Hi all,
Sorry I missed it on NANOG. Answers inline:
At 01:23 PM 9/13/2001, Mike Hoskins wrote:
>Posted yesterday on NANOG:
>
><quote>
>I'm hearing rumors of problems with the 515 series PIX:
>
>'...that in some cases Cisco has opted to replace customers' 515 Pixes
>with 520's at no charge because the 515 in some cases accepts packets with
>spoofed source addresses that it should be able to reject.'
This is untrue.
>has anyone heard of this? Far as I know the sw is the same, but hw is
>different.
></quote>
The hardware is different - that's why there are different product numbers
- however the difference is in processing power and speed. Currently on
the PIX, the anti-spoofing checks are all done in SOFTWARE, so
anti-spoofing will be consistent across all hardware platforms.
>I have a number of 515s and haven't heard this. Any truth to this?
No.
> AFAIK
>I haven't received any notice from Cisco indicating this. (I'm not sure
>what source he seems to be quoting so tend not to believe it, but want to
>be sure... since it is possible I missed something.)
You have not missed anything. We do *not* have a 520 for 515 replacement
program in effect. Should that action ever be necessary, a field notice
would accompany the issue, with technical details.
Hope that clarifies things,
Lisa Napier
Product Security Incident Response Team
Cisco Systems
http://www.cisco.com/warp/public/707/sec_incident_response.shtml
PGP: A671 782D 2926 B489 F81A 3D5E B72F E407 B72C AF1F
ID: 0xB72CAF1F, DH/DSS 2048/1024
>Thanks,
>-Mike
>
>--
>"Information may want to be free, but fiber optic cable wants to be
> a million US dollars per mile." --Shawn McMahon
>
>_______________________________________________
>Firewalls mailing list
>[EMAIL PROTECTED]
>http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
