Re: PIX shun with IPS

From: Edouard Zorrilla (ezorrilla@tsf.com.pe)
Date: Sun Apr 08 2007 - 18:02:56 ART

• Next message: Hossam Abbas: "VTP Pruning problem"
• Previous message: Muhammad Nasim: "Re: OT: Help in Las Vegas [mx]"
• Maybe in reply to: Edward Norton: "PIX shun with IPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It seems to me to be a ssh version issue.

Regards
----- Original Message -----
From: "Mark Snow" <mark@ipexpert.com>
To: "'Edward Norton'" <doubleccie@yahoo.com>; <ccielab@groupstudy.com>;
<security@groupstudy.com>
Sent: Sunday, April 08, 2007 12:00 PM
Subject: RE: PIX shun with IPS

> Do you get the same results if you try to initiate the shun with a telnet
> session from the IPS?
>
> Can you try that and see what happens?
> Also make sure that the IPS is not able to be blocked (default).
>
>
> Mark Snow
> Senior Technical Instructor - IPexpert, Inc.
> CCIE #14073 (Voice, Security)
> URL: http://www.IPexpert.com
> Toll Free: +1.866.225.8064
> International: +1.810.326.1444
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Edward Norton
> Sent: Sunday, April 08, 2007 10:36 AM
> To: ccielab@groupstudy.com; security@groupstudy.com
> Subject: PIX shun with IPS
>
> Folks ;
> im trying to test how the IDS can shun the PIX , i checked the previous
> posts but did not find an answer
>
> I have 4215 working as IDS , i tested it with blocking to router and it
> worked fine ..however when i try to do the same with PIX , it does not
> seem
> to work .
>
> it looks to me that the IPS sensor is not able to to ssh to the pix , the
> IDS CC interface and the inside of the pix on the same subnet , I am able
> to
> ssh to the pix from software client normally ..and the IDS is able to
> retrieve the RSA key normally .
>
> however when i enabled the debug on the PIX , the TCP session from the cc
> interface gets terminated ..not sure why
>
> I am using IPS v5.1 and pix 7.2 ....any comments will be appreciated
>
>
>
>
> 0x00FFE27A
> %PIX-6-315011: SSH session from 10.1.1.4 on interface inside for user ""
> disconn
> ected by SSH server, reason: "TCP connection closed" (0x03)
> %PIX-6-302014: Teardown TCP connection 155 for inside:10.1.1.4/32873 to NP
> Ident
> ity Ifc:10.1.1.254/22 duration 0:00:04 bytes 263 TCP FINs
>
> SSH0: TCP read failed, error code = 0x86300003 "TCP connection closed"
> SSH0: receive SSH message: [no message ID: variable *data is NULL]
> SSH0: Session disconnected by SSH server - error 0x03 "TCP connection
> closed"
>
>
>
>
> ---------------------------------
> 8:00? 8:25? 8:40? Find a flick in no time
> with theYahoo! Search movie showtime shortcut.
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Hossam Abbas: "VTP Pruning problem"
• Previous message: Muhammad Nasim: "Re: OT: Help in Las Vegas [mx]"
• Maybe in reply to: Edward Norton: "PIX shun with IPS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue May 01 2007 - 08:28:35 ART