Folks--
> On Fri, 8 Dec 2000, Robert Purdy (DSL AK) wrote:
>
> > Can anyone tell me what added features I get out of putting the Firewall IOS
> > on a 1600 over what I can do in ACLs?
> >
>
> Sure. With ACLs, even reflexive ones, you have to leave TCP ports above
> 1023 wide open if you want to support non-PASV FTP. With the firewall
> feature set, it snoops out the port command, and opens just the one port
> back.
>
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/iosfw2/index.htm
>
> It's also supposed to do some IDS stuff, but I haven't looked at it.
> Supposed to have better logging, too.
The Firewall IOS can inspect the data in some of the well known
applications (SMTP, HTTP, FTP, etc) for proper commands. This will
allow you to stop the goofs thinking they are sneaky by having
inetd listen on port 25 on their UNIX box so they can telnet through
the filtering router.
cjw
Christopher J. Wargaski
RMS
Information Technology Integrators
cjw_at_rmsbus.com
(847) 215-1661, ext. 223
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_nfr.com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Received on Dec 12 2000
Intro
