Roland,
iatrogenic. induced inadvertently ...
http://www.merriam-webster.com/dictionary/IATROGENIC
It is not often I have to look up a word on this board. Well played sir.
On Tue, Nov 10, 2009 at 6:31 PM, Dobbins, Roland wrote:
>
> On Nov 11, 2009, at 4:26 AM, Peter Rathlev wrote:
>
> > I've
akes sense as a solution when in reality all one
need do is run a real OS properly hardened.
- Original Message -
From: "Dobbins, Roland"
To: "Cisco-nsp"
Sent: Tuesday, November 10, 2009 3:31 PM
Subject: Re: [c-nsp] What's the value of ASA/FWSM TCP state
On Nov 11, 2009, at 4:26 AM, Peter Rathlev wrote:
> I've read about this, but I fail to see what the point is.
The point is that there shouldn't be firewalls in front of servers in the first
place, given that every packet which comes in is unsolicited and therefore the
stateful inspection is b
Hi,
> -Original Message-
> From: cisco-nsp-boun...@puck.nether.net [mailto:cisco-nsp-
> boun...@puck.nether.net] On Behalf Of Ge Moua
> Sent: Tuesday, November 10, 2009 4:42 PM
> To: Peter Rathlev
> Cc: cisco-nsp
> Subject: Re: [c-nsp] What's the value of
I've always been leery of this feature; I've consider using it in the
past to troubleshoot badly written apps that mucks up tcp 3-way
handshakes/4-way teardowns; I can see this as a quick & dirty mechanism
to bypass the stateful inspection engine without taking the firewall
logically out of the
On Tue, 2009-11-10 at 10:44 -0600, James Slepicka wrote:
> Just keep in mind that traffic through the firewalls usually* needs to
> be symmetric. Be sure to account for that in your design.
>
> *
> https://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/conns_tcpstatebypass.html