[c-nsp] Telnet FROM a PIX Appliance?

Peder @ NetworkOblivion peder at networkoblivion.com
Fri Jul 4 08:28:17 EDT 2008 

What!?  The original PIX code was < 500k as the first versions from 
Network Translations only had 512k flash moodules in them.  There is no 
way that it was based on Windows, not even 3.1.  I think you are 
thinking of the Centri (or whatever it was called) that was windows 
based that they bought many years ago.  I actually worked at Cisco when 
they bought the PIX and the Centri and then they killed the Centri 
shortly thereafter.  I think the Centri ran on Windows 95, but I am not 
100% sure as that was 10+ years ago.

IMO, the reason that so many people use(d) the PIX is that they just 
work.  You set it up and forget it for two years.  You rarely even need 
to update the software on it as there are so few bugs that are show 
stoppers.  Now, the ASA is a different story.  There is a lot more stuff 
in it and hence a lot more bugs.

Ted Mittelstaedt wrote:
> Rubbish.
> 
> The reason the PIX doesen't allow Telnet is that the original
> PIX devices were built on a Windows core, Windows 3.1 as I
> believe, with the GUI and most of the command line utilities
> stripped away.  Because the PIX was an early out-of-the-hole
> firewall, it captured a customer base of customers who needed
> a firewall but frankly didn't understand much about what they
> needed.  ie: dumb bunnies in cash-rich organizations willing
> to buy sub-par technology that was hyped up to rediculous
> amounts.  It's an old story in technology.
> 
> This was a very valuable customer base which is why Cisco
> purchased the PIX product line.  Cisco had little interest
> in the lame firewalling technology of the PIX and has
> spent at least a decade of careful work grooming the PIX
> customers off PIXes and on to Cisco router platforms.  To
> accomplish this they were -extraordinairly- careful to
> preserve the PIX interface and limitations over the years.
> But as anyone who works with PIXes knows, Cisco has really
> not improved the basic technology of the PIX over the years.
> 
> That is why the current Cisco IOS-based firewalls have
> a firewalling feature set that knocks a PIX into a cocked
> hat.
> 
> It is also why Cisco has finally felt comfortable enough
> that they have migrated the PIX customers worth keeping
> over to their own product line, to announce that they were
> discontinuing the PIX product line.  As they did recently.
> 
> Ted
> 
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Ziv Leyes
>> Sent: Monday, June 30, 2008 5:31 AM
>> To: Joerg Mayer; Aaron R
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>>
>>
>> I guess it's more as a "working right" educational purpose, so 
>> you won't use your firewall as a debugging client.
>> In newer versions there's the packet tracker that can help you 
>> debug connectivity problems.
>> Ziv
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net 
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joerg Mayer
>> Sent: Monday, June 30, 2008 2:21 PM
>> To: Aaron R
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>>
>> On Mon, Jun 30, 2008 at 06:30:59PM +0800, Aaron R wrote:
>>> It is disabled as a security feature. I have also wanted to do 
>> the same for
>>> troubleshooting purposes.
>> And why exactly is this a security feature? What is the *gain* in 
>> security?
>>
>>  Ciao
>>   Joerg
>> --
>> Joerg Mayer                                           <jmayer at loplof.de>
>> We are stuck with technology when what we really want is just stuff that
>> works. Some say that should read Microsoft instead of technology.
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>
>>
>>
>>
>> ******************************************************************
>> ******************
>> This footnote confirms that this email message has been scanned by
>> PineApp Mail-SeCure for the presence of malicious code, vandals & 
>> computer viruses.
>> ******************************************************************
>> ******************
>>
>>
>>
>>
>>
>>
>>  
>>  
>> ******************************************************************
>> ******************
>> This footnote confirms that this email message has been scanned by
>> PineApp Mail-SeCure for the presence of malicious code, vandals & 
>> computer viruses.
>> ******************************************************************
>> ******************
>>
>>
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list