Re: [Config] 871 & 12.4(15)T3 DebugsON ?

Author	All Replies
mr_dirt join:2006-02-14 Denver, CO	reply to MSN Re: [Config] 871 & 12.4(15)T3 DebugsON ? said by MSN : I'm also using ZBF (Zone-Based firewall). I'm impressed and a bit surprised. So, what are you impressed and surprised at? Performance? Are you running the complete sig list?
mr_dirt join:2006-02-14 Denver, CO	to forum · permalink · · 2008-02-13 17:54:04 ·
MSN join:2004-05-15 Osgoode, ON	I'm running the complete "basic" list per the SDM's recommendations. Since the 871 only has 128 MB RAM, the advanced list will cause memory faults when traffic is high. That said, I've only disabled two signatures. Cisco recently announced a TTL vulnerability in their IOS and two of the signatures matched against this type of DoS attack. I was getting too many false positives (mainly from UPnP and dynamic routing protocol...basically IP multicast) so I turned 'em off. As I said in my 1st post, what impresses me most is that througput doesn't seem to be affected in the least with the IPS engines (13 of them) all turned on. /Eric
MSN join:2004-05-15 Osgoode, ON	to forum · permalink · · 2008-02-13 19:53:24 ·
mr_dirt join:2006-02-14 Denver, CO	Thanks for the details.
mr_dirt join:2006-02-14 Denver, CO	to forum · permalink · · 2008-02-14 01:15:44 ·
MSN join:2004-05-15 Osgoode, ON	You're welcome. Also, I'm running 384 signatures. /Eric
MSN join:2004-05-15 Osgoode, ON	to forum · permalink · · 2008-02-14 09:54:41 ·


Friday, 04-Dec 09:06:48	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF