[25174] in North American Network Operators' Group
Re: your mail
daemon@ATHENA.MIT.EDU (Alex P. Rudnev)
Wed Sep 22 12:20:09 1999
Date: Wed, 22 Sep 1999 20:07:02 +0400 (MSD)
From: "Alex P. Rudnev" <alex@Relcom.EU.net>
To: Stephen Sprunk <ssprunk@cisco.com>
Cc: Gerry McDonald <gerry@injectronics.com>, nanog@merit.edu
In-Reply-To: <00ea01bf0513$85e41ca0$462544ab@cisco.com>
Message-ID: <Pine.SUN.3.91.990922200553.25341j-100000@virgin.relcom.eu.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: owner-nanog-outgoing@merit.edu
I have listened to their seminar about this... As the simple L5 firewall
it's not bad, through it realise the fixed set of ruls and defends your
from the simple SMTP attacks only. But anyway, IOS FW is just what 90% of
the customers need...
On Wed, 22 Sep 1999, Stephen Sprunk wrote:
> Date: Wed, 22 Sep 1999 10:38:30 -0500
> From: Stephen Sprunk <ssprunk@cisco.com>
> To: "Alex P. Rudnev" <alex@Relcom.EU.net>,
> Gerry McDonald <gerry@injectronics.com>
> Cc: nanog@merit.edu
> Subject: Re: your mail
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
> t/120t5/iosfw2/iosfw2_2.htm#xtocid1359543
>
> SMTP Messages
>
> CBAC detects and blocks SMTP attacks (illegal SMTP commands) and notifies
> you when SMTP attacks occur. Error messages such as the following may
> indicate that an SMTP attack has occurred:
>
> %FW-4-SMTP_INVALID_COMMAND: Invalid SMTP command from initiator
> (192.168.12.3:52419)
>
>
> Looks like it does do that after all...
>
> IOS FW also monitors HTTP, CU-SeeMe, FTP, H.323, NetShow, r-commands,
> RealAudio, Sun RPC, SQL*Net, StreamWorks, TFTP, VDOLive, and generic TCP/UDP
> sessions in addition to SMTP. It also protects against fragment attacks,
> SYN attacks, ACK attacks, and bogus TCP sequence numbers.
>
> Randy: ip inspect name firewall smtp
>
> S
>
>
> Stephen Sprunk, K5SSS, CCIE#3723
> Network Consulting Engineer
> Cisco NSA Dallas, Texas, USA
> e-mail:ssprunk@cisco.com
> Pager: +1 800 365-4578
> Empowering the Internet Generation
>
>
> ----- Original Message -----
> From: Alex P. Rudnev
> To: Gerry McDonald
> Cc: nanog@merit.edu
> Sent: Wednesday, September 22, 1999 5:37
> Subject: Re: your mail
>
> Get IOS FireWall Feauture set, router with the 2 LAN and 2 WAN
> interfaces, and say _get away_ to the hw vendors.
>
> No doubt, it's possible to enter into IOS if you did not installed access
> lists on the VTY, keep working some extra services (such as router-based
> WWW) or so on; but it do not depend of the firewalls at all... And - if
> you don't need session-level firewall (with the analysing of SMTP content
> for example) IOS FW feature set is very effective solution.
>
> Aleksei Roudnev, Network Operations Center, Relcom, Moscow
> (+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41,
> N 13729 (pager)
> (+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
>
>
Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41, N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)
