DNSGuard prevents DoS and UDP session hijacking by closing the UDP port after the first received DNS response.
The SYN Floodguard protects hosts from TCP SYN attacks, which are half- open connections (called embryonic connections) from hackers.The embryonic limit is a parameter in the nat and static commands.
Embryonic connections are half-open, three-way handshake connections that could be left open intentionally by a hacker. If the embryonic limit is reached, TCP intercept on the PIX handles any new handshakes until they are proven to be valid requests . This feature was introduced in version 5.2.
The fixup protocol smtp command inspects SMTP traffic and allows only the following seven commands: DATA , HELO , MAIL , NOOP , QUIT , RCPT , and RSET .
The shun command is used for IDS blocking of inbound source traffic.
The PIX firewall contains a subset of the signatures of a full Cisco IDS system.
By default, all IDS audit signatures are enabled. If you want to disable them, use the ip audit signature <number> disable command.
The ip audit interface <if_name> < name > command applies an audit policy to an interface.
False positives are alarms triggered by legitimate traffic that matches a pattern of a monitored signature.
The embryonic parameter is used by the nat and static commands.