Cisco PIX uses the ASA (adaptive security algorithm) which is basically a state table keeping track of all levels of the OSI reference model.
It also does sequence number proxying which prevents from MIM attacks. It does have some basic IDS functionality but only from the point inserting a well know "signature" which will detect generic and documented attacks. But it is by no means a fully capable IDS. It also handles complex MM applications such as HS323 and streaming protocols at wire speed, also by using the ASA functionality and by using the "fixup" protocol. Velly Velly nice firewall to work on. ;-) Paul On Wed, 2001-11-14 at 22:34, [EMAIL PROTECTED] wrote: > Anyone out there have some experience using the Cisco PIX firewalls for > Corporate/Production networks? I'd like to try one of these little buggers > out, but I'd like to get some do's and dont's from other admins with Cisco > PIX experiences. As I understand, these things don't just filter packets > based on addresses/ports but actually look at packet content like a proxy or > IDS. Is this true? I've also heard that it will only scan content of the > first packet when a new connection/session begins, and then it uses > keep-state tables to auto-pass the rest of the packets in the session. I > remember the ipf package taking that approach as well and having security > problems with that because you can confuse the state table cache. Any > comments would be helpful. > > Miles Stevenson > QuickHire Network Support Specialist > > > -- Paul Dawson ----------------------------------------------------------------- ITX Security Specialist Tel: 266-7800 (ext 8018) Fax: 266-7932 [EMAIL PROTECTED] ----------------------------------------------------------------- "There is no end. There is no beginning. There is only infinite passion of life." "The information in this email and in any attachments is confidential and intended solely for the attention and use of the named addressee(s). This information may be subject to attorney and client or other privilege. It must not be disclosed to any person without Intekom's permission. Please note that the recipient must scan this e-mail and any attached files for viruses and the like. ITX accepts no liability of whatever nature for any loss, liability, damage or expense resulting directly or indirectly from the access of any files which are attached to this message."
