Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
New Member

DNS Loophole fix for PIX 515e

With the current problem with DNS - allowing redirection to phising site - was wondering if the upgrade to V7 would also have a patch for this?

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(1)

Hardware: PIX-515E, 32 MB RAM, CPU Pentium II 433 MHz

Any ideas - many thanks?

1 REPLY
New Member

Re: DNS Loophole fix for PIX 515e

Depends on what you are thinking a 'fix' is.

Version 7 has the id-randomization feature which you can do on your DNS server anyway. If you have a 1-to-1 static with your DNS server you can utilize random source ports from your DNS server which has no firewall intervention. If you have a recursive DNS server going through a PAT address then there is the problem of source port randomization becoming serialized which version 7 does not seem to help and of which there does not seem to be a workaround for.

I've got a similar question posed as well:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&topicID=.ee6e1fa&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc16a09

211
Views
0
Helpful
1
Replies
CreatePlease to create content