05-05-2004 06:40 PM - edited 02-20-2020 11:22 PM
Whats the most effiecent way to block packets with both the SYN and FIN flags set in a PIX running 6.3?
05-05-2004 09:23 PM
If you enable the IDS function within the PIX, the PIX will flag this as an attack and if configured to drop attack-type packets, will do so.
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/gl.htm#wp1101884 for the configuration details for "ip audit".
See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/63syslog/pixemsgs.htm#1055451 for details about the specific signatures the PIX IDS picks up. Signature 3041 is the one you're interested in.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Log in to Community
