[c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
William S. Duncanson
caesar at starkreality.com
Fri Apr 4 11:29:09 EDT 2008
RST wouldn't be the right thing to do if you choose to reject anyway; ICMP
Administratively Prohibited would be the correct response.
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of
A.L.M.Buxey at lboro.ac.uk
Sent: Friday, April 04, 2008 9:42
To: Javier Liendo
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] OT: Check Point v Cisco PIX (ASA 5500 Series)
Hi,
> for a firewall, not sending an RST for a denied connection, isn´t it
> the "Right Thing" to do?
ah, the perennial DROP or REJECT question.
alan
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list