Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: PIX limitations

from [Velasquez Venegas Jaime Omar] Network Security [Permanent Link]
Subject: RE: PIX limitations
Date: Tue, 14 Sep 2004 20:18:35 -0500 
Maybe it's kind of late but due to I had to go through some reading about Cisco 
FWSM 2.2, I've found that it DOES have a feature called FragGuard which is a 
protection against fragmentation.In this version of FWSM , the default fragment 
size is 200.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010d3.html

Jaime Velasquez Venegas


-----Original Message-----
From: Cesar Farro Flores [mailto:cesar.farro@t-empresas.com.pe] 
Sent: Tuesday, August 17, 2004 9:06 AM
To: Brian Ford
Cc: firewalls@securityfocus.com; jlebowitsch@pacbell.net; Ng Pheng Siong
Subject: Re: PIX limitations


Hi all ,

In the Manual of CISCO about  FWSM 
http://www.cisco.com/en/US/partner/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010c1.html
it shows what is the limitations of the PIX, the not feature  that can not 
inspect all the fragments when there is fragmentation it is very bad because 
some  exploits used fragmentation for Hide the content of the Exploit. 
Personally I dont recomended FWSM.

CF.


Brian Ford <brford@cisco.com> escribió el 11/08/2004 11:01:43 p.m.:


Ng and list;

At 09:31 AM 8/10/2004 +0800, Ng Pheng Siong wrote:

On Fri, Aug 06, 2004 at 06:18:09PM -0000, jlebowitsch@pacbell.net 
wrote:

Does anyone knows if this is true also of Cisco PIX? As FWSM is 
based

on

PIX it seems likely, but i can't find documentation for this.


Is FWSM really based on the PIX?


Yes.


PIX was produced by some company which was
acquired by Cisco.


Network Translation in 1995.


FWSM is firewall stuff tacked onto IOS.


Not exactly.  The FWSM code was based on PIX v6.0.  PIX code is not 
IOS.


 While PIX has an
IOS-like config language, I believe it isn't IOS.


True.

So like I said in the other message you need to check these details

against

the PIX OS manual for the version of code you are using.  FWSM was 
based

on

PIX OS v6.0 and details like these may have diverged between the FWSM 
and



the PIX appliance OS versions.


Liberty for All,


Brian



--
Ng Pheng Siong <ngps@netmemetic.com>

http://firewall.rulemaker.net -+- Cisco PIX & Netscreen Config 
Version Control http://sandbox.rulemaker.net/ngps -+- M2Crypto, 
ZServerSSL for Zope,

Blog



Brian Ford
Consulting Engineer, Security & Integrity Specialist
Office of Strategic Technology Planning
Cisco Systems Inc.
http://www.cisco.com/go/safe/

The opinions expressed in this message are those of the author and not 
necessarily those of Cisco Systems, Inc..

This email address is transmitted from San Jose, California, U.S.A..





ForwardSourceID:NT0001917A
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • RE: PIX limitations, Velasquez Venegas Jaime Omar <=
Previous by Date:  Symantec Gateway Security 360 + Cisco VPN Concentrator 3030, Nicholas Hunt
Next by Date:  RE: Cisco VPN and Direcway Satellite Service, Anand Srivastava
Previous by Thread:  Symantec Gateway Security 360 + Cisco VPN Concentrator 3030, Nicholas Hunt
Next by Thread:  1 VPN client only through PIX, Chris Tyler
Indexes:  [Date] [Thread] [Top] [All Lists]