[c-nsp] Problem with ADSL and ports tcp 445 & tcp 135

security at cytanet.com.cy security at cytanet.com.cy
Fri Jul 23 10:02:04 EDT 2004 

Hello all

I had a very strange problem that is taking a lot of my time and I could not figure out what it could be the cause. The situation is like below: 

I have adsl users that connects to the INTERNET via cisco7400  routers. On the C7400 I have ATM links that connect to the BAS (Broadband Access Servers). On the ATM interface of the C7400 I have an access-list that denies some ports. Among the ports that we are denying are the tcp 445 and tcp 135. Some customers have routers installed at their premises and they connect these routers to the adsl router of the provider. The strange thing is that some of the customers that have routers at their sides cannot see  local webpages (Web pages that are located on our network as we are their local ISP) and they cannot get e.mail. The same customers can see all other web pages and they can browse on the Internet without any problem.. 


What is really strange is that if I permit tcp any any 445 and tcp any any 135 on the access-list that is located in the c7400 the customers with the routers start working.. But the most strange thing is that I have to permit first tcp 445 and then 135 and I must put them as the very first line on the access-list. If I have a line before them, the problem is their. (as below

This scenario works
Access-list 101 permit tcp any any eq 145
Access-list 101 permit tcp any any 135
Other lines follow.................

This scenario is not working
Access-list 101 permit tcp any any eq 135
Access-list 101 permit tcp any any eq 445
..other lines follow..

This scenario is not working
Access-list 101 deny ip any host x.x.x.x
Access-list 101 permit tcp any any eq 145
Access-list 101 permit tcp any any 135
..Other lines follow.

Also I put log-in on the access list but could not get any log from problematic customers
We need to have ports 445 and 135 blocked due to a lot of attacks on this ports but I did not understand why I need to open this ports in order for the certain routers to work. D-LINK and US-robotics have problem. NetGear works..

I used a sniffer to capture the communication but couldn't find anything strange. I believe there is somewhere a problem with MTU sizes but I did not understand the effect of port tcp 445 and TCP 135 on the MTU. 

Any help or any suggestion on the above problem will e appreciated

More information about the cisco-nsp mailing list