Educause Security Discussion mailing list archives
Flexible Packet Matching
From: Dennis Bohn <BOHN () ADELPHI EDU>
Date: Mon, 18 Apr 2011 09:30:31 -0400
Hi Joey, FPM has been a real disappointment. My thoughts were exactly like yours, to use it to block emergent threats. I have been attempting to use FPM since November or December, with constant TAC cases since then, bouncing from the Routing group to the security group, now in the Crash group. Quite frankly, the TAC engineers had no idea about FPM either; they were learning it on the fly, and learning that it really wasn't working. The current state for my hardware (3925) using the latest recommended code (15.1.(4)M) is this: in interface config, when the 'service-policy type access-control input $policy' is applied, the router crashes. NBAR also stopped working around 12.4.X (likely due to the development of FPM) ; I have not tried the latest code to see if NBAR at least has been fixed. Perhaps at some point, it will be useful. Hit me off-list and I can give you a couple of tips on the configuration, if you still want to try it. best, dennis Is there anyone out there who is trying to secure/drop egress traffic using= Flexible Packet matching? With all the malware and Bots out there I was w= ondering if anyone has taken that route. If so would anyone be willing to = share any details? Thanks Joey Rego Network Security Administrator Lynn University Dennis Bohn Manager of Network and Systems Adelphi University bohn () adelphi edu 5168773327
Current thread:
- Flexible Packet Matching Joey Rego (Apr 16)
- <Possible follow-ups>
- Flexible Packet Matching Dennis Bohn (Apr 18)