RE: deny access

["David Gillett" <gillettdavid () fhda edu>]

  Well, as an alternative to "Block one IP AND block everything else",
I think it's preferable....
  He didn't ask how to secure his network, he asked how to block that
one IP.

David Gillett


> -----Original Message-----
> From: James McGee [mailto:james () infosec co im]
> Sent: Tuesday, November 30, 2004 12:56 PM
> To: gillettdavid () fhda edu; 'Carlos Garcia'; 'Agarwal, Ankur';
> security-basics () securityfocus com
> Subject: RE: deny access
>
>
> Errr..
>
> I think you've just told him to block one IP but allow 
> everyone else.....
>
> Not wise in my opinion....
>
>  
>
> -----Original Message-----
> From: David Gillett [mailto:gillettdavid () fhda edu] 
> Sent: 29 November 2004 18:21
> To: 'Carlos Garcia'; 'Agarwal, Ankur'; 
> security-basics () securityfocus com
> Subject: RE: deny access
>
> > access-list 101 deny ip host 216.212.33.185 any
>
> > access-list 101 deny ip 216.212.33.185 255.255.255.255 any
>
>   First of all, these two forms are exactly the same rule; 
> "host x.x.x.x" is
> the same as "x.x.x.x 255.255.255.255" in an access list.
>   Secondly, though, every access list has an implicit "deny 
> ip any any"
> tacked onto the end, so if that line is your whole access 
> list then it will
> block ALL traffic.  You need a second line
>
> access-list 101 permit ip any any
>
> to allow all traffic not blocked by the first line to flow.
>
>   Thirdly, I'm guessing that this hasn't yet blocked any 
> traffic, because
> although you've defined an access list, you haven't yet 
> attached it to a
> port and direction.  You need to add
>
> ip access-group 101 in
>
> to the configuration of your WAN/Internet interface.
>
> David Gillett
>
>
> > -----Original Message-----
> > From: Carlos Garcia [mailto:carlosg () cabonet net mx]
> > Sent: Thursday, November 25, 2004 6:41 PM
> > To: Agarwal, Ankur; security-basics () securityfocus com
> > Subject: Re: deny access
> >
> >
> > ok i just write
> > access-list 101 deny ip host 216.212.33.185 any is this ok?
> > i put too
> > access-list 101 deny ip 216.212.33.185 255.255.255.255 any...
> > and can somebody tell me how to improve this, i run some 
> servers and i 
> > want to protec them mail, web,dns,proxy's where can i find 
> a list so 
> > that it helps me how to configure the router to support QoS 
> i need it 
> > for VoIP service??? thanks for all the help
> >
> > Atte.
> > Carlos A. Garcia G.
> > Cabonet Staff
> > Tel (624) 14 30120
> >
> >
> > ----- Original Message -----
> > From: "Agarwal, Ankur" <Ankur.Agarwal () colt-telecom com>
> > To: "'Carlos Garcia'" <carlosg () cabonet net mx>; 
> > <security-basics () securityfocus com>
> > Sent: Thursday, November 25, 2004 7:17 PM
> > Subject: RE: deny access
> >
> >
> > > HI
> > > Simply create an deny access list to block this IP.
> > >
> > > Access-list 101 deny ip source ip destination ip
> > >
> > >
> > >
> > > Thanks & Regards,
> > >
> > > ___________________________________________________
> > > Ankur Agarwal
> > >
> > >
> > >
> > > One Dial : 8-911-7428
> > > Tel : +91 124 5157000 (Ext. 2272)
> > > *Cell : +91 9810702016
> > >
> > >
> > >
> > > COLT India
> > > ankur.agarwal () colt-telecom com
> > >
> > > ___________________________________________________
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: Carlos Garcia [mailto:carlosg () cabonet net mx]
> > > Sent: 25 November 2004 04:58
> > > To: security-basics () securityfocus com
> > > Subject: deny access
> > >
> > >
> > > newbie question how can i block this ip 216.212.33.185 i
> > have a cisco 7200
> > > this ip is trying to send mail with my server, i did not
> > configure the
> > > router so i dont know how to do this any help?
> > >
> > >
> > > Atte.
> > > Carlos A. Garcia G.
> > > Cabonet Staff
> > > Tel (624) 14 30120
> > **************************************************************
> > ***********************
> > > The message is intended for the named addressee only and 
> may not be 
> > > disclosed to or used by anyone else, nor may it be copied
> > in any way.
> > > The contents of this message and its attachments are
> > confidential and may
> > > also be subject to legal privilege.  If you are not the
> > named addressee
> > > and/or have received this message in error, please advise
> > us by e-mailing
> > > security () colt net and delete the message and any
> > attachments without
> > > retaining any copies.
> > >
> > > Internet communications are not secure and COLT does not accept 
> > > responsibility for this message, its contents nor
> > responsibility for any
> > > viruses.
> > >
> > > No contracts can be created or varied on behalf of COLT 
> > > Telecommunications, its subsidiaries or affiliates ("COLT")
> > and any other
> > > party by email Communications unless expressly agreed in
> > writing with such
> > > other party.
> > >
> > > Please note that incoming emails will be automatically scanned to 
> > > eliminate potential viruses and unsolicited promotional
> > emails. For more
> > > information refer to www.colt.net or contact us on +44(0)20
> > 7390 3900.
> > >