[c-nsp] TCP ports 445 @ TCP port 135

michale security at cytanet.com.cy
Fri Jul 23 10:02:47 EDT 2004


Hello all
 
I had a very strange problem that is taking a lot of my time and I could
not figure out what it could be the cause. The situation is like below: 
 
I have adsl users that connects to the INTERNET via cisco7400  routers.
On the C7400 I have ATM links that connect to the BAS (Broadband Access
Servers). On the ATM interface of the C7400 I have an access-list that
denies some ports. Among the ports that we are denying are the tcp 445
and tcp 135. Some customers have routers installed at their premises and
they connect these routers to the adsl router of the provider. The
strange thing is that some of the customers that have routers at their
sides cannot see  local webpages (Web pages that are located on our
network as we are their local ISP) and they cannot get e.mail. The same
customers can see all other web pages and they can browse on the
Internet without any problem.. 
 
 
What is really strange is that if I permit tcp any any 445 and tcp any
any 135 on the access-list that is located in the c7400 the customers
with the routers start working.. But the most strange thing is that I
have to permit first tcp 445 and then 135 and I must put them as the
very first line on the access-list. If I have a line before them, the
problem is their. (as below
 
This scenario works
Access-list 101 permit tcp any any eq 145
Access-list 101 permit tcp any any 135
Other lines follow.................
 
This scenario is not working
Access-list 101 permit tcp any any eq 135
Access-list 101 permit tcp any any eq 445
..other lines follow..
 
This scenario is not working
Access-list 101 deny ip any host x.x.x.x
Access-list 101 permit tcp any any eq 145
Access-list 101 permit tcp any any 135
..Other lines follow.
 
Also I put log-in on the access list but could not get any log from
problematic customers
We need to have ports 445 and 135 blocked due to a lot of attacks on
this ports but I did not understand why I need to open this ports in
order for the certain routers to work. D-LINK and US-robotics have
problem. NetGear works..
 
I used a sniffer to capture the communication  but couldn't find
anything strange. I believe there is somewhere a problem with MTU sizes
but I did not understand the effect of port tcp 445 and TCP 135 on the
MTU..
 
Any help or any suggestion on the above problem will e appreciated
 


More information about the cisco-nsp mailing list