C H A P T E R 15

Attack Guards and Multimedia

Support

The primary function of the Cisco PIX Firewall is to prevent and protect internal hosts from malicious attacks from the outside network. Some hackers try to gain access to the internal network, but others attack network resources to disrupt network services. This chapter describes some of the features of the Cisco PIX Firewall that are used to mitigate known attacks against network resources. This chapter also discusses how the PIX handles multimedia application protocols.

“Do I Know This Already?” Quiz

The purpose of this quiz is to help you determine your current understanding of the topics covered in this chapter. Write down your answers and compare them to the answers in Appendix A. It is strongly recommended that you go through this self-assessment quiz before you read the ”Foundation Topics” section. The concepts in this chapter are the foundation of much of what you need to understand to pass the CSPFA Certification Exam. Unless you do exceptionally well on the ”Do I Know This Already?” pretest and are 100% confident in your knowledge of this area, you should read through the entire chapter.

1What PIX feature mitigates a denial of service (DoS) attack using an incomplete IP datagram?

2What default port does the PIX inspect for H.323 traffic?

3How do you enable the PIX’s Mail Guard feature?

4True or false: Floodguard is enabled by default.

5What is an embryonic connection?

6Which actions are available in the PIX IDS configuration?

7How does DNS Guard on the Cisco PIX Firewall prevent DoS attacks that exploit DNS?

8How does ip verify reverse-path secure the PIX?

9How does the Mail Guard feature prevent SMTP-related attacks?

10True or false: The shunning feature on the Cisco PIX Firewall does not require the aid of the Cisco IDS device.

Multimedia Support on the Cisco PIX Firewall 315

Real-Time Streaming Protocol (RTSP)

RTSP, described in RFC 2326, controls the delivery of real-time data such as audio and video. It is used for large-scale broadcasts and audioor video-on-demand streaming. It supports applications such as Cisco IP/TV, RealNetworks RealAudio G2 Player, and Apple QuickTime 4 software.

RTSP applications use port 554 with TCP (and rarely UDP) as a control channel. The TCP control channel is used to negotiate the two UDP data channels that are used to transmit audio/video traffic. RTSP does not typically deliver continuous data streams over the control channel, usually relying on a UDP-based data transport protocol such as standard Real-Time Transport Protocol (RTP) to open separate channels for data and for RTP Control Protocol (RTCP) messages. RTCP carries status and control information, and RTP carries the actual data.

The fixup protocol command is used for RTSP connections to let the Cisco PIX Firewall do inspection. The fixup protocol rtsp command lets the PIX dynamically create conduits for RTSP UDP channels. For example, the standard RTSP port 554 is enabled by the following command:

fixup protocol rtsp 554

H.323

The H.323 collection of protocols collectively uses up to two TCP connections and four to six UDP connections. Most of the ports, with the exception of one TCP port, are negotiated just for that particular session. Figure 15-1 shows the H.323 protocols in relation to the OSI reference model.