LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-23-2004, 07:01 AM   #1
noorania
LQ Newbie
 
Registered: Sep 2003
Location: Canada
Posts: 19

Rep: Reputation: 0
IPTables vs PIX


Hi.

I'm a student trying to do a project in which I compare the inner workings of IPTables and Cisco PIX. I have access to a couple of PIXs and can run IPTables on a linux box. My problem, however, is that I can't come up with a physical topology to compare the two. Also that I can't seem to find previous work done on this topic and am running out of time fast.

I would appreciate any and all help that I can get including white papers, independant work or advice on how to go about it. I have a week to come up with something substantial in depth.

Thank you,

Arif.
 
Old 11-23-2004, 12:37 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Well, if it's all about inner works, what you should check is performance under the same load with the same configuration (or nearly the same). You don't need a topology, IMHO. You can just test with a number of scans running from a different machine, for example.
 
Old 11-23-2004, 02:12 PM   #3
bignerd
Member
 
Registered: Nov 2004
Distribution: FC1, Gentoo, Mdk 8.1, RH7-8-9, Knoppix, Zuarus rom 3.13
Posts: 98

Rep: Reputation: 15
I think what he's looking for is more details on how each firewall events things. Such as how the state tables are created, whether or not netfilter uses embrionic connections like the Pix, the fact that netfilter currently does not support stateful failover (can't share conntrack data) while the Pix can, protocol fixups, ez-vpn, nat-transversal, etc.

But I could be wrong since attempting this depth of analysis in 1 week is.. well.. less than proactive. Perhaps it's just a light overview.

I certainly hope the professor this report is going to is not very demanding.

-b
 
Old 11-23-2004, 03:49 PM   #4
noorania
LQ Newbie
 
Registered: Sep 2003
Location: Canada
Posts: 19

Original Poster
Rep: Reputation: 0
IPTabes vs PIX

Thanks Mara and bignerd.

bignerd you got it right. I'm not familiar with either of the two firewalls but what you suggested is exactly what I would like to do. Since time is limited an overview would be good alternative.

So can you suggest how I go about it? Where can I attain such information?

Thank you for your assistance.
 
Old 11-24-2004, 01:54 PM   #5
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Are you comparing features, or traffic processing flow? In iptables of course, the traffic goes through a set number of "tables", plus whatever the user defines. In PIX it's different, basically examining directional traffic on each interface, and also (optionally), AAA information, and NAT.
 
Old 11-24-2004, 02:25 PM   #6
noorania
LQ Newbie
 
Registered: Sep 2003
Location: Canada
Posts: 19

Original Poster
Rep: Reputation: 0
Thank you for replying.

I am comparing features as well as the differences & similarites of the two firewalls. I would like to get into packet level depth and use a sniffing application such as ethereal to realize the inner workings. Now I am by no means a programmer, nor do I have the source code for PIX. So you see my dilemma.

I guess my main question would be how to go about analyzing either one of them in detail. I have access to PIX, and also cisco routers and switches.
 
Old 11-24-2004, 04:58 PM   #7
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
You can't really tell how a firewall operates by using a packet sniffer, at least, not by way of a comparison. Packet sniffers only see what's "on the wire", but all the interesting thing a firewall does happen in kernel space.
 
Old 11-24-2004, 05:31 PM   #8
noorania
LQ Newbie
 
Registered: Sep 2003
Location: Canada
Posts: 19

Original Poster
Rep: Reputation: 0
that's so true. i think i might be losing my mine over this. But at least we're moving in the right direction.

I can't use a packet sniffer. I need to see what's happening in the kernel space. How does one go about doing that?
 
Old 11-26-2004, 07:58 PM   #9
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Hahaha, you can't be serious! PixOS is closed source and the only userland utilities are built-in commands. You can't install debuggers or arbitrary programs on a PIX device. You're not going to be able to observe what it's doing. The best you can do is find documentation on Cisco Secure PIX and if you're really lucky, you might run into an architecture description, although I doubt such a thing has been released to the public.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Cisco PIX and fwlogwatch zuessh Linux - Security 1 10-19-2005 05:16 PM
Mrtg+Cisco PIX pudhiyavan Linux - Networking 4 04-11-2005 02:58 AM
DNS not installing GW behind PIX yesmat Red Hat 0 09-13-2004 05:47 AM
?? Private Pix ?? g452 Linux - Software 0 05-15-2004 06:53 AM
Networking/ pix firewall issue. chuck77 Linux - Networking 1 05-21-2003 02:50 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:17 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration