The other day i was blogging about Cisco's CBAC feature that can be used a application firewall to monitor application layer protocols. Since it creates only session tables based on outbound traffic and blocking inbound traffic, this feature also blocks port scanning, a common technique used by hackers. If someone tries to port scan using nmap or some other tools, because this feature is blocking inbound connections, the port scans yields nothing useful, thus protecting the servers and shield off most hackers. Below is a basic CBAC configuration example.
access-list 123 deny ip any any
access-list 129 permit tcp any any eq smtp
ip inspect name smtp tcp
ip access-group 123 in
ip access-group 129 out
ip inspect smtp out
Issue the show ip inspect allto see all configuration rules or show ip inspect sessionsto see the current CBAC in action.
And you can read more at the following links:
http://www.ciscopress.com/articles/article.asp?p=26533&seqNum=5&rl=1 (configuration step by step)
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t1/fw3600.htm (sample scenario)
http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_configuration_example09186a008064730a.shtml (simple example)
http://www.ciscopress.com/articles/article.asp?p=26533&rl=1 (CBAC to protect DoS)