Ok, hope Sean doesn't get his feelings hurt but here a
bit of my Criminal Law School training coming out:
Given the fact that you (Sean) were going to any means
to "prove" that a Linux based firewall is better than
a PIX for the last week or so, this email of yours has
very little credibility. You went to lengths to prove
your point. Some point valid and others not so valid.
So it's not much of a strech for you to send this
email out without any "real" backing.
>From the technical side I would like to know what kind
of connection your "friend" has to the Internet. Even
if this guy had a 515, it would take somewhere in the
excess of 50mbps (from my findings) to bring the PIX
to a level where you could say that "it has been
brought to it's knees" Furthermore, there aren't many
instances (and I know I may be putting my foot in my
mouth here) where any one has questioned that the PIX
is the best performing firewall on the market.
If there are some truth in your story I would have to
say that your "friend" had a mis-configed PIX. Maybe
the damn thing was running at 10mbps and
half-duplex..... (the half duplex happens quite often
in auto-neg.)
Just some thoughts.
Moe.
--- Jay Swan <[EMAIL PROTECTED]> wrote:
> What version of the code was he running? I seem to
> remember reading
> somewhere recently a cross-vendor firewall
> evaluation where the PIX came out
> very well in the anti-DoS category.
>
> Thanks,
> Jay
>
>
> ""Sean Young"" <[EMAIL PROTECTED]> wrote in
> message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hi everyone,
> > I have a story that wish to share with everyone.
> One of my friends
> > works for a company that uses Cisco PIX as the
> firewall. This afternoon,
> > he called and told me that the company firewall is
> experiencing a Denial
> > of Service (DOS) attack. The attack is so heavy
> that the PIX is just
> > simply gives up. The company contacts Cisco and
> the TAC told my friend
> > that there is a bug in the Cisco PIX code and he
> will have to wait a
> > few days for the new code to arrive. Frustrated,
> he decides to use his
> > workstation which is running NetBSD, put in an
> extra NIC, shutoff all
> > essential services but SSH and netfilter.
> Amazingly, the new BSD
> > firewall withstand the DOS and connectivity is
> restored.
> >
> > The point of the story. Not everything from Cisco
> is good. Their code
> > is just buggy as everyone else. Just because it
> carries the name Cisco
> > doesn't mean it is safe.
> >
> >
>
_________________________________________________________________
> > Get your FREE download of MSN Explorer at
> http://explorer.msn.com
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> [EMAIL PROTECTED]
> >
>
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to
[EMAIL PROTECTED]
=====
_____________________________________________
Moe Tavakoli
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/?.refer=text
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
