Firewall Wizards mailing list archives
spoofing SYN and ident with a Cisco PIX
From: "J. Eric Townsend" <jet () icras com>
Date: Wed, 13 Dec 2000 18:26:33 -0800
I RTFM'd, but I didn't RT Entire FM. There are just too many Cisco books for one man to deal with in one lifetime... Question: Is there a way I can spoof SYN[0] and ident responses at my Cisco PIX without creating any security/performance problems? I'm getting ready to try the "service resetinbound" for ident, but I'd like something a bit more elegant for both responses. In my little fantasy world, there's a hidden Cisco PIX configuration option that responds to SYN and ident requests with syntactically legal, and possibly even correct information. ident requests would get, let's say, "postmaster () icras com", and SYN packets sent in from nosy web/caching servers doing performance stuff would get a response from the PIX itself. [0] I'm having fuzzy memory problems here, but I believe this is the method of pinging some websites/caching servers are using to determine travel time between their server and one of our clients. Thanks for any pointers, --jet -- j. eric townsend IT/Facilities Manager Icras, Inc. (formerly DataRover Mobile Systems, Inc.) 408.530.2916 / <http://www.icras.com> _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- spoofing SYN and ident with a Cisco PIX J. Eric Townsend (Dec 15)