RE: where should I start? help!
From: DeGennaro, Gregory (Gregory_DeGennaro_at_csaa.com)
Date: 07/09/03
- Previous message: Kevin Ashurst: "RE: Wireless Networking"
- Maybe in reply to: Jane Han: "where should I start? help!"
- Next in thread: Jane Han: "RE: where should I start? help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Paul Benedek <paul.benedek@excis.co.uk>, "'Mitchell Rowton'" <mitchell@attackprevention.com>, "'Jane Han'" <janehan22@yahoo.com>, security-basics@securityfocus.com Date: Wed, 9 Jul 2003 10:56:35 -0700
Yes, this is good too.
I do not believe it is the PIX, however still worth an investigation. I
would start with the 2600 first. I am basing this off the information you
gave us from the router.
Regards,
Greg DeGennaro Jr., CCNP
Security Analyst
-----Original Message-----
From: Paul Benedek [mailto:paul.benedek@excis.co.uk]
Sent: Wednesday, July 09, 2003 2:08 AM
To: 'Mitchell Rowton'; 'Jane Han'; security-basics@securityfocus.com
Subject: RE: where should I start? help!
Hi,
Once you have identified the traffic type i.e. web traffic port 80, you may
wish to consider turning on some of the traffic management features within
the Cisco router. This could be a change in queuing strategy and the use of
Cisco's committed access rate feature.
By using CAR, you can prioritise the traffic and drop any less important
traffic if it reaches a certain threshold. Incidentally it is good to use
CAR to drop inbound UDP traffic in case of DDOS attacks.
The other thought with regard to this could be that your NAT pool in your
PIX is not big enough to cope with your outbound requirements. Try
increasing your pool size so that you have many translation slots available.
Also look at the session timeout values and make sure that you have timeouts
to unwanted connections within a reasonable timeframe.
Another point to look at is your Ethernet interfaces. Make sure that they
are forced connections rather than using auto (100 meg full duplex). If
these are causing you any issues, you would see a high number of collisions
on the Ethernet port counters. This could also account for a high number of
retransmissions and poor throughput on your Internet connection.
Regards
Paul Benedek
Director
Excis Networks Limited
http://www.excis.co.uk
---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------
- Previous message: Kevin Ashurst: "RE: Wireless Networking"
- Maybe in reply to: Jane Han: "where should I start? help!"
- Next in thread: Jane Han: "RE: where should I start? help!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
