[fw-wiz] RE: CERT vulnerability note VU# 539363

From: Philip J. Koenig (pjklist@ekahuna.com)
Date: 10/16/02


From: "Philip J. Koenig" <pjklist@ekahuna.com>
To: Firewall-wizards@honor.icsalabs.com
Date: Wed Oct 16 20:55:01 2002

On 16 Oct 2002 at 17:00, Stephen Gill boldly uttered:

> In V4.0 the syntax has changed somewhat for the aforementioned command,
> though the concept still applies...
>
> set zone <zone> screen limit-session source-ip-based <threshold>
>
> I've requested something like
>
> set zone <zone> screen limit-session dest-ip-based <threshold>
>
> but I've not seen it in code yet. If I'm not mistaken I believe CP has
> added the ability to do both recently.
>
> -- steve

OK, but the nice thing about the source-based rule is it's not very
likely to drop legitimate traffic (unless you misconfigure it without
any sense of your normal traffic profile), whereas a destination-
based rule could easily cause that problem, particularly for public
servers.

On a slightly off-topic note - do you find ScreenOS stable? I
avoided it for stability reasons at a newly-deployed site but it
would have been convenient to start off with it because when the time
comes to upgrade it looks like I'll have to re-architect lots of the
rules to adapt to its new syntax.

--
Philip J. Koenig                                       
pjklist@ekahuna.com
Electric Kahuna Systems -- Computers & Communications for the New 
Millenium


Relevant Pages

  • [fw-wiz] RE: CERT vulnerability note VU# 539363
    ... > -- steve ... any sense of your normal traffic profile), ... avoided it for stability reasons at a newly-deployed site but it ... rules to adapt to its new syntax. ...
    (Firewall-Wizards)
  • Re: Crontab issues with Solaris 10
    ... I went to configure a script to run every 2 hours using the ... As far as I can tell, this syntax is correct. ... misconfigure something? ... Jim Pennino ...
    (comp.unix.solaris)