Saturday, January 9, 2010

Can firewall or router modify data?

I’ve heard someone saying that firewall corrupted a file sent by FTP and they have to deliver it on tapes… so can firewall or router modify/change data ? Cisco Flexible Packet Matching (FPM) can match every bit of the payload but cannot modify it. So it’s not possible to configure per say a substitute regex. But Firewall or IOS packet inspection feature can drop certain packets not compliant with corresponding RFC.
For example Java filtering has that functionality where you can remove applets from the packet. To see it I would setup the following debug scenario for PIX:
PIX(config) # logging list mylist message 711001
PIX(config) # logging buffered mylist
PIX(config) # logging debug-trace
PIX(config) # debug fixup tcp
PIX(config) # debug pix process
This is from my favorite book Cisco Network Security Troubleshooting Handbook by Mynul Hoda

No comments: