« OSSEC HIDS | Home | PHP Extensions »
Cisco PIX Shun
By klard | July 2, 2006
I learned something very interesting over the last few days about the PIX. Well actually several important things but one interesting. First it seems you cannot block subnets with shun … the syntax is shun src_ip [dst_ip sport dport [protocol]] ….. which I guess make sense as the shun list does not survive a reboot. But it sure would be nice to shun an entire block for a few days. Anyway on to the interesting thing about shun. If you shun a source IP it does not shun the source IP from interacting with the firewall outside interface. As a test I shunned my own IP and was not able to reach any of the internal or DMZ hosts….however, I was still able to create an ipsec session with the outside interface, ping and get responses from the outside interface etc ……. to me that seems well ….. odd.