your mail

Stephen Sprunk ssprunk at cisco.com
Wed Sep 22 15:38:30 UTC 1999


http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120
t/120t5/iosfw2/iosfw2_2.htm#xtocid1359543

SMTP Messages

CBAC detects and blocks SMTP attacks (illegal SMTP commands) and notifies
you when SMTP attacks occur. Error messages such as the following may
indicate that an SMTP attack has occurred:

%FW-4-SMTP_INVALID_COMMAND: Invalid SMTP command from initiator
(192.168.12.3:52419)


Looks like it does do that after all...

IOS FW also monitors HTTP, CU-SeeMe, FTP, H.323, NetShow, r-commands,
RealAudio, Sun RPC, SQL*Net, StreamWorks, TFTP, VDOLive, and generic TCP/UDP
sessions in addition to SMTP.  It also protects against fragment attacks,
SYN attacks, ACK attacks, and bogus TCP sequence numbers.

Randy: ip inspect name firewall smtp

S


Stephen Sprunk, K5SSS, CCIE#3723
Network Consulting Engineer
Cisco NSA   Dallas, Texas, USA
e-mail:ssprunk at cisco.com
Pager: +1 800 365-4578
Empowering the Internet Generation


----- Original Message -----
From: Alex P. Rudnev
To: Gerry McDonald
Cc: nanog at merit.edu
Sent: Wednesday, September 22, 1999 5:37
Subject: Re: your mail

Get IOS FireWall Feauture set, router with the 2 LAN and 2 WAN
interfaces, and say _get away_ to the hw vendors.

No doubt, it's possible to enter into IOS if you did not installed access
lists on the VTY, keep working some extra services (such as router-based
WWW) or so on; but it do not depend of the firewalls at all... And - if
you don't need session-level firewall (with the analysing of SMTP content
for example) IOS FW feature set is very effective solution.

Aleksei Roudnev, Network Operations Center, Relcom, Moscow
(+7 095) 194-19-95 (Network Operations Center Hot Line),(+7 095) 230-41-41,
N 13729 (pager)
(+7 095) 196-72-12 (Support), (+7 095) 194-33-28 (Fax)





More information about the NANOG mailing list