Home page logo
/

nanog logo nanog mailing list archives

Re: Cisco PIX 515-->520?
From: Lisa Napier <lnapier () cisco com>
Date: Tue, 18 Sep 2001 12:08:46 -0700


Hi all,

Answers below:

From: Todd Suiter
Date: Wed Sep 12 20:19:02 2001


 I'm hearing rumors of problems with the 515 series PIX:

'...that in some cases Cisco has opted to replace customers' 515 Pixes with 520's at no charge because the 515 in some cases accepts packets with spoofed source addresses that it should be able to reject.'

This is untrue.


has anyone heard of this? Far as I know the sw is the same, but hw is different.

The hardware is different - that's why there are different product numbers - however the difference is in processing power and speed. Currently on the PIX, the anti-spoofing checks are all done in SOFTWARE, so anti-spoofing will be consistent across all hardware platforms.

Hope that helps,




Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml

PGP:  A671 782D 2926 B489 F81A 3D5E B72F E407 B72C AF1F
ID: 0xB72CAF1F, DH/DSS 2048/1024


  By Date           By Thread  

Current thread:
  • Cisco PIX 515-->520? Todd Suiter (Sep 13)
    • <Possible follow-ups>
    • Re: Cisco PIX 515-->520? Lisa Napier (Sep 18)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault