400029  3153    FTP Improper Address Specified  Informational
400030  3154    FTP Improper Port Specified     Informational
400031  4050    UDP Bomb attack Attack
400032  4051    UDP Snork attack        Attack
400033  4052    UDP Chargen DoS attack  Attack
400034  6050    DNS HINFO Request       Attack
400035  6051    DNS Zone Transfer       Attack
400036  6052    DNS Zone Transfer from High Port        Attack
400037  6053    DNS Request for All Records     Attack
400038  6100    RPC Port Registration   Informational
400039  6101    RPC Port Unregistration Informational
400040  6102    RPC Dump        Informational
400041  6103    Proxied RPC Request     Attack
400042  6150    ypserv (YP server daemon) Portmap Request       Informational
400043  6151    ypbind (YP bind daemon) Portmap Request Informational
400044  6152    yppasswdd (YP password daemon) Portmap Request  Informational
400045  6153    ypupdated (YP update daemon) Portmap Request    Informational
400046  6154    ypxfrd (YP transfer daemon) Portmap Request     Informational
400047  6155    mountd (mount daemon) Portmap Request   Informational
400048  6175    rexd (remote execution daemon) Portmap Request  Informational
400049  6180    rexd (remote execution daemon) Attempt  Informational
400050  6190    statd Buffer Overflow   Attack
400051  8000    FTP Retrieve Password
File    Attack


http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008008966a.html#24806


2. You do not need to download the PDM cos it's a built-in component 
of the PIX. I think by default you can access the PIX via PDM by 
typing the following url into your browser:

    https://192.168.1.1/start.html    or just
    
    https://192.168.1.1

Use 192.168.1.1 if you have not changed the default ip of the inside 
interface



      The above URLs do not work, would there be any setup required on the

device itself?

You have to complete the following steps to enable the pdm

domain-name name
Configure the PIX Firewall domain name:  

ca generate rsa key
Generate the PIX Firewall RSA key pair(s):  key_modulus_size
For example: ca generate rsa key 1024

http server enable 
Enables the PIX Firewall to be monitored or have its configuration modified
from a browser. 

http ip_address [netmask] [if_name] 
Specifies the host or network authorized to initiate an HTTP connection to
the PIX Firewall.
?       ip_address - IP address of the host or network authorized to initiate an
HTTP connection to the PIX Firewall. 
?       netmask - Network mask for the http ip_address. 
?       if_name - PIX Firewall interface name on which the host or network
initiating the HTTP connection resides. 

Best regards

Sven



-- 
NEU: Bis zu 10 GB Speicher für e-mails & Dateien!
1 GB bereits bei GMX FreeMail http://www.gmx.net/de/go/mail
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco FWSM VPN question, Cliff Alligood
Next by Date:  unable to join domain from dmz, Bilal Dar
Previous by Thread:  Re: PIX Questions, Aaron
Next by Thread:  RE: PIX Questions, Semerjian, Ohanes
Indexes:  [Date] [Thread] [Top] [All Lists]