[Dshield] Help with Cisco ACL's

Mathieu Patenaude mathieup at sevillepictures.com
Tue Mar 11 19:23:04 GMT 2003


pix or not, a good firewall should not allow anything to get thru by
default...that said...there is no point to block something that is already
blocked

Why don't you get a port scanner just to make sure!
The best is Nmap for Linux...if you do not have linux.......well
eeeeeee...get it!...no seriously, there is a port for Win32, but I've had
bad experience with it.

Get GFI Languard from KaZaa or edonkey2000 (don't tell anyone I told you
that......DhOOO!)


a free one...hummm...try
http://www.webattack.com/freeware/network/fwscanner.shtml
never tried it, but looks good!

make a search at google for "free port scanner" or something
or check at download.com

hope it helps

Mathieu



-----Original Message-----
From: Graham K. Dodd [mailto:g.dodd at falk-ross.de]
Sent: 11 mars, 2003 13:15
To: General DShield Discussion List
Subject: AW: [Dshield] Help with Cisco ACL's


We don't have a PIX, but the firewall is doing the catching and now I want
to block this specific port.

If I say deny tcp any any eq 445 then what happens to incoming packets that
are not port 445, do they pass or are they also dropped.

Graham

> -----Ursprungliche Nachricht-----
> Von: list-bounces at dshield.org [mailto:list-bounces at dshield.org]Im
> Auftrag von Neil G. Lovering
> Gesendet: Dienstag, 11. Marz 2003 18:01
> An: General DShield Discussion List
> Betreff: RE: [Dshield] Help with Cisco ACL's
>
>
> I do the same thing.  I let the PIX catch things that shouldn't be
> there.  Then if I notice some folks probing the outside, I specifically
> block them so they can't get to any of the permitted ports.
>
> Neil
>
>
>
> -----Original Message-----
> From: Mathieu Patenaude [mailto:mathieup at sevillepictures.com]
> Sent: Tuesday, March 11, 2003 10:46 AM
> To: 'General DShield Discussion List'
> Subject: RE: [Dshield] Help with Cisco ACL's
>
> what about the implicit deny all of the Cisco Pix... I mean that if you
> didn't allow the port before, it won't get thru...unless you've put a
> access-list allow any any somewhere! One of the reason why I would put
> an
> explicit deny on a particular port like you did would be to see how many
> times it got hit... but again, you can know that by using the syslog
>
> good luck
>
> Mathieu
>
> -----Original Message-----
> From: Graham K. Dodd [mailto:g.dodd at falk-ross.de]
> Sent: Tuesday, March 11, 2003 9:09 AM
> To: DShield
> Subject: [Dshield] Help with Cisco ACL's
>
>
> Hello all,
> 		please can somebody explain to a Cisco novice how to
> block
> incoming port
> 445
>
> I created an extended access list with a "deny tcp any any eq 445"
>
> I applied this ACL to Serial 0 incoming which I thought would block any
> incoming tcp going to my port 445 - what it does is stop outgoing
> traffic
> (nslookup and port 80 that I know of)
>
> thank you,
>
> Graham
>
> ~~~~~~~~~~~~~~~~~~~~~
> Graham K. Dodd
> Director of Operation
> Falk & Ross GmbH
> Tel. +49(6301)717-0
> Fax. +49(6301)717-270
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> list mailing list
> list at dshield.org
> To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list