Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

basics logo Security Basics mailing list archives

Re: Cisco PIX fixup protocol command
From: "erisk" <erisk () iinet net au>
Date: Fri, 13 Feb 2004 10:24:35 +0800
sorry corretion "even when port is not in use.."***

----- Original Message ----- 
From: "erisk" <erisk () iinet net au>
To: "S.Rohit" <s.rohit () usa net>; <security-basics () securityfocus com>
Sent: Friday, February 13, 2004 10:22 AM
Subject: Re: Cisco PIX fixup protocol command



if the protocols are not in use then disbale the fixups (ie the ones that
are defualt upon install of the PIX). I have found instances where
nmap/superscan can pick up the fixups enabled even ***
The implication here is that it can give an indication that a PIX is in

use.


If the protocols are used  however (SMTP, FTP, DNS) "fixup" those.. It
provides attack guards over the protocols and inspects the traffic for the
connections.
----- Original Message ----- 
From: "S.Rohit" <s.rohit () usa net>
To: <security-basics () securityfocus com>
Sent: Wednesday, February 11, 2004 6:52 PM
Subject: Cisco PIX fixup protocol command


hi everyone....

   might sound like a very stupid question to ask, but i am looking for

info

on wat is the use of fixup protocol commands on the Cisco PIX device. wat

is

the exact usage and significance of this commands? and wat are the

security

implications of this command? i know that some fixup's like say fixup
protocol
smtp are good cos of the way they restrict the SMTP command set but how
about
the general syntax [no] fixup protocol [service] [port]? what is this used
for
and wat are the security implications for this?

   i am asking this because i'm seeing a recommendation in some PIX
hardening
guide to disable fixups or they flag fixups as a security issue? y is tat?

rohit



--------------------------------------------------------------------------

-

Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
--------------------------------------------------------------------------

--






---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]