[c-nsp] Telnet FROM a PIX Appliance?

Ted Mittelstaedt tedm at toybox.placo.com
Thu Jul 3 23:21:32 EDT 2008 

Rubbish.

The reason the PIX doesen't allow Telnet is that the original
PIX devices were built on a Windows core, Windows 3.1 as I
believe, with the GUI and most of the command line utilities
stripped away.  Because the PIX was an early out-of-the-hole
firewall, it captured a customer base of customers who needed
a firewall but frankly didn't understand much about what they
needed.  ie: dumb bunnies in cash-rich organizations willing
to buy sub-par technology that was hyped up to rediculous
amounts.  It's an old story in technology.

This was a very valuable customer base which is why Cisco
purchased the PIX product line.  Cisco had little interest
in the lame firewalling technology of the PIX and has
spent at least a decade of careful work grooming the PIX
customers off PIXes and on to Cisco router platforms.  To
accomplish this they were -extraordinairly- careful to
preserve the PIX interface and limitations over the years.
But as anyone who works with PIXes knows, Cisco has really
not improved the basic technology of the PIX over the years.

That is why the current Cisco IOS-based firewalls have
a firewalling feature set that knocks a PIX into a cocked
hat.

It is also why Cisco has finally felt comfortable enough
that they have migrated the PIX customers worth keeping
over to their own product line, to announce that they were
discontinuing the PIX product line.  As they did recently.

Ted

> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Ziv Leyes
> Sent: Monday, June 30, 2008 5:31 AM
> To: Joerg Mayer; Aaron R
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
> 
> 
> I guess it's more as a "working right" educational purpose, so 
> you won't use your firewall as a debugging client.
> In newer versions there's the packet tracker that can help you 
> debug connectivity problems.
> Ziv
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net 
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joerg Mayer
> Sent: Monday, June 30, 2008 2:21 PM
> To: Aaron R
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
> 
> On Mon, Jun 30, 2008 at 06:30:59PM +0800, Aaron R wrote:
> > It is disabled as a security feature. I have also wanted to do 
> the same for
> > troubleshooting purposes.
> 
> And why exactly is this a security feature? What is the *gain* in 
> security?
> 
>  Ciao
>   Joerg
> --
> Joerg Mayer                                           <jmayer at loplof.de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> 
> 
> 
> 
> ******************************************************************
> ******************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & 
> computer viruses.
> ******************************************************************
> ******************
> 
> 
> 
> 
> 
> 
>  
>  
> ******************************************************************
> ******************
> This footnote confirms that this email message has been scanned by
> PineApp Mail-SeCure for the presence of malicious code, vandals & 
> computer viruses.
> ******************************************************************
> ******************
> 
> 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list