Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In the Cisco Security Advisory 50961 defect id CSCed91445 points to PIX Release 6.3.3.132. I could not find any new PIX Release for download, only the old version from August 2003.Where can I download uptodate releases ?mfg Peter Heuchert
Today I got a problem with a custom signature, I added with .SigWizMenu on a 3.x IDS. I choosed the description IP Protocoll 77This caused an error, because the word Protocoll is a keyword in the etc/SigUser.conf file. It caused an error within SigW...
We get false positives for the signatures 11005 and 3604. The reason for this is, that these signatures trigger on replies from normal server. Here is an example:A client contacts a webserver on port 80. The source port for this connection is 1204....
I configured our PIX to accept PPTP connections for a test network. This network is a class C network of our class A intranet. The clients are Win2K clients. We are using the native Microsoft PPTP support. We disabled the function to set the default ...
I have problems to get nfs ( special mountd ) through a PIX. The nfs host is in a test segment which is separated from our intranet with a PIX. Our default policy is to disallow anything, except of some protocolls (ports) to defined hosts (thi...
There is a lot room for improvements. We do automatically list all iplog files on a sensor, scan the events in the log files, scan packetd.conf and SigSettings.conf to find out which events are causing ip logs, correlate the iplog files with the ev...
Be careful when setting up the iplogs. 5 minutes is a very long time. We set the value to 1 minute. This is enough to decide if a hacker was successful or not. If they were not successful, they will try again, which retrigger the iplog capturing.T...
Well it is not so easy. The sensor triggers on any occurance of a get string with any case. It does not look on the http header only. So we have some 11005 events triggered by the reply of an https server .It is also not very unlikely that a javascr...
Just for other user, I found the problem. If Win2K is not allowed to set the default route when activating a RAS network, it sets a route based on the class of the ip address. So a 10.x ip address gives you a route for a class A network, a 192. x ip...
Jeff,The checkbox is disabled. If I enable it, I will get the problem that every traffic is routed to the pix. Not a good solution.But I do not have a problem to reach the PPTP network. Here is the netstat -rn output after I connected to the PIX:N...
