Re: Cisco Workaround

From: DOUGLAS GULLETT (dougg03_at_comcast.net)
Date: 07/23/03

  • Next message: Luis Enrique Londono: "Re: Cisco Workaround"
    Date: Wed, 23 Jul 2003 15:16:28 -0400
    To: Alvaro Gordon-Escobar <alvaroge@molecularstaging.com>
    
    

    I don't think you have to put all the access-list in. I believe that
    the hack requires a certain combination of packets to the four ports,
    so leaving one or two of them open should still prevent the hack. That
    might be a good question for Cisco TAC...they should be willing to help
    even if you "misplaced" your SmartNet contract information. ;-)

    Doug

    ----- Original Message -----
    From: Alvaro Gordon-Escobar <alvaroge@molecularstaging.com>
    Date: Wednesday, July 23, 2003 10:15 am
    Subject: Cisco Workaround

    > will this access list modification prevent my internal DNS server
    > from updates to it self from my telco's DNS server?
    >
    > access-list 101 deny 53 any any
    > access-list 101 deny 55 any any
    > access-list 101 deny 77 any any
    > access-list 101 deny 103 any any
    > !--- insert any other previously applied ACL entries here
    > !--- you must permit other protocols through to allow normal
    > !--- traffic -- previously defined permit lists will work
    > !--- or you may use the permit ip any any shown here
    > access-list 101 permit ip any any
    >
    > Thanks in advance
    >
    > ~alvaro Escobar
    >
    > -------------------------------------------------------------------
    > --------
    > -------------------------------------------------------------------
    > ---------
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Luis Enrique Londono: "Re: Cisco Workaround"