[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Anyone studying for Cisco certs?



The pix uses a stateful packet filter, is this different than stateful
packet inspection?  If they are the same does the pix have a problem
with it filtering technology?  I apologize in advance if these are dumb
questions.

-----Original Message-----
From: fiaid@quasi-sane.com [mailto:fiaid@quasi-sane.com] 
Sent: Friday, May 16, 2003 9:57 AM
To: silug-discuss@silug.org
Subject: Re: Anyone studying for Cisco certs?

> What's not to believe?  I'll admit I have limited experience with
other
> types of firewalls, but I'm willing to learn.  

I'll answer for Mike808 while he is gibbering.  PIX are terrible for
their 
lack fo stateful packet inspection.  Many firewalls have this,
Checkpoint 
FW-1, IP Filter, etc.  A pix might be good for internal blocking where
you 
really don't need all that much, but occasionally the mess up your QoS 
and CoS rules.  I am not sure if they can even do IP spoof checking,
which 
is nice so that you can't get people to flood your network with spoofed 
packets causing a reflective drop attack.

Tighe

-- 
Tighe Schlottog         workape         fiaid
"Nothing is too cruel if it is funny enough."


-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.

-
To unsubscribe, send email to majordomo@silug.org with
"unsubscribe silug-discuss" in the body.