Security Basics mailing list archives
Re: deny access
From: "Carlos Garcia" <carlosg () cabonet net mx>
Date: Fri, 3 Dec 2004 20:54:15 -0700
want to secury my network people best regards thanks for posting Atte. Carlos A. Garcia G. Cabonet Staff Tel (624) 14 30120----- Original Message ----- From: "David Gillett" <gillettdavid () fhda edu> To: "'James McGee'" <james () infosec co im>; "'Carlos Garcia'" <carlosg () cabonet net mx>; "'Agarwal, Ankur'" <Ankur.Agarwal () colt-telecom com>; <security-basics () securityfocus com>
Sent: Tuesday, November 30, 2004 2:19 PM Subject: RE: deny access
Well, as an alternative to "Block one IP AND block everything else", I think it's preferable.... He didn't ask how to secure his network, he asked how to block that one IP. David Gillett-----Original Message----- From: James McGee [mailto:james () infosec co im] Sent: Tuesday, November 30, 2004 12:56 PM To: gillettdavid () fhda edu; 'Carlos Garcia'; 'Agarwal, Ankur'; security-basics () securityfocus com Subject: RE: deny access Errr.. I think you've just told him to block one IP but allow everyone else..... Not wise in my opinion.... -----Original Message----- From: David Gillett [mailto:gillettdavid () fhda edu] Sent: 29 November 2004 18:21 To: 'Carlos Garcia'; 'Agarwal, Ankur'; security-basics () securityfocus com Subject: RE: deny access > access-list 101 deny ip host 216.212.33.185 any > access-list 101 deny ip 216.212.33.185 255.255.255.255 any First of all, these two forms are exactly the same rule; "host x.x.x.x" is the same as "x.x.x.x 255.255.255.255" in an access list. Secondly, though, every access list has an implicit "deny ip any any" tacked onto the end, so if that line is your whole access list then it will block ALL traffic. You need a second line access-list 101 permit ip any any to allow all traffic not blocked by the first line to flow. Thirdly, I'm guessing that this hasn't yet blocked any traffic, because although you've defined an access list, you haven't yet attached it to a port and direction. You need to add ip access-group 101 in to the configuration of your WAN/Internet interface. David Gillett > -----Original Message----- > From: Carlos Garcia [mailto:carlosg () cabonet net mx] > Sent: Thursday, November 25, 2004 6:41 PM > To: Agarwal, Ankur; security-basics () securityfocus com > Subject: Re: deny access > > > ok i just write > access-list 101 deny ip host 216.212.33.185 any is this ok? > i put too > access-list 101 deny ip 216.212.33.185 255.255.255.255 any... > and can somebody tell me how to improve this, i run some servers and i > want to protec them mail, web,dns,proxy's where can i find a list so > that it helps me how to configure the router to support QoS i need it > for VoIP service??? thanks for all the help > > Atte. > Carlos A. Garcia G. > Cabonet Staff > Tel (624) 14 30120 > > > ----- Original Message ----- > From: "Agarwal, Ankur" <Ankur.Agarwal () colt-telecom com> > To: "'Carlos Garcia'" <carlosg () cabonet net mx>; > <security-basics () securityfocus com> > Sent: Thursday, November 25, 2004 7:17 PM > Subject: RE: deny access > > > > HI > > Simply create an deny access list to block this IP. > > > > Access-list 101 deny ip source ip destination ip > > > > > > > > Thanks & Regards, > > > > ___________________________________________________ > > Ankur Agarwal > > > > > > > > One Dial : 8-911-7428 > > Tel : +91 124 5157000 (Ext. 2272) > > *Cell : +91 9810702016 > > > > > > > > COLT India > > ankur.agarwal () colt-telecom com > > > > ___________________________________________________ > > > > > > > > -----Original Message----- > > From: Carlos Garcia [mailto:carlosg () cabonet net mx] > > Sent: 25 November 2004 04:58 > > To: security-basics () securityfocus com > > Subject: deny access > > > > > > newbie question how can i block this ip 216.212.33.185 i > have a cisco 7200 > > this ip is trying to send mail with my server, i did not > configure the > > router so i dont know how to do this any help? > > > > > > Atte. > > Carlos A. Garcia G. > > Cabonet Staff > > Tel (624) 14 30120 > > > > > > > > > ************************************************************** > *********************** > > The message is intended for the named addressee only and may not be > > disclosed to or used by anyone else, nor may it be copied > in any way. > > > > The contents of this message and its attachments are > confidential and may > > also be subject to legal privilege. If you are not the > named addressee > > and/or have received this message in error, please advise > us by e-mailing > > security () colt net and delete the message and any > attachments without > > retaining any copies. > > > > Internet communications are not secure and COLT does not accept > > responsibility for this message, its contents nor > responsibility for any > > viruses. > > > > No contracts can be created or varied on behalf of COLT > > Telecommunications, its subsidiaries or affiliates ("COLT") > and any other > > party by email Communications unless expressly agreed in > writing with such > > other party. > > > > Please note that incoming emails will be automatically scanned to > > eliminate potential viruses and unsolicited promotional > emails. For more > > information refer to www.colt.net or contact us on +44(0)20 > 7390 3900. > > > > >
Current thread:
- Re: deny access richardw (Nov 30)
- Message not available
- Re: deny access SVB (Nov 30)
- Message not available
- <Possible follow-ups>
- RE: deny access Paris E. Stone (Dec 01)
- Re: deny access GuidoZ (Dec 07)
- RE: deny access Tran, Nhon (Dec 02)
- RE: deny access Richard Windmann (Dec 02)
- Re: deny access Carlos Garcia (Dec 06)
- Re: deny access GuidoZ (Dec 13)