Re: [nsp] some filter questions

From: Janos Zsako (zsako@banknet.net)
Date: Fri Feb 13 1998 - 02:39:02 EST


> From owner-cisco-nsp@nic.iagnet.net Fri Feb 13 07:59:16 1998
> From: Tatsuya Kawasaki <tatsuya@giganet.net>

Tatsuya,

> I currently use 10.3 and I have a question on ip packet filter.
>
> It thought I knew how tut it fails to filter.
>
> I create access-list 105 as follow
> access-list 105 deny udp any any eq netbios-ns
> access-list 105 deny tcp any any eq 137
> access-list 105 deny tcp any any eq 138
> access-list 105 deny tcp any any eq 139
> access-list 105 permit ip any any
>
> and I put into etherport say 5 as follow
>
> ip access-list 105 in
>
> then I ping with land host 139, it will kill the machine.
> why?

You did not specify to which Ethernet interface the victim and the attacker are
attached. This filter should work only if the attacker is connected to interface
e5 and the would-be-victim to some other interface.

If the would-be-victim is on interface e5, then the access-list should be OUT
(rather then *in*).

If both the victim and the attacker are on the same subnet, this filter
does not help in any way, since the packets would not go through the
router at all.

I hope this helps.

Best regards,
Janos

>
> does it suppose to ?
>
> I thought I filter the packet via accesss-list 105.
>
> what did I do wrong?
>
> thnx in adv.
>
> tatsuya



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT