Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Cisco CBAC

from [Paul Guibord] Network Security [Permanent Link]
Subject: RE: Cisco CBAC
Date: Mon, 25 Oct 2004 08:49:11 -0400 
This is from PIX documentation but will still apply. The issue is not
specific to any one platform. Not sure if you need a CCO account to view
this.
 
Hope this helps...
 
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note
09186a008009491c.shtml
 

Reverse DNS Lookups 


If you are experiencing slow performance with the PIX, verify that you
have Domain Name System Pointer (DNS PTR) records (also called Reverse
DNS Lookup records) in the authoritative DNS server for the external
addresses that the PIX is using. This includes any address in your
global Network Address Translation (NAT) pool (or the PIX's outside
interface, if you are overloading on the interface); any static
addresses; and internal addresses (if you are not using NAT with them).
Some applications, such as File Transfer Protocol (FTP) and Telnet
servers, may do Reverse DNS lookups to try and determine where the user
is coming from and if it is a valid host. If the Reverse DNS lookup does
not resolve, then performance will be degraded as the request times out.


To ensure that a PTR record exists for these hosts, issue the nslookup
command from your PC or UNIX box, followed by the global IP address you
are using when you connect to the Internet. 


Example


        % nslookup 198.133.219.25
        25.219.133.198.in-addr.arpa     name = www.cisco.com.

You should receive a response back with the DNS name of the device
assigned to that IP address. If you do not receive a response back,
contact the person that controls your DNS to request the addition of PTR
records for each of your global IP addresses. For more information about
performance issues on the PIX caused by missing PTR records, see Poor or
Intermittent FTP/HTTP Performance Through a PIX
<http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_not
e09186a0080094459.shtml> .

 

 

        -----Original Message-----
        From: Dan Tesch [mailto:dan.tesch@comcast.net] 
        Sent: Thursday, October 21, 2004 11:36 PM
        To: firewalls@securityfocus.com
        Subject: Cisco CBAC
        
        
        Since starting to work with a new company which is using
        a Cisco 2611 router with firewall IOS, I have noticed too many
        times problems with downloading from certain FTP sites,
        some won't work at all - problems downloading from websites
        and applications used from vendor websites having problems.
         
        As I have studied CBAC and come to understand what it does,
        I am starting to wonder if this could be causing some of the
        problems - Has anyone else had similar experiences?  why
        does a Cisco router with this feature work differently than a
        standard NAT router?
         
        Thanks
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PIX firewall SNMP interfaces stats, Jerome Tytgat
Next by Date:  RE: PIX firewall SNMP interfaces stats, Coffey, W. Craig
Previous by Thread:  RE: Cisco CBAC, Andrew Shore
Next by Thread:  writing an application that will perform client authentication (to a check point firewall-1) automatically, Erez Shtang (NEW)
Indexes:  [Date] [Thread] [Top] [All Lists]