It's almost all web traffic. I think the ACL's are very
straightforward, basically the ones that the security audit
recommended. Is there a good way to monitor the firewall/ips system?
Thanks,
Dan.
On Sun, May 4, 2008 at 12:56 AM, Richard Golodner
[EMAIL PROTECTED] wrote:
Dan should not be a
I've had the same problem a couple of months ago and asked here a question
about it, I'll save you the time searching the archives, nobody could give me a
certain answer about this, but they all pointed to the dram, so I finally
decided to replace the whole bank (they were a fresh purchased
SNMP use udp. So, someone (if know community of course) may spoof IP source
address of SNMP request.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Dale W. Carder
Sent: Sunday, May 04, 2008 3:41 AM
To: Jeff Fitzwater
Cc: cisco-nsp@puck.nether.net
Tassos Chatzithomaoglou wrote:
The debug shows that the snmp packet is received by the SNMP process,
although it's dropped afterwards:
May 3 19:53:45.341: SNMP: Packet received via UDP from x.x.x.x on
FastEthernet0
May 3 19:55:29: %SEC-6-IPACCESSLOGS: list 99 denied x.x.x.x 1 packet
Андрей Сластенов wrote:
SNMP use udp. So, someone (if know community of course) may spoof IP source
address of SNMP request.
Lots of networks can (should) have spoofing be impossible. That attack
would not work on our network for example.
It's a problem for the DFZ though.
rant
It's
Yes and no. The ACL isn't downloaded to the VPN client itself, it is
downloaded to the ASA and enforced at that point. It's pretty simple, and
here are the references.
http://www.cisco.com/en/US/partner/docs/security/asa/asa80/configuration/gui
de/fwaaa.html#wp1043588
And:
On Sun, May 4, 2008 at 12:55 AM, Ziv Leyes [EMAIL PROTECTED] wrote:
I've had the same problem a couple of months ago and asked here a question
about it, I'll save you the time searching the archives, nobody could give
me a certain answer about this, but they all pointed to the dram, so I