RE: deny access

From: James McGee (james_at_infosec.co.im)
Date: 11/30/04

  • Next message: Samuel Petreski: "Win95 detection"
    To: <gillettdavid@fhda.edu>, "'Carlos Garcia'" <carlosg@cabonet.net.mx>, "'Agarwal, Ankur'" <Ankur.Agarwal@colt-telecom.com>, <security-basics@securityfocus.com>
    Date: Tue, 30 Nov 2004 20:56:08 -0000
    
    

    Errr..

    I think you've just told him to block one IP but allow everyone else.....

    Not wise in my opinion....

     

    -----Original Message-----
    From: David Gillett [mailto:gillettdavid@fhda.edu]
    Sent: 29 November 2004 18:21
    To: 'Carlos Garcia'; 'Agarwal, Ankur'; security-basics@securityfocus.com
    Subject: RE: deny access

    > access-list 101 deny ip host 216.212.33.185 any

    > access-list 101 deny ip 216.212.33.185 255.255.255.255 any

      First of all, these two forms are exactly the same rule; "host x.x.x.x" is
    the same as "x.x.x.x 255.255.255.255" in an access list.
      Secondly, though, every access list has an implicit "deny ip any any"
    tacked onto the end, so if that line is your whole access list then it will
    block ALL traffic. You need a second line

    access-list 101 permit ip any any

    to allow all traffic not blocked by the first line to flow.

      Thirdly, I'm guessing that this hasn't yet blocked any traffic, because
    although you've defined an access list, you haven't yet attached it to a
    port and direction. You need to add

    ip access-group 101 in

    to the configuration of your WAN/Internet interface.

    David Gillett

    > -----Original Message-----
    > From: Carlos Garcia [mailto:carlosg@cabonet.net.mx]
    > Sent: Thursday, November 25, 2004 6:41 PM
    > To: Agarwal, Ankur; security-basics@securityfocus.com
    > Subject: Re: deny access
    >
    >
    > ok i just write
    > access-list 101 deny ip host 216.212.33.185 any is this ok?
    > i put too
    > access-list 101 deny ip 216.212.33.185 255.255.255.255 any...
    > and can somebody tell me how to improve this, i run some servers and i
    > want to protec them mail, web,dns,proxy's where can i find a list so
    > that it helps me how to configure the router to support QoS i need it
    > for VoIP service??? thanks for all the help
    >
    > Atte.
    > Carlos A. Garcia G.
    > Cabonet Staff
    > Tel (624) 14 30120
    >
    >
    > ----- Original Message -----
    > From: "Agarwal, Ankur" <Ankur.Agarwal@colt-telecom.com>
    > To: "'Carlos Garcia'" <carlosg@cabonet.net.mx>;
    > <security-basics@securityfocus.com>
    > Sent: Thursday, November 25, 2004 7:17 PM
    > Subject: RE: deny access
    >
    >
    > > HI
    > > Simply create an deny access list to block this IP.
    > >
    > > Access-list 101 deny ip source ip destination ip
    > >
    > >
    > >
    > > Thanks & Regards,
    > >
    > > ___________________________________________________
    > > Ankur Agarwal
    > >
    > >
    > >
    > > One Dial : 8-911-7428
    > > Tel : +91 124 5157000 (Ext. 2272)
    > > *Cell : +91 9810702016
    > >
    > >
    > >
    > > COLT India
    > > ankur.agarwal@colt-telecom.com
    > >
    > > ___________________________________________________
    > >
    > >
    > >
    > > -----Original Message-----
    > > From: Carlos Garcia [mailto:carlosg@cabonet.net.mx]
    > > Sent: 25 November 2004 04:58
    > > To: security-basics@securityfocus.com
    > > Subject: deny access
    > >
    > >
    > > newbie question how can i block this ip 216.212.33.185 i
    > have a cisco 7200
    > > this ip is trying to send mail with my server, i did not
    > configure the
    > > router so i dont know how to do this any help?
    > >
    > >
    > > Atte.
    > > Carlos A. Garcia G.
    > > Cabonet Staff
    > > Tel (624) 14 30120
    > >
    > >
    > >
    > >
    > **************************************************************
    > ***********************
    > > The message is intended for the named addressee only and may not be
    > > disclosed to or used by anyone else, nor may it be copied
    > in any way.
    > >
    > > The contents of this message and its attachments are
    > confidential and may
    > > also be subject to legal privilege. If you are not the
    > named addressee
    > > and/or have received this message in error, please advise
    > us by e-mailing
    > > security@colt.net and delete the message and any
    > attachments without
    > > retaining any copies.
    > >
    > > Internet communications are not secure and COLT does not accept
    > > responsibility for this message, its contents nor
    > responsibility for any
    > > viruses.
    > >
    > > No contracts can be created or varied on behalf of COLT
    > > Telecommunications, its subsidiaries or affiliates ("COLT")
    > and any other
    > > party by email Communications unless expressly agreed in
    > writing with such
    > > other party.
    > >
    > > Please note that incoming emails will be automatically scanned to
    > > eliminate potential viruses and unsolicited promotional
    > emails. For more
    > > information refer to www.colt.net or contact us on +44(0)20
    > 7390 3900.
    > >
    > >
    >


  • Next message: Samuel Petreski: "Win95 detection"