Security Basics mailing list archives
Re: Cisco PIX fixup protocol command
From: "Ivan Coric" <ivan.coric () workcoverqld com au>
Date: Thu, 12 Feb 2004 09:46:24 +1000
Hi Rohit,
From the Cisco website:
--------------------------------------------------------------------------------------------------------------------------------------------------------------- The fixup protocol commands let you view, change, enable, or disable the use of a service or protocol through the PIX Firewall. The ports you specify are those that the PIX Firewall listens at for each respective service. You can change the port value for each service except rsh and sip. The fixup protocol commands are always present in the configuration and are enabled by default. The fixup protocol command performs the Adaptive Security Algorithm based on different port numbers other than the defaults. This command is global and changes things for both inbound and outbound connections, and cannot be restricted to any static command statements. The clear fixup command removes fixup commands from the configuration that you added. It does not remove the default fixup protocol commands. The show fixup command lists all values or the show fixup protocolprotocol command lists an individual protocol. You can disable the fixup of a protocol by removing all fixups of the protocol from the configuration using the no fixup command. After you remove all fixups for a protocol, the no fixup form of the command or the default port is stored in the configuration. http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_command_reference_chapter09186a008008d079.html#1029408 --------------------------------------------------------------------------------------------------------------------------------------------------------------- no fixup Disables the fixup of a protocol by removing all fixups of the protocol from the configuration using the no fixup command. After removing all fixups for a protocol, the no fixup form of the command or the default port is stored in the configuration. --------------------------------------------------------------------------------------------------------------------------------------------------------------- Secure Firewall using Cisco PIX Version http://www.securityfocus.com/guest/6811 Old, but a good decription Cisco Secure PIX Firewall SMTP Filtering Vulnerability http://www.securiteam.com/securitynews/5NP0O205FI.html Cheers Ivan Ivan Coric, CISSP IT Technical Security Officer Information Technology WorkCover Queensland Ph: (07) 30066414 Fax: (07) 30066424 Email: ivan.coric () workcoverqld com au
"S.Rohit" <s.rohit () usa net> 02/11/04 08:52pm >>>
hi everyone.... might sound like a very stupid question to ask, but i am looking for info on wat is the use of fixup protocol commands on the Cisco PIX device. wat is the exact usage and significance of this commands? and wat are the security implications of this command? i know that some fixup's like say fixup protocol smtp are good cos of the way they restrict the SMTP command set but how about the general syntax [no] fixup protocol [service] [port]? what is this used for and wat are the security implications for this? i am asking this because i'm seeing a recommendation in some PIX hardening guide to disable fixups or they flag fixups as a security issue? y is tat? rohit --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ---------------------------------------------------------------------------- *************************************************************************** Messages included in this e-mail and any of its attachments are those of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used for the intended purpose only and are to be kept confidential at all times. This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this information should be deleted promptly and the sender notified. This e-mail has been scanned by Sophos for known viruses. However, no warranty nor liability is implied in this respect. ********************************************************************** --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Re: Cisco PIX fixup protocol command, (continued)
- Re: Cisco PIX fixup protocol command Jamie Pratt (Feb 12)
- Re: Cisco PIX fixup protocol command Brian Ford (Feb 12)
- RE: Cisco PIX fixup protocol command Joey Peloquin (Feb 13)
- Re: Cisco PIX fixup protocol command kawaii ryuko (Feb 12)
- Re: Cisco PIX fixup protocol command erisk (Feb 13)
- RE: Cisco PIX fixup protocol command Chris Curtiss (Feb 12)
- Re: Cisco PIX fixup protocol command James Turnbull (Feb 13)
- RE: Cisco PIX fixup protocol command d'Ambly, Jeff (Feb 12)
- RE: Cisco PIX fixup protocol command Stefan Greve (Feb 12)
- RE: Cisco PIX fixup protocol command Rosenhan, David (Feb 12)
- Re: Cisco PIX fixup protocol command Ivan Coric (Feb 13)
- Re: Cisco PIX fixup protocol command erisk (Feb 13)
- RE: Cisco PIX fixup protocol command Christopher Black (Feb 13)
- Re: Cisco PIX fixup protocol command Jamie Pratt (Feb 12)