I feel your pain. I have quite a bit of Checkpoint experience. Company
sent me to the CSPFA course. Learning PIX is not too hard, I implemented
two sets right after the course. I still prefer Checkpoint hands down.
Good Luck.
Symon Thurlow wrote in message
[EMAIL PROTECTED]">news:[EMAIL
Quick question
If you have a sniffer connected to a switch port, with/without port
security on the port, will the sniffer see more than the broadcasts
without the SPAN being enabled on the port? If all you can see will be
broadcasts then how much of a risk will this sniffer be to the rest of
the
Martin,
The below is from a production router. Int ATM2/0 is a DS-3 ATM port with
Service
Inter-Working Translational (Frame to ATM) PVC's.
Hope this helps.
interface ATM2/0
description VPI/VCI 2/17 DNEC.XX.ATI (T-3)
no ip address
atm scrambling cell-payload
no atm auto-configuration
Hi.. One of our server have connectivity problem. There are some PCs from
overseas connect to it via RPC and it has mapping across the WAN. But it
starts to have connectivity problem since this morning. The Mapping will be
lost after one hour. And when we tried to map again, it always not
Chris McNally
Please contact me because you have a security leak in your configurations.
Best regards
Stefan
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53539t=53266
--
FAQ, list archives, and subscription info:
I am trying this in the lab, so...
clear ip route * doesn't work. I have tried clearing both the neigh and
the route, no effect at all.
The way I can make authentication works is configure it from the beginning,
before Router A and B
have any neighbour relationship.
E.D.
- Original
How do u run a scan on a router interface?
Regards
From: [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: IOS upgrade/Strange services [7:53492]
Date: Tue, 17 Sep 2002 16:02:02 GMT
I've recently upgraded one of our routers to 12.2(11)T - IP/FW/IDS/3DES.
After
Hi All,
I have a client wants to create Real server behind Pix firewall and I am
trying to make the outside real player to contact the inside server but I
failed..
Is there any extra commands more than the following commands on the PIX to
allow the ourside clients to communicate with the inside
To telnet from a client to a host works fine. However, if you telnet to the
host, walk away for 5 minutes and come back, the telnet session is
disconnected (I think it is the PIX disconnecting the telnet session after a
period of the connection being idle).
It is this timeout of 5 minutes I
Sniffer would see broadcasts and unicasts for destinations not yet
in cam table. Once destination send one packet, its mac will be
stored in switch cam table and sniffer won't see unicast destined
for it.
But, without port security, you can actually use tool that will
do active sniffing and be
Enter the IP address of the interface of the router I used Cisco Secure
Scanner, but have also used Nmap.
Prior to the upgrade these services weren't running.
-Original Message-
From: Tunji Suleiman [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 8:09 AM
To: [EMAIL
suscribe
-
Yahoo! Messenger
Nueva versisn: Webcam, voz, y mucho mas !Gratis!
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53550t=53550
--
FAQ, list archives, and subscription info:
[EMAIL PROTECTED] escribis: Hi,
You have tried to post to GroupStudy.com's Professional mailing list. Because
the server does not recognize you as a confirmed poster, you will be required
to authenticate that you are using a valid e-mail address and are not a
spammer. By confirming this e-mail
What's the version of IOS?
What's your Access-lists look like??
Truthfully, AFAIK, the only way that all of those services could be
detected from multiple hosts after performing a port scan (assuming from
the far-end/outside interface) is from either
A) not having access-lists defined and
[EMAIL PROTECTED] escribis: Hi,
You have tried to post to GroupStudy.com's Professional mailing list. Because
the server does not recognize you as a confirmed poster, you will be required
to authenticate that you are using a valid e-mail address and are not a
spammer. By confirming this e-mail
I am thinking about buying a Cat5 w/ Sup 1 and RJ 45 ethernet modules. I
heard from someone that Cisco is doing away with Cat 5k for the CCIE and
replacing it with Cat 6509. Is this true? If so when will this occur?
Thanks!
Joe
Message Posted at:
suscribe
___
Yahoo! Messenger
Nueva versisn: Webcam, voz, y mucho mas !Gratis!
Descargalo ya desde http://messenger.yahoo.es
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53555t=53555
When I learned my CCNA and CCNP, I read that IGRP is Cisco
proprietary. Recently I was told that IGRP is no longer proprietary
and became an open standard.
I would like to verify on this. Any URL would be nice. Thanks.
hktco
Message Posted at:
Some services are enabled by default on some ios's but are disabled by
default on others. after accessing ur vulnerability with the scanner...lock
down the router by disabling the unecessary services.
i would have thot the 12.2(11)T - IP/FW/IDS/3DES will come with most
services specifically
You probebly need to upgrade you boot room first..
Leonardo Rocha wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
People,
Any advise for my problem is welcome :
I have an 2501 with a 4MB DRAM module that works fine. Yesterday, I got 3
differents 8MB DRAM modules and I
They are doing away with the Cat5000s but they're going to the 3550 switch
and not the 6509. Most of the lab sites have the 3550s in place now.
wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am thinking about buying a Cat5 w/ Sup 1 and RJ 45 ethernet modules. I
heard from
Joe-
They're replacing it with the Cisco 3550 switch, not the 6509.
The Catalyst 5x00 series switch with a Sup1 and 10BT RJ45 module would
be a waste in my opinion for investment. Reason being is that you don't
have layer 3 capabilities, and only ISL trunking.
So in summary, forget Dot1q
Kent Yu wrote:
You may want take a look at this:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122
t/122t11/ft11at3f.htm#xtocid1
thanks, this helped.
cya
-bis
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53561t=53510
I'm running 12.2(11)T ip/fw/ids/3DES. The scan came back with Cu-seeme,
talk, tftp, rpc-nfs, rwho, biff, name, rpc-portmapper, rwho, snmp-agent,
syslog, dhcp, dns, etc... Since the router is fundamentally a unix box I
can see this happening... How the heck do ya shutdown the services? Also
Hello all,
We have a 3640 setup with two PRI lines and a bunch of MICA modems. I have
it configured so that we can accept incoming async modem calls or ISDN calls
that use either 1 or 2 B-channels (using MPPP to allow bonding of thw two B
channels).
Is there a way to check the speed of an ISDN
For those who use PHP, I wrote a simple function to calculate IP broadcast,
wildcard mask, hosts, etc... You can test it at
http://www.lafraia.com/ipcalc/ (the function is available there too). The
page explanation is in portuguese, but you may be able to understand the
structure.
cya
Daniel
Name one certification test you can take this into. ;-)
BJ
- Original Message -
From: Daniel Lafraia
To:
Sent: Wednesday, September 18, 2002 3:03 PM
Subject: IP Calculator [7:53564]
For those who use PHP, I wrote a simple function to calculate IP
broadcast,
wildcard mask, hosts,
Ok, the solution is very simple one. I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall. The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the
Having asked about VoMPLS transcoding from analog voice to MPLS
frames without intermediate IP packets, my lab partner noticed
that the CVOICE book (edited by Steve McQuerry etal) discusses
VoFR and VoATM (chapters 8 and 9):
analog+---+ +---+ analog
phone A1
A few people, along with myself, had been wondering about the 4500 series
switches. Here is part of an email I just received.
**New Catalyst 4500 Series Modular Switches and Supervisor IV**
Integrated Resiliency for Advanced Control of Converged Networks
Cisco is pleased to externally announce
...an inbound ACL on the interfaces you want to protect would effectively
kill access to these ports, but some of the ports you have mentioned are
difficult to explain and lack command-line parameters to control, like biff
for instance. Biff happens to run on UDP port 512.
Can you
Funny thing is I ran the same scan before I upgraded and it came back
with no services running Very Strange.
So something must have changed during the upgrade.
One of the other services it claims: AppleTalk; now I know for a fact this
isn't enabled on this router Or at least it
Is this for a lab or production environment?
OSPF can authenticate per-area or on a interface
basis. You'll have to put this spoke on it's own
sub-interface or run a tunnel to it and do auth on the
tunnel.
--- Robert Massiache wrote:
Hi,
I got a strange question for you guys! How do I
Hi all,
Many thanks to all groupstudy guys for help and advise.
I have finished CCIP truck now. It was so hard blood and tears!
From my experience I write some advice and mind not to violate
NDA.
BSCI
--
If you have passed CCNP,all you have to do is that read
IS-IS related
Hi all,
Before I chuck it on ebay, I have the following to sell:
3620, 64 ram 32 flash, 12.2 firewall ipsec etc IOS, NM1re2W (Token ring,
ethernet, 2 wan), 2 x WIC1T, NM1FE
2501 16/16 12.2 new roms x 2
2503 16/16 12.2 new roms x 2
2504 16/16 12.2 new roms (token ring, 2 x serial)
IBM Token Ring
Hey Superfriends -
I notice three QoS-related titles on the CiscoPress website, but I'm
wondering which one corresponds with the Cisco DQOS course. Anyone have any
insight?
Thanks,
BJ
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7i=53571t=53571
Do you see MPPP bundle interface with show users ? Those are
users that have specified that MPPP will be used, so bundle is
created on cisco side. That still doesn't mean that they use both B
channels. Now check with show interface ... the speed; it will
be either 64 or 128Kbps (or more if
Check on Amazon for Cisco and QoS and you should see that two new books will
be coming out in Dec '02 and Jan '03. My guess is that they will map to the
course.
-Original Message-
From: B.J. Wilson [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 4:26 PM
To: [EMAIL
Hi guys,
Just found this group and it looks like a great resource for Cisco
certification misc. questions. I'm CCNP and have passed CCIE written.
My question is this: an aquaintance has offered me some really good
equipment that I could really use to study for the CCIE, at really low prices.
I
no, not that I have ever heard of.
--
RFC 1149 Compliant.
John Wright wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Hi guys,
Just found this group and it looks like a great resource for Cisco
certification misc. questions. I'm CCNP and have passed CCIE written.
My
the router handles signaling.
--
RFC 1149 Compliant.
Tom Scott wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Having asked about VoMPLS transcoding from analog voice to MPLS
frames without intermediate IP packets, my lab partner noticed
that the CVOICE book (edited by
I believe IGRP is still proprietary.
From the IETF page:
http://www.ietf.org/ietf/IPR/igrp
--
RFC 1149 Compliant.
hktco wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
When I learned my CCNA and CCNP, I read that IGRP is Cisco
proprietary. Recently I was told that IGRP
Hi !!!
I am a little confused regarding Radius vendor-specific attributes
Ex:
Ascend Radius implementation has many vendor-specific attributes that
only work with the radius implementation in Ascend routers, and this
specific attributes don't work with cisco routers
Is this affirmation
Tom Scott wrote:
Having asked about VoMPLS transcoding from analog voice to MPLS
frames without intermediate IP packets, my lab partner noticed
that the CVOICE book (edited by Steve McQuerry etal) discusses
VoFR and VoATM (chapters 8 and 9):
analog+---+
I had the same issue only that I was upgrading form 8mb flash to 16mb. After
about an hour of research on the issue I found that I needed to upgrade the
Bootrom.
I currently have the old which is 10.2(5), I think, and I ordered the
upgrade which is 11.something.
Leonardo Rocha wrote in
Can I use access-list to produce the same effect as prefix-list ? Any
thoughts on which is a better way to use in redistribution over other. I am
just trying to find which one I should stick with.
Thanks
router rip
redistribute ospf 1
network 135.11.0.0
default-metric 5
distribute-list
I believe that it's the same.
--
RFC 1149 Compliant.
JohnZ wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
Can I use access-list to produce the same effect as prefix-list ? Any
thoughts on which is a better way to use in redistribution over other. I
am
just trying to find
I don't think much has changed from the old days. I know there's a ton of
new h.323 features, but those aren't in CVOICE. And most aren't used in
simple networks. The VoFR stuff will probably go away.
SIP's the new thing, but not there yet
--
RFC 1149 Compliant.
Priscilla Oppenheimer
Ok, the solution is very simple one. I know this will work because I
running my
RealPlayer Helix Universal Streaming Server version 9.0.1 on my Linux box
behind
a Pix firewall. The linux box has an RFC 1918 address (192.168.1.100)
sitting on
the DMZ network (192.168.1.254 is IP address of the
Are you sure the gigabit ports aren't just reporting giants as FYI? In other
words, they may be forwarding the frames and just letting you know that they
are giants. From what I understand, the 6509 should forward jumbo frames, if
you configure it as you did, and if you disable channeling and
I don't see the typical lines in your config that you see on most routers:
no service udp-small-servers
no service tcp-small-servers
They could be misssing because they are the default (and not displayed), but
they could be missing because they really aren't configured. Despite being
the
Andrew Larkins wrote:
Hi all,
I have a 2950-24 switch that I have set-up monitoring
(spanning) on. This is
not a problem.
The particular port that is the destination goes into and up
down(monitor) state when the commands are enter. This is
normal I assume.
The local server get the
Evening group,
What I have a TACACS server and the setup we are trying to achieve goes as
follows:
I want the LAN admins to have minimal control on there switches in there
area. We have
accomplished that one the vty ports. Here is the config:
Server
user=test
password=test12
service-shell
set
Thanks Priscilla,
Regards,
R.S.Sundar
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, September 18, 2002 12:42 AM
To: [EMAIL PROTECTED]
Subject: RE: What's the Technical difference between Switch and
[7:53468]
R.S.Sundar wrote:
Hello All,
On Thu, 19 Sep 2002, JohnZ wrote:
Can I use access-list to produce the same effect as prefix-list ? Any
thoughts on which is a better way to use in redistribution over other. I am
just trying to find which one I should stick with.
Thanks
ip prefix-list test seq 5 deny 199.172.4.0/24
ip
Thanks Ian, I appreciate your answer and your help.
Cheers,
JZ
Ian Henderson wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
On Thu, 19 Sep 2002, JohnZ wrote:
Can I use access-list to produce the same effect as prefix-list ? Any
thoughts on which is a better way to use in
Hello,
I am currently looking for either a Cisco 2620 or 2621 for my study. If you
have a 2nd hand one for sale, please email me offline. Sellers within
Australia are preferable.
Thanks so much for your help in advance.
Best Regards,
Hunt Lee
Message Posted at:
Can Anybody please refer to me to some good documents about implementing
security on routers.?
thanks In Advance
regards,
Smart Student
Get Your Private, Free E-mail from Indiatimes at http://email.indiatimes.com
Buy Music, Video, CD-ROM, Audio-Books and Music Accessories from
Hello, have you come up w/ a solution to allow connections into your
network, say to an ftp server from the outside, through a router using the
IOS Firewall Feature Set? I could use some input or any ideas on how to
configure that.
Thanx for any suggestions
Message Posted at:
It's proprietary, but other competing vendors have implemented it anyway,
probably through reverse-engineering.
Steven A. Ridder wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I believe IGRP is still proprietary.
From the IETF page:
http://www.ietf.org/ietf/IPR/igrp
--
I have a server which always has problem mapping to other PC across the WAN
(other branch network). But it works after I ping to overseas PC (as shown
below). Do you know what might be the problem. My other server don't have
this problem and it is still the same after I switch it to another
Prefix lists can permit annoucements in a range of netmasks. For example,
the following prefix-list entry will permit announcements of
192.168.1.0/24, or any prefix within that.
ip prefix-list example seq 5 permit 192.168.1.0/24 le 32
I don't believe there's a way to do that using access-lists.
62 matches
Mail list logo