[unisog] Are cisco router VLAN ACL's stateful like a PIX?

Russell Fulton r.fulton at auckland.ac.nz
Tue Feb 1 21:59:05 GMT 2005


On Wed, 2005-02-02 at 10:48 +1300, Russell Fulton wrote:

> So, yes, blocking pings can stop worms spreading, but only if the  worms
> are very simple minded.

And just in case I have not made my self quite clear: I do *not* think
that blocking ICMP is a good idea in general but may be a appropriate
short term response in a crisis.  The key here is short term.

This is a case of the treatment being worse that the problem you are
trying to cure.

Russell
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 2201 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050202/e2881027/smime-0002.bin


More information about the unisog mailing list