On Thu, 20 Sep 2007 11:28 , Christos Ricudis sent: >Den diafwnw sxetika me to modularity tou leitourgikou tou PIX (einai >modular, apla to modularity tou den eksartatai apo ton teliko xrhsth, alla >apo thn cisco). Apla lew oti einai ena custom leitourgiko pou trexei se >generic hardware (ousiastika ena PC). > >Apla to epixeirhma ksekinhse apo edw pera >(http://lists.hellug.gr/pipermail/linux-greek-users/2007-September/070091.html): > > >"FYI oi monoi pragmatika hardware firewalls einai oi PIX kai ASA ths >Cisco. Oi upoloipoi trexoun kapoio OS kai panw tou mia efarmogh pou >kanei to firewall." > >...pragma poy einai la8os kai sta 2 shmeia : > >1) oti to PIX/ASA einai "pragmatika hardware firewall", kai >2) oti "oi ypoloipoi trexoun kapoio OS kai panw tou mia efarmogh pou kanei >to firewall". > >To firewall sta linuxobsdia DEN einai to /sbin/iptables kai to /sbin/pfctl, >ayto einai apla to userland interface. Ston kernel ginetai to filtering se >oles tis periptwseis. Parasur8hka apo to userland interface opws les kai esu. > >OK, as paroume ayto to paradeigma tote, afou se boleyei kalytera. To : > >"diko sou PC + windows pou ta sthneis monos sou + callmanager pou ton >sthneis monos sou" > >einai "non-hardware call manager", enw to > >"whatever OEM PX + preinstalled Solaris/X86 + preinstalled callmanager" > >einai enas "hardware call manager" ? Ligo trabhgmeno men, alla sta windows 8a eprepe na frontizeis gia ta updates tou leitourgikou kai na epilueis ka8e problhma pou 8a antimetwpize o call-manager, enw twra erxetai kati pou douleuei out-of-the-box me eu8unh ths etairias. > >Katalabes ti eipa? > >Oxi. > >E as to ksanapw. > >Control Plane onomazei h cisco to process group pou apotelei to frontend >interface tou IOS - CLI, SNMP, ton HTTP server, kai kapoia alla pragmata. >Apla sou dinoun th dynatothta na kaneis prioritize to traffic pou >apey8ynetai s'ayto to process group, wste na exeis kapoio tropo na kaneis >manage th syskeyh katw apo syn8hkes denial-of-service attack, kai isws kai >na ginontai reserve kapoia CPU/memory resources gi'ayto to process group. >Ayta ta dyo einai sthn ousia QoS features. > >Pou8ena den exw dei na anaferetai oti efarmozetai memory protection se >epipedo leitourgikou gia prostasia tou control plane apo allou eidous >epi8eseis (p.x. buffer overflows), h oti to control plane trexei se >ksexwristo hardware module (poy 8a mporouse). Logika an krasareis to IOS, >exeis xasei KAI to control plane. Exei diko tou xwro mnhmhs pou to desmeuei apo thn kuria gia th dikh tou leitourgia. Mporeis na ri3eis epanw tou konsola, telnet, http klp, to xeirizesai ws virtual interface, tou dineis kapoio bandwidth gia na to kaneis panta manage... Akoma ki an skasei to IOS, mpainei re rommon, opou mporeis na deis apo to control plane to mini-IOS pou trexei tote. Kaneis tis dior8wseis pou 8eleis, an mporeis na dior8wseis kati, kai o 8eos boh8os meta. Dhladh de se swzei apo DoS attack as poume, alla sou dinei th dunatothta na mpeis kai na kleiseis to interface pou dexetai thn kinhsh. Twra to poso to katafernei telika sthn pra3h einai kati pou den 3erw. > > >Den einai 8ema tou ti narkwtika pinoun sthn California, an kai exei >syzhth8ei ektenws to 8ema se palio thread. Einai zhthma aplhs logikhs kai >8ewrias :) Sigoura, koubenta na ginetai na ma8oume kati parapanw, akoma ki an to 8ema einai asxeto me th lista (kai den exoume alla3ei subject :P )