Re: [OSL | CCIE_Security] Section 1.11 MPF

[Tyson Scott]

Kingsley,

 

The problems with "regex "*king.com"" is that you will match viking.com,
stocking.com, ...king.com.  The solution says to match on the specific
domain thus the solution is what is required.

 

inspect is  needed with the police action if you want to hold smtp to the
rules of the protocol without it, it will just be inspected as regular TCP
traffic.  I am assuming it is smtp you are speaking of as I don't remember
the question off the top of my head.

 

Regards,

 

Tyson Scott - CCIE #13513 R&S, Security, and SP

Technical Instructor - IPexpert, Inc.

Mailto:  <mailto:tsc...@ipexpert.com> tsc...@ipexpert.com

Telephone: +1.810.326.1444, ext. 208

Live Assistance, Please visit:  <http://www.ipexpert.com/chat>
www.ipexpert.com/chat

eFax: +1.810.454.0130

 

IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S,
Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service
Provider) Certification Training with locations throughout the United
States, Europe and Australia. Be sure to check out our online communities at
<http://www.ipexpert.com/communities> www.ipexpert.com/communities and our
public website at  <http://www.ipexpert.com> www.ipexpert.com

 

From: ccie_security-boun...@onlinestudylist.com
[mailto:ccie_security-boun...@onlinestudylist.com] On Behalf Of Kingsley
Charles
Sent: Tuesday, January 19, 2010 8:01 AM
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Section 1.11 MPF

 

Hi all

 

The question says that SMTP should be checked for the domain. I have the
following questions:

 

1) Which domain is to be considered, the local domain or sender's domain. If
it is the local domain, then the following solution is correct:

 

policy-map type inspect esmtp mail
 parameters
  mail-relay king.com <http://king.com/>  action drop-connection

 

2)If we need match the domain in sender's address, isn't the following the
correct solution? 

 

 

regex king ".*king.com"

 

policy-map type inspect esmtp mail
 parameters
 match sender-address regex king
  reset

 

 

Solution given in the work book

 

 

regex king "king.com <http://king.com/> "

 

policy-map type inspect esmtp mail
 parameters
 match sender-address regex king
  reset

 

 

 

 

With regards

Kings


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com