[unisog] Are cisco router VLAN ACL's stateful like a PIX?

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Feb 2 06:44:15 GMT 2005


On Wed, 02 Feb 2005 10:48:18 +1300, Russell Fulton said:

> One worm (I can't remember which) used ping to find potential victims
> rather than just sending an and exploit.  We blocked pings from the
> backbone and this confined the worm without disrupting legit (137, 445)
> traffic.  We then removed the filters when the threat subsided.

In this day and age, "legit" reasons for having open ports 137 and 445 are
akin to "legit" reasons to leave your front door unlocked in a high-crime
zone...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20050202/76425af0/attachment-0002.bin


More information about the unisog mailing list