Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
1
Replies

DNS Loophole fix for PIX 515e

nickmac74
Level 1
Level 1

‎07-29-2008 04:29 AM - edited ‎03-11-2019 06:22 AM

With the current problem with DNS - allowing redirection to phising site - was wondering if the upgrade to V7 would also have a patch for this?

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(1)

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Any ideas - many thanks?

Labels:
0 Helpful
1 Reply 1

w-schultz
Level 1
Level 1

‎07-29-2008 07:02 AM

Depends on what you are thinking a 'fix' is.

Version 7 has the id-randomization feature which you can do on your DNS server anyway. If you have a 1-to-1 static with your DNS server you can utilize random source ports from your DNS server which has no firewall intervention. If you have a recursive DNS server going through a PAT address then there is the problem of source port randomization becoming serialized which version 7 does not seem to help and of which there does not seem to be a workaround for.

I've got a similar question posed as well:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc16a09

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card