> Our PIX does not indicate source or destination ports > perhaps because the "IP spoof" criteria was already > triggered in its logic chain, denying the packet and > making a syslog entry. It's been my experience that the PIX will not provide port information if the packet is blocked by an ACL. However, it *will* provide port information if the packet is blocked because there is no "conduit" allowing the traffic. I'm not sure if the spoof detection mechanism supercedes this. Hope this helps. -Blake -------------------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Jul 06 2001 - 08:09:27 PDT