[c-nsp] bcp on edge filtering & udp
dwinkworth at wi.rr.com
dwinkworth at wi.rr.com
Tue Jul 1 14:26:15 EDT 2008
DLSw uses UDP port 0 by default. There is a feature that allows you to disable this.
http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a0080093eca.shtml
---- matthew zeier <mrz at velvet.org> wrote:
> I keep seeing stuff with a udp src or dst port of 0. Anyone else see
> that in the wild?
>
> Michael Smith wrote:
> > Hey Matt:
> >
> >
> >> From: matthew zeier <mrz at velvet.org>
> >> Date: Mon, 30 Jun 2008 13:32:06 -0700
> >> To: "cisco-nsp at puck.nether.net" <cisco-nsp at puck.nether.net>
> >> Subject: [c-nsp] bcp on edge filtering & udp
> >>
> >> Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
> >> if one already exists, otherwise I'll have to build my own :)
> >
> > Here's a good start.
> >
> > access-list 199 deny udp any any eq 135
> > access-list 199 deny udp any any eq 137
> > access-list 199 deny udp any any eq 138
> > access-list 199 deny udp any any eq 139
> > access-list 199 deny udp any any eq 445
> > access-list 199 deny udp any any eq 4899
> > access-list 199 deny udp any any eq 1434
> > access-list 199 deny udp any any eq 194
> > access-list 199 deny udp any any eq 529
> > access-list 199 deny udp any any eq 994
> > access-list 199 deny udp any any eq 69
> > access-list 199 deny udp any any range 6666 6669
> >
> > Regards,
> >
> > Mike
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list