-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Secure Access Control System SQL Injection Vulnerability
Advisory ID: cisco-sa-20150211-csacs
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150211-csacs
Revision 1.0
For Public Release 2015 February 11 16:00
Hi
I am configuring storm-control for broadcast and multicast traffic
The service is affected even on the unicast frames
If thats the case, its obviously not expected behavior.
I don't have any issues with storm-control on my ME3400 boxes though.
Maybe this is a semantics thing, but isn't implicit rule of 'allow to
any less secure interface' replaced by an implicit deny once you apply
an inbound access-list to an interface? To some people that might be
considered negating the security level of the interface (since the
security level
Hi,
On Wed, Feb 11, 2015 at 10:45:44AM -0800, Joe Pruett wrote:
If I remember right, Sup2 had 256k FIB, going to half that if you enable
uRPF. So if you set your iBGP-sessions to max-prefix 23 (or
115000),
and then experiment with feeding it more and more routes, you should
be
On Wed, Feb 11, 2015 at 10:45 AM, Joe Pruett j...@spiretech.com wrote:
my reading of max-prefix doesn't make it very useful. either you reset
the session after hitting the max, or you just log a warning and then
continue accepting prefixes. i'll just be very stingy with my export to
begin
On 02/11/2015 09:56 AM, Gert Doering wrote:
Hi,
On Tue, Feb 10, 2015 at 03:42:23PM -0800, Joe Pruett wrote:
with bgp filtering might i be able to install just routes of /20 or
shorter (hoping that is a small enough number of routes). or would bgp
still consume all the routes before it
Hi Matt,
You are correct. Once you apply an ACL (any ACL) to an interface, there
is an implicit deny ip any any at the end of that ACL. So, that will
always take effect when an ACL is applied. It isn't a function of
security levels, but rather the ACL itself.
Security levels do a few things:
Hi,
On Tue, Feb 10, 2015 at 03:42:23PM -0800, Joe Pruett wrote:
with bgp filtering might i be able to install just routes of /20 or
shorter (hoping that is a small enough number of routes). or would bgp
still consume all the routes before it filters and thus run out of ram?
i'd don't think i
On 2/11/2015 7:29 AM, Joshua Riesenweber wrote:
This has a few good
examples:http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html
I might very well be wrong, but I believe the security levels are negated if
an access list is applied to an
Correct.
David.
On 2/11/2015 4:22 AM, Alan Buxey wrote:
Going from 0 to 100 . That's a default block on the ASA platform isn't it?
alan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
First, a couple things to be aware of on the ASA:
1) All inbound traffic (from unprotected -- protected network) is
Denied by default. You must explicitly permit the traffic you want via
an interface ACL.
2) All outbound traffic (from protected network -- unprotected network)
is Permitted by
Thanks David and Matt for clearing that up.
I only mention it because, in the OP's case, he has an ACL applied to the
outside interface. So, it would seem more pertinent than the security levels
(at least in the direction outsideinside).
Cheers,Josh
Date: Wed, 11 Feb 2015 14:00:28 -0500
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Multiple Vulnerabilities in Cisco ASA Software
Advisory ID: cisco-sa-20141008-asa
Revision 2.0
Last Updated 2015 February 11 17:54 UTC (GMT)
For Public Release 2014 October 8 16:00 UTC (GMT)
Summary
===
*** Revision 2.0 Note: Please see
Hi madunix,
On Wed, Feb 11, 2015 at 7:26 PM, madu...@gmail.com madu...@gmail.com
wrote:
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
[...]
Well, what you need to do, is figure out how to block those ports, perhaps
by modifying the 'in'
I have ME3400 with one of the connections is configured as trunk and port-type
nniI applied storm-control on the interface and service was degraded , when I
make the port access everything is fine , is there any restriction on the
trunk/access setup on the port?
Going from 0 to 100 . That's a default block on the ASA platform isn't it?
alan
___
cisco-nsp mailing list cisco-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
I would like to block the following ports: 135,137,138,139,445,593,
tcp/udp on my Firewall
interface GigabitEthernet0/0
nameif outside
security-level 0
ip address 10.16.0.4 255.255.255.0 standby 10.16.0.5
!
interface GigabitEthernet0/1
nameif inside
security-level 100
ip address
I have ME3400 with one of the connections is configured as trunk
and port-type nniI applied storm-control on the interface and
service was degraded
What exact storm-control configuration did you apply (there are many)
and what exactly do you mean when you say the service degraded
(was unicast
Hi I am configuring storm-control for broadcast and multicast trafficThe
service is affected even on the unicast frames
From: luky...@hotmail.com
To: gunner_...@live.com; cisco-nsp@puck.nether.net
Subject: RE: [c-nsp] Storm-Control
Date: Wed, 11 Feb 2015 12:52:51 +0100
I have ME3400 with
Am 11.02.15 um 00:09 schrieb Eric Louie:
Would anyone like to recommend a CCNA certification training course?
Preferably one that you took that helped you with your certification.
Hi Eric,
recently I have taken part in a Video Boot Camp for preparation on a
CCNP exam. It was from Chris
This has a few good
examples:http://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/acl_extended.html
I might very well be wrong, but I believe the security levels are negated if an
access list is applied to an interface.
Cheers,Josh
Date: Wed, 11 Feb 2015 20:43:37
21 matches
Mail list logo