Firewall Wizards mailing list archives
Cisco IOS
From: cjw () rmsbus com (Christopher J. Wargaski)
Date: Sat, 9 Dec 2000 23:07:51 -0600 (CST)
Folks--
On Fri, 8 Dec 2000, Robert Purdy (DSL AK) wrote:Can anyone tell me what added features I get out of putting the Firewall IOS on a 1600 over what I can do in ACLs?Sure. With ACLs, even reflexive ones, you have to leave TCP ports above 1023 wide open if you want to support non-PASV FTP. With the firewall feature set, it snoops out the port command, and opens just the one port back. http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/index.htm It's also supposed to do some IDS stuff, but I haven't looked at it. Supposed to have better logging, too.
The Firewall IOS can inspect the data in some of the well known applications (SMTP, HTTP, FTP, etc) for proper commands. This will allow you to stop the goofs thinking they are sneaky by having inetd listen on port 25 on their UNIX box so they can telnet through the filtering router. cjw Christopher J. Wargaski RMS Information Technology Integrators cjw () rmsbus com (847) 215-1661, ext. 223 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco IOS Robert Purdy (DSL AK) (Dec 09)
- <Possible follow-ups>
- Re: Cisco IOS Ryan Russell (Dec 10)
- Re: Cisco IOS Joe Dauncey (Dec 12)
- Cisco IOS Christopher J. Wargaski (Dec 12)
- Re: Cisco IOS Eric Vyncke (Dec 14)