[Dshield] Help with Cisco ACL's

Neil G. Lovering nlovering at nle-inc.com
Tue Mar 11 17:01:21 GMT 2003


I do the same thing.  I let the PIX catch things that shouldn't be
there.  Then if I notice some folks probing the outside, I specifically
block them so they can't get to any of the permitted ports.

Neil



-----Original Message-----
From: Mathieu Patenaude [mailto:mathieup at sevillepictures.com] 
Sent: Tuesday, March 11, 2003 10:46 AM
To: 'General DShield Discussion List'
Subject: RE: [Dshield] Help with Cisco ACL's

what about the implicit deny all of the Cisco Pix... I mean that if you
didn't allow the port before, it won't get thru...unless you've put a
access-list allow any any somewhere! One of the reason why I would put
an
explicit deny on a particular port like you did would be to see how many
times it got hit... but again, you can know that by using the syslog

good luck

Mathieu

-----Original Message-----
From: Graham K. Dodd [mailto:g.dodd at falk-ross.de]
Sent: Tuesday, March 11, 2003 9:09 AM
To: DShield
Subject: [Dshield] Help with Cisco ACL's


Hello all,
		please can somebody explain to a Cisco novice how to
block
incoming port
445

I created an extended access list with a "deny tcp any any eq 445"

I applied this ACL to Serial 0 incoming which I thought would block any
incoming tcp going to my port 445 - what it does is stop outgoing
traffic
(nslookup and port 80 that I know of)

thank you,

Graham

~~~~~~~~~~~~~~~~~~~~~
Graham K. Dodd
Director of Operation
Falk & Ross GmbH
Tel. +49(6301)717-0
Fax. +49(6301)717-270

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list