Re: Cisco PIX fixup protocol command
From: erisk (erisk_at_iinet.net.au)
Date: 02/13/04
- Previous message: Mike: "RE: MBSA 1.2"
- Maybe in reply to: S.Rohit: "Cisco PIX fixup protocol command"
- Next in thread: Christopher Black: "RE: Cisco PIX fixup protocol command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "erisk" <erisk@iinet.net.au>, "S.Rohit" <s.rohit@usa.net>, <security-basics@securityfocus.com> Date: Fri, 13 Feb 2004 10:24:35 +0800
sorry corretion "even when port is not in use.."***
----- Original Message -----
From: "erisk" <erisk@iinet.net.au>
To: "S.Rohit" <s.rohit@usa.net>; <security-basics@securityfocus.com>
Sent: Friday, February 13, 2004 10:22 AM
Subject: Re: Cisco PIX fixup protocol command
> if the protocols are not in use then disbale the fixups (ie the ones that
> are defualt upon install of the PIX). I have found instances where
> nmap/superscan can pick up the fixups enabled even ***
> The implication here is that it can give an indication that a PIX is in
use.
>
> If the protocols are used however (SMTP, FTP, DNS) "fixup" those.. It
> provides attack guards over the protocols and inspects the traffic for the
> connections.
> ----- Original Message -----
> From: "S.Rohit" <s.rohit@usa.net>
> To: <security-basics@securityfocus.com>
> Sent: Wednesday, February 11, 2004 6:52 PM
> Subject: Cisco PIX fixup protocol command
>
>
> hi everyone....
>
> might sound like a very stupid question to ask, but i am looking for
info
> on wat is the use of fixup protocol commands on the Cisco PIX device. wat
is
> the exact usage and significance of this commands? and wat are the
security
> implications of this command? i know that some fixup's like say fixup
> protocol
> smtp are good cos of the way they restrict the SMTP command set but how
> about
> the general syntax [no] fixup protocol [service] [port]? what is this used
> for
> and wat are the security implications for this?
>
> i am asking this because i'm seeing a recommendation in some PIX
> hardening
> guide to disable fixups or they flag fixups as a security issue? y is tat?
>
> rohit
>
>
>
> --------------------------------------------------------------------------
-
> Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection
>
> Protect your network with the comprehensive security solution that
> integrates six applications for ease of use and lower TCO.
>
> Firewall - Virus protection - Spam protection - URL blocking - VPN
> - Wireless security.
>
> Download 30-day evaluation at:
> http://www.astaro.com/php/contact/securityfocus.php
> --------------------------------------------------------------------------
-- > > --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
- Previous message: Mike: "RE: MBSA 1.2"
- Maybe in reply to: S.Rohit: "Cisco PIX fixup protocol command"
- Next in thread: Christopher Black: "RE: Cisco PIX fixup protocol command"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
