Re: Cisco IOS

[Joe Dauncey <toothbrushhead () yahoo com>]

Robert,

The CiscoSecure software includes some DoS stuff as well. It will try to
limit certain packets. Having said that I am quite fond of using CAR on
the bigger routers (though I think it's now available for all sizes) to
prevent the sort of traffic that is characteristic of DoS. On one
network I am involved with my colleagues limit all the ICMP traffic with
it.

It's also got some application level stuff. It will attempt to do things
like filter SMTP commands and restricting java applets to trusted sites.

There is also some IDS stuff that can run on routers. It's quite
configurable, in that you can switch all the different signatures on or
off. However, you are limited to what is hardcoded into the IOS.

There is plenty of more detailed, correct information on CCO
(http://www.cisco.com), which is where I recommend anyone takes their
first look if they have questions over Cisco stuff, because it's
actually a really good resource.

Joe

"Robert Purdy (DSL AK)" wrote:
> Can anyone tell me what added features I get out of putting the Firewall IOS
> on a 1600 over what I can do in ACLs?
>
> For a B2B connection that does not have a requirement to be 100%
> bullet-proof all the time, is a Firewall IOS really required?
>
> Are there any holes in a ACL apart from the fact that there is an implicit
> allow rather than deny if the ACL is not no the interface?
>
> Thanks
> Rob Purdy
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards () nfr com
> http://www.nfr.com/mailman/listinfo/firewall-wizards

-- 
Joe Dauncey
toothbrushhead () yahoo com
PGP Key ID: 0x247CB70A
*****************************

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards