Huh? How would the PIX fixups possibly lead to security holes? They're
there to protect the end device and only allow in the RFC commands (which
can actually be a pain, like with SMTP mailguard being too strict for SMTP
authentication on Exchange). I don't see how this can be a security hole,
but prevents them on flawed/badly coded end devices.
--
Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+
List email: [EMAIL PROTECTED]
Homepage: http://jason.artoo.net/
""Carroll Kong"" wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> At 10:44 AM 5/4/01 -0400, Jim Brown wrote:
> The Pix does a bit more (mini-proxy like actions like 'fixups'), so it
> actually lends itself to be slightly more vulnerable than say an OpenBSD
> box + IPFilter.
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=3340&t=2878
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
