In Figure
, host
172.26.26.45 has been attempting a DNS zone transfer from host 192.168.0.10
using a source port other than the well-known DNS port of TCP 53. The offending
host (172.26.26.45) has made a connection with the victim (192.168.0.10) with
TCP.
The connection in the PIX Security Appliance connection table reads
as follows:
172.26.26.45, 4000 → 10.0.0.11 PROT
TCP
If the shun command is applied as
shown in Figure
, the PIX
Security Appliance deletes the connection from its connection table and
prevents packets from 172.26.26.45 from reaching the inside host.