Penetration Testing mailing list archives

Re: Fwd: Re: spoofing 255.255.255.255 techniques

From: Jason Ackley <jason () ackley net>
Date: Fri, 6 Jul 2001 13:50:55 -0700 (PDT)




On Fri, 6 Jul 2001, MIKE DONOFRIO wrote:

Just FYI

   Using ACL's does limit the information you get to the Syslog server
compared to what you would get using Conduits.  Cisco was supposed to
be working on a fix for it.  On Revisions of code before 5.3.1 you
would just get Protocol XX (ie 6,17,1) and no port..  At least after
5.3.1 you get TCP,UDP...  I have contacted Cisco several times on this
issue and I get the "Next Release" responce :)  Anyone know if this is
fixed in 6.0?


Is this message %PIX-4-106023 you are asking about?

 A 6.0(1) deny (by acl/access-group) example looks like:

%PIX-4-106023: Deny tcp src intf2:7.81.50.9/2560 dst
inside:62.18.9.1/22 by access-group "in_mylist"


(IPs randomized to protect the guilty).

 This is on a PIX that does not have names
 on its interfaces.. I have not seen any
 bcast/mcast traffic on this device to see what
 it logs..


 Now that the ACL log entries provide enough information, we can all
 migrate away from conduit style configs per cisco docs.. woohoo..



cheers,

--
jason



--------------------------------------------------------------------------------------

This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service
For more information on SecurityFocus' SIA service which automatically alerts you to 
the latest security vulnerabilities please see:

https://alerts.securityfocus.com/

Current thread:

spoofing 255.255.255.255 techniques Curt Wilson (Jul 05)
- Re: spoofing 255.255.255.255 techniques Blake Frantz (Jul 06)
- <Possible follow-ups>
- Fwd: Re: spoofing 255.255.255.255 techniques MIKE DONOFRIO (Jul 06)
  - Re: Fwd: Re: spoofing 255.255.255.255 techniques Jason Ackley (Jul 07)
- RE: Re: spoofing 255.255.255.255 techniques Erik Nodland (Jul 11)
  - Re: Re: spoofing 255.255.255.255 techniques Ron Russell (Jul 12)