spoofing SYN and ident with a Cisco PIX

["J. Eric Townsend" <jet () icras com>]

I RTFM'd, but I didn't RT Entire FM.  There are just too many Cisco
books for one man to deal with in one lifetime...

Question:

Is there a way I can spoof SYN[0] and ident responses at my Cisco PIX
without creating any security/performance problems?  I'm getting ready
to try the "service resetinbound" for ident, but I'd like something a
bit more elegant for both responses.

In my little fantasy world, there's a hidden Cisco PIX configuration
option that responds to SYN and ident requests with syntactically
legal, and possibly even correct information.  ident requests would
get, let's say, "postmaster () icras com", and SYN packets sent in from
nosy web/caching servers doing performance stuff would get a response
from the PIX itself.

[0] I'm having fuzzy memory problems here, but I believe this is the
    method of pinging some websites/caching servers are using to
    determine travel time between their server and one of our clients.

Thanks for any pointers,

--jet

-- 
j. eric townsend
IT/Facilities Manager
Icras, Inc.  (formerly DataRover Mobile Systems, Inc.)
408.530.2916 / <http://www.icras.com>

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards