Thanks, Kings.
From: Kingsley Charles [mailto:[email protected]] Sent: 19 June 2012 08:41 AM To: Johan Bornman Cc: Anthony Sequeira; [email protected]; CCIE Security Subject: Re: [OSL | CCIE_Security] Protecting Against Fragmentation Attacks Use the following logic with CBAC ip inspect name fw fragment maximum - for outbound ip virtual-reassembly - for inbound With regards Kings On Tue, Jun 19, 2012 at 9:10 AM, Johan Bornman <[email protected]> wrote: Anthony, Thanks for your daily bit on the challenge. I am following it as I will also do my lab around the same time. I am under the impression that virtual-reassembly always has to be applied to the "outside" int when CBAC and ZBF is used. Is this correct? I am busy with a VII IPEXPERT lab where this was not done. Thanks Johan From: [email protected] [mailto:[email protected]] On Behalf Of Anthony Sequeira Sent: 18 June 2012 03:33 PM To: [email protected] Cc: CCIE Security Subject: Re: [OSL | CCIE_Security] Protecting Against Fragmentation Attacks I did not test standalone and saw no documentation that led me to believe it would work standalone. From: Alexei Monastyrnyi [mailto:[email protected]] Sent: Monday, June 18, 2012 7:55 AM To: Anthony Sequeira Cc: CCIE Security Subject: Re: [OSL | CCIE_Security] Protecting Against Fragmentation Attacks Hi Anthony. Mentioning ip virtual-reassembly as a part of CBAC/ZBF, did you actually test this as a standalone feature or did you always use it as a part of your CBAC/ZBF configuration? Cheers A. On 6/18/2012 12:22 PM, Anthony Sequeira wrote: Here is a post I did today on this topic. http://blog.ipexpert.com/2012/06/17/ccie-security-challenge- <http://blog.ipexpert.com/2012/06/17/ccie-security-challenge-%E2%80%93-day-2 2-of-120-%E2%80%93-fragment-attacks/> --day-22-of-120---fragment-attacks/ See anything I am missing? Thanks in advance! _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
