(Note: This message was posted as part of the "Ask the Expert" Event on configuring Cisco IPSec VPNs that took place December 11 - December 21. Feel free to respond to or form discussions around this question.)
Posted by: davesiwula@ yahoo.com - INTERNET SECURITY ENGINEER, NETWORK RANGER
I have implemented a PIX 520 into production and have been experiencing a problem with it. It appears that someone from the outside has been able to sneak in a telnet packet after lets say 50 or so normal packets pass through. If a legitimate connection is established from the outside world, and fifty or so packets come from a legitimate source and the source address, destination address all remain the same. Then the port on the 50th packet is changed from http 80 to 23 telnet. Is there anything I can to prevent this from happening? Does the pix inspect every single packet by default? Does this have to do with it being stateful? I need to prevent my network from these kinds of issues. Please advise. Also could you inform me of how the PIX handles packets that are lets say less than the normal size? Thanks for your time.
One more thing if you have time:
I am very confused on a ip fragment attack, sig id
Generally speaking I understand what it is but I have been not been able to understand the greater than 0 less than 5 rule for the life of me. I have disected the ip packet in every possible and cannot figure this out. How does the value of 1 through 4 trigger in the fragment offset field trigger this alarm? Why is 0 and 5 in this field considered normal? Does 1 represent 8 bits, 2 16 bits and so on? If so I am still lost?
Cisco Champion Radio · S7|E26 Simplify your Security with the new SecureX platform
Securing your organization is becoming increasingly complex. It may seem faster to tack on new point products to address the latest attack or protect yet another threat v...
Join us live on Tuesday, July 14 (and on demand after) to learn what impacts COVID-19 has had on the information security landscape from one of the people living that fight.
We'll take your questions live during the show and after, so post them belo...
TETRA Error Codes - Windows
Here are some common TETRA Error codes that you may find displayed in the dashboard as well as within the C:\Program Files\Cisco\AMP\<your_version>\sfc.exe.log or corresponding sfc.exe_<date>_<time>.logs. The...
Please note that the minimum cryptography settings in AnyConnect 4.9 have been increased. Please ensure that your head-end is properly configured for the more stringent cryptography settings (if applicable) or users will be unable to connect after updatin...