[c-nsp] Telnet FROM a PIX Appliance?

Tony Varriale tvarriale at comcast.net
Sun Jul 6 22:50:16 EDT 2008


It's fairly well known by people that have been fortunate to been around 
Cisco that long and/or that know a little PIXen history that the OS was 
called Finesse.

It was a custom built OS and AFAIK has had no stage performances in any 
other devices.

But, don't take my word for it.  I'm sure the NTI guys are still around out 
west somewhere.

I think your Windows similiarity stretch is incredible creepy.  I feel like 
I'm getting hoaxed into a pyramid scheme for some reason.

tv
----- Original Message ----- 
From: "Ted Mittelstaedt" <tedm at toybox.placo.com>
To: "Tony Varriale" <tvarriale at comcast.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Sunday, July 06, 2008 1:06 AM
Subject: RE: [c-nsp] Telnet FROM a PIX Appliance?


>
> Yes.  I heard this from the president/owner of Imagestream.
> Considering what that company makes there's no question in
> my mind that the reverse-engineered one of the very early
> version PIXes.  There are vestiges of this even in current
> code - notice for example that access-list subnet masks are
> not IOS-style, they are DOS/Windows style - although I'm
> sure with the number of PIXes that Cisco sold once they
> bought the product, any licensable Windows code was long
> since removed.
>
> Ted
>
>> -----Original Message-----
>> From: Tony Varriale [mailto:tvarriale at comcast.net]
>> Sent: Thursday, July 03, 2008 9:50 PM
>> To: Ted Mittelstaedt
>> Cc: cisco-nsp at puck.nether.net
>> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>>
>>
>> Holy crap.  Did you say Windows?
>>
>> tv
>> ----- Original Message ----- 
>> From: "Ted Mittelstaedt" <tedm at toybox.placo.com>
>> To: "Ziv Leyes" <zivl at gilat.net>; "Joerg Mayer"
>> <jmayer at loplof.de>; "Aaron
>> R" <aaronis at people.net.au>
>> Cc: <cisco-nsp at puck.nether.net>
>> Sent: Thursday, July 03, 2008 10:21 PM
>> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>>
>>
>> >
>> > Rubbish.
>> >
>> > The reason the PIX doesen't allow Telnet is that the original
>> > PIX devices were built on a Windows core, Windows 3.1 as I
>> > believe, with the GUI and most of the command line utilities
>> > stripped away.  Because the PIX was an early out-of-the-hole
>> > firewall, it captured a customer base of customers who needed
>> > a firewall but frankly didn't understand much about what they
>> > needed.  ie: dumb bunnies in cash-rich organizations willing
>> > to buy sub-par technology that was hyped up to rediculous
>> > amounts.  It's an old story in technology.
>> >
>> > This was a very valuable customer base which is why Cisco
>> > purchased the PIX product line.  Cisco had little interest
>> > in the lame firewalling technology of the PIX and has
>> > spent at least a decade of careful work grooming the PIX
>> > customers off PIXes and on to Cisco router platforms.  To
>> > accomplish this they were -extraordinairly- careful to
>> > preserve the PIX interface and limitations over the years.
>> > But as anyone who works with PIXes knows, Cisco has really
>> > not improved the basic technology of the PIX over the years.
>> >
>> > That is why the current Cisco IOS-based firewalls have
>> > a firewalling feature set that knocks a PIX into a cocked
>> > hat.
>> >
>> > It is also why Cisco has finally felt comfortable enough
>> > that they have migrated the PIX customers worth keeping
>> > over to their own product line, to announce that they were
>> > discontinuing the PIX product line.  As they did recently.
>> >
>> > Ted
>> >
>> >> -----Original Message-----
>> >> From: cisco-nsp-bounces at puck.nether.net
>> >> [mailto:cisco-nsp-bounces at puck.nether.net]On Behalf Of Ziv Leyes
>> >> Sent: Monday, June 30, 2008 5:31 AM
>> >> To: Joerg Mayer; Aaron R
>> >> Cc: cisco-nsp at puck.nether.net
>> >> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>> >>
>> >>
>> >> I guess it's more as a "working right" educational purpose, so
>> >> you won't use your firewall as a debugging client.
>> >> In newer versions there's the packet tracker that can help you
>> >> debug connectivity problems.
>> >> Ziv
>> >>
>> >>
>> >> -----Original Message-----
>> >> From: cisco-nsp-bounces at puck.nether.net
>> >> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Joerg Mayer
>> >> Sent: Monday, June 30, 2008 2:21 PM
>> >> To: Aaron R
>> >> Cc: cisco-nsp at puck.nether.net
>> >> Subject: Re: [c-nsp] Telnet FROM a PIX Appliance?
>> >>
>> >> On Mon, Jun 30, 2008 at 06:30:59PM +0800, Aaron R wrote:
>> >> > It is disabled as a security feature. I have also wanted to do
>> >> the same for
>> >> > troubleshooting purposes.
>> >>
>> >> And why exactly is this a security feature? What is the *gain* in
>> >> security?
>> >>
>> >>  Ciao
>> >>   Joerg
>> >> --
>> >> Joerg Mayer
>> <jmayer at loplof.de>
>> >> We are stuck with technology when what we really want is just
>> stuff that
>> >> works. Some say that should read Microsoft instead of technology.
>> >>
>> >> _______________________________________________
>> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> ******************************************************************
>> >> ******************
>> >> This footnote confirms that this email message has been scanned by
>> >> PineApp Mail-SeCure for the presence of malicious code, vandals &
>> >> computer viruses.
>> >> ******************************************************************
>> >> ******************
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> ******************************************************************
>> >> ******************
>> >> This footnote confirms that this email message has been scanned by
>> >> PineApp Mail-SeCure for the presence of malicious code, vandals &
>> >> computer viruses.
>> >> ******************************************************************
>> >> ******************
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
>> >>
>> > _______________________________________________
>> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> > https://puck.nether.net/mailman/listinfo/cisco-nsp
>> > archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> 



More information about the cisco-nsp mailing list