Firewall Wizards mailing list archives
Re: Cisco IOS
From: Joe Dauncey <toothbrushhead () yahoo com>
Date: Sun, 10 Dec 2000 00:15:10 +0000
Robert, The CiscoSecure software includes some DoS stuff as well. It will try to limit certain packets. Having said that I am quite fond of using CAR on the bigger routers (though I think it's now available for all sizes) to prevent the sort of traffic that is characteristic of DoS. On one network I am involved with my colleagues limit all the ICMP traffic with it. It's also got some application level stuff. It will attempt to do things like filter SMTP commands and restricting java applets to trusted sites. There is also some IDS stuff that can run on routers. It's quite configurable, in that you can switch all the different signatures on or off. However, you are limited to what is hardcoded into the IOS. There is plenty of more detailed, correct information on CCO (http://www.cisco.com), which is where I recommend anyone takes their first look if they have questions over Cisco stuff, because it's actually a really good resource. Joe "Robert Purdy (DSL AK)" wrote:
Can anyone tell me what added features I get out of putting the Firewall IOS on a 1600 over what I can do in ACLs? For a B2B connection that does not have a requirement to be 100% bullet-proof all the time, is a Firewall IOS really required? Are there any holes in a ACL apart from the fact that there is an implicit allow rather than deny if the ACL is not no the interface? Thanks Rob Purdy _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
-- Joe Dauncey toothbrushhead () yahoo com PGP Key ID: 0x247CB70A ***************************** _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco IOS Robert Purdy (DSL AK) (Dec 09)
- <Possible follow-ups>
- Re: Cisco IOS Ryan Russell (Dec 10)
- Re: Cisco IOS Joe Dauncey (Dec 12)
- Cisco IOS Christopher J. Wargaski (Dec 12)
- Re: Cisco IOS Eric Vyncke (Dec 14)