Re: PIX-restricting inbound pkts to specific MAC address of inte
The idea is to verify the possiblity in the following scenario:
1.IDS-Intrusion Detection System - between the outside interface of the pix and the internet router, detecting an attack, then it (IDS) has the capability of sending a RST to both the outside host/hacker's system and to the inside system to which he gained access.
2.If the pix - by default - recognizes the - spoofed RST coming from a non-internet rtr's ethernet's MAC address, then the RST will only go to the outside host/hacker's system and will not reach the inside system to which he gained access!!
I hope my doubt/question is clearer now. Thanks again for reply.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...