Re: [nsp] WinNukes

From: Tom Mullaney (tpm@europa.jovian.net)
Date: Sat Sep 05 1998 - 21:27:29 EDT


We use the following to block incoming winnukes, tftp, imap, bootp, nfs,
xwindows, chargen, echo, etc. We have others in this access list but due
to security concerns we wont post them here (and to save bandwidth)

access-list 111 deny udp any any eq 67
access-list 111 deny udp any any eq 68
access-list 111 deny tcp any any eq 135
access-list 111 deny tcp any any eq 137
access-list 111 deny tcp any any eq 139
access-list 111 deny udp any any eq 135
access-list 111 deny udp any any eq netbios-ns
access-list 111 deny udp any any eq 139
access-list 111 deny udp any any eq tftp
access-list 111 deny tcp any any eq 143
access-list 111 deny tcp any any eq 220
access-list 111 deny tcp any any eq echo
access-list 111 deny udp any any eq echo
access-list 111 deny tcp any any eq discard
access-list 111 deny udp any any eq discard
access-list 111 deny tcp any any eq chargen
access-list 111 deny udp any any eq 19
access-list 111 deny tcp any any eq 2049
access-list 111 deny udp any any eq 2049
access-list 111 deny tcp any any eq 6000
access-list 111 deny tcp any any eq 6001
access-list 111 deny tcp any any eq 6002
access-list 111 deny tcp any any eq 6003
access-list 111 permit ip any any

The we apply:

ip access-group 111 out

to the ethernet port on the router.

--
Tom Mullaney <tpm@jovian.net>                 Jovian Networks, LLC
nic: TM6112                                   Townsend, MA 01469-1182
icq: 17378679                                 (888) 568-4261
aim: tpmullaney                               http://www.jovian.net
--
Unix, networking, administration, consulting, programming, Internet services

On Sat, 5 Sep 1998, RTS wrote:

> Date: Sat, 05 Sep 1998 20:17:28 -0500 > From: RTS <rts@rdr.net> > Reply-To: cisco-nsp@qual.net > To: cisco-nsp@qual.net > Subject: [nsp] WinNukes > > Yea.... we all hate them (WinNukes) > > > In a CISCO Router what is the easiest way to prevent them from hitting the > computers on a network?? > > Randy > rts@rdr.net > > >



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:18 EDT