Re: Cisco Workaround

bryan_khoo_at_dynacraft.com
Date: 07/24/03

Next message: The Fueley: "RE: ARP Spoof Question"

Previous message: David Moisan: "Re: building an FAQ for Security-Basics"
Maybe in reply to: Alvaro Gordon-Escobar: "Cisco Workaround"
Next in thread: dave kleiman: "RE: Cisco Workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Alvaro Gordon-Escobar" <alvaroge@molecularstaging.com>
Date: Thu, 24 Jul 2003 08:23:00 +0800

Hi Alvaro,
DNS is using port 53, I think you should consider unblock
this port if you want your DNS to communicate with your ISP DNS.

Rdgs,
Bryan

*** TOWARDS CUSTOMER CENTERED CULTURE ***
** Dynacraft is a QS9000 and ISO14001 certified company **

|---------+------------------------------->
| | "Alvaro |
| | Gordon-Escobar" |
| | <alvaroge@moleculars|
| | taging.com> |
| | |
| | 07/23/2003 10:15 PM |
| | |
|---------+------------------------------->
>---------------------------------------------------------------------------------------------------------------------------------------------|
  | |
  | To: <firewalls@securityfocus.com>, <security-basics@securityfocus.com> |
  | cc: |
  | Subject: Cisco Workaround |
>---------------------------------------------------------------------------------------------------------------------------------------------|

will this access list modification prevent my internal DNS server from
updates to it self from my telco's DNS server?

access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- insert any other previously applied ACL entries here
!--- you must permit other protocols through to allow normal
!--- traffic -- previously defined permit lists will work
!--- or you may use the permit ip any any shown here
access-list 101 permit ip any any

Thanks in advance

~alvaro Escobar

---------------------------------------------------------------------------
----------------------------------------------------------------------------

"Visit Our Website at :- www.dynacraft.com"

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: The Fueley: "RE: ARP Spoof Question"

Previous message: David Moisan: "Re: building an FAQ for Security-Basics"
Maybe in reply to: Alvaro Gordon-Escobar: "Cisco Workaround"
Next in thread: dave kleiman: "RE: Cisco Workaround"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: ipchains help
... you specifically block ONLY tcp connection attempts. ... You cannot block all UDP if you want DNS to ... forward DENY ...
(Security-Basics)
Re: IP Tables DNS issues
... >I'm having problem with my IP tables allowing DNS queries, ... ># Log packets with impossible source addresses ... There is significant discussion of the merits of DROP verses DENY ... (send RESET or ICMP Type 3). ...
(comp.security.firewalls)
Re: Problem with nat and port forwarding with Cisco 877W
... statement then the permit statement is ignored. ... this ip is not on my lan, it is an internet public dns. ... You are allowing it *inbound* from the internet. ... response traffic in replies to requests. ...
(comp.dcom.sys.cisco)
Re: Cant access DNS MMC in AD
... I have denied ALL to ALL groups in the DNS in AD. ... deny settings, but I can't get back in. ... You should remove yourself from any group you have set the Deny permissions ... Domain group that you have not set Deny on, this may mean creating a new ...
(microsoft.public.windows.server.dns)
PPTP client not using VPN DNS servers set...
... the DNS servers that it sets. ... My DNS servers are 10.10.7.1 10.10.7.3. ... deny chap ... The client is windows XP ...
(comp.unix.bsd.openbsd.misc)