Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Cisco Workaround

From: DOUGLAS GULLETT <dougg03 () comcast net>
Date: Wed, 23 Jul 2003 15:16:28 -0400
I don't think you have to put all the access-list in.  I believe that 
the hack requires a certain combination of packets to the four ports, 
so leaving one or two of them open should still prevent the hack.  That 
might be a good question for Cisco TAC...they should be willing to help 
even if you "misplaced" your SmartNet contract information.  ;-)

Doug



----- Original Message -----
From: Alvaro Gordon-Escobar <alvaroge () molecularstaging com>
Date: Wednesday, July 23, 2003 10:15 am
Subject: Cisco Workaround


will this access list modification prevent my internal DNS server 
from updates to it self from my telco's DNS server?

access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- insert any other previously applied ACL entries here
!--- you must permit other protocols through to allow normal
!--- traffic -- previously defined permit lists will work
!--- or you may use the permit ip any any shown here
access-list 101 permit ip any any

Thanks in advance

~alvaro Escobar

-------------------------------------------------------------------
--------
-------------------------------------------------------------------
---------





---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: