RE: Cisco Workaround
From: Naman Latif (naman.latif_at_inamed.com)
Date: 07/23/03
- Previous message: ALLEN, DONALD S (AIT): "RE: Some Cisco PIX newbie questions"
- Maybe in reply to: Alvaro Gordon-Escobar: "Cisco Workaround"
- Next in thread: Todd Mitchell - lists: "RE: Cisco Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 23 Jul 2003 09:22:15 -0700 To: "Alvaro Gordon-Escobar" <alvaroge@molecularstaging.com>, <firewalls@securityfocus.com>, <security-basics@securityfocus.com>
No.
DNS uses UDP (or on some cases TCP). Protocol numbers for UDP and TCP
are 17 and 6 respectively. You are denying protocols 53,55,77,103 so DNS
will work as before.
Regards \\ Naman
> -----Original Message-----
> From: Alvaro Gordon-Escobar [mailto:alvaroge@molecularstaging.com]
> Sent: Wednesday, July 23, 2003 7:15 AM
> will this access list modification prevent my internal DNS
> server from updates to it self from my telco's DNS server?
>
> access-list 101 deny 53 any any
> access-list 101 deny 55 any any
> access-list 101 deny 77 any any
> access-list 101 deny 103 any any
> !--- insert any other previously applied ACL entries here
> !--- you must permit other protocols through to allow normal
> !--- traffic -- previously defined permit lists will work
> !--- or you may use the permit ip any any shown here
> access-list 101 permit ip any any
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: ALLEN, DONALD S (AIT): "RE: Some Cisco PIX newbie questions"
- Maybe in reply to: Alvaro Gordon-Escobar: "Cisco Workaround"
- Next in thread: Todd Mitchell - lists: "RE: Cisco Workaround"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
