[c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)

nick.nauwelaerts at thomson.com nick.nauwelaerts at thomson.com
Fri Apr 4 11:18:05 EDT 2008


> -----Original Message-----
> From: robbie.jacka at regions.com [mailto:robbie.jacka at regions.com] 
> Sent: Friday, April 04, 2008 17:04
> To: Nauwelaerts, Nick (TCM)
> Cc: cisco-nsp at puck.nether.net; cisco-nsp-bounces at puck.nether.net
> Subject: Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
> 
> I'd tend to think that it's less about portscans and more 
> about preventing
> someone using you to perform a bounced RST flood. Just my 0x2.

That's a good argument, but you can use your regular rate limiters
(which are in place for icmp for example) and anomaly detection for
that. Or whatever antispoofing you might have in place.

// nick


More information about the cisco-nsp mailing list