From: Fred Ingham (fningham@xxxxxxxxxxxxxxxx)
Date: Mon Dec 03 2001 - 21:59:59 GMT-3
Ki: You should also block the UDP ports 2065 and 2067. A good way to
discover all
the ports used for DLSW (and a good general method) is to have an
access-li with deny ip any any log at the end. This will tell you what
IP protocols and ports are being used. So set up DLSW between peers,
set up the access-li, and the ports will be displayed as they are
denied.
Cheers, Fred.
"Waters, Kivas (UK72)" wrote:
>
> I agree, blocking TCP port 2065 is a good answer and I think will be
> adequate. While we're on the subject, what about blocking TCP port 2067 as
> well. Most documentation I've read seems to concentrate on explaining the
> operation of the DLSw TCP port 2065, but I have read that TCP port 2067 is
> also used, was it for DLSw data transfer? An access list between a DLSw
> peering I think should permit TCP port 2065 and 2067 (assuming the DLSw SAP
> priority feature is not used) to allow DLSw to function properly.
>
> Does anyone confirm or disagree with this?
>
> regards
>
> Ki
>
>
>
> -----Original Message-----
> From: fwells12 [mailto:fwells12@hotmail.com]
> Sent: 03 December 2001 05:52
> To: Hotmail; ccielab@groupstudy.com
> Subject: Re: Blocking DLSW with IP Extended Access-list
>
> Block port 2065. That ought to take care of it.
>
> ----- Original Message -----
> From: "Hotmail" <jthao1@hotmail.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, December 02, 2001 9:25 PM
> Subject: Blocking DLSW with IP Extended Access-list
>
> > Hello Group,
> >
> > How do you block(or permit) DLSW from entering an interface using an
> > Extended IP Access list and the 'IP Access-group in' command on the
> > interface? The idea is to block DLSW while permitting other TCP traffic
> in.
> > I know DLSW uses a TCP connection buy I don't know what the protocol
> number
> > is.
> >
> > I've tried to research this buy I couldn't find the answer. Any help or
> > insight would be appreciated.
> >
> > Joseph
> >
> >
> > ----- Original Message -----
> > From: "Sukhdev" <sukhdev@first-engr.com.sg>
> > To: < >
> > Sent: Sunday, December 02, 2001 10:58 PM
> > Subject: Blocking egress numbers on AS5300 (OT)
> >
> >
> > > Hi Guys,
> > >
> > > Apologies as this question is a little OT. I have an AS5300 that is only
> > > terminating traffic into a particular city. The machine is not connected
> > to a
> > > billing sytem, Gatekeeper or authentication server. In other word, its
> > just
> > > connected raw to the Internet. A remote softswitch from US directs calls
> > to
> > > this gateway. The question I have is how can I block a telephone number
> > from
> > > being called (citywide) from the gateway, if I dont have access to the
> > remote
> > > softswitch nor the remote billing system. Is there an access list or
> > something
> > > equivalent that can be used for blocking telephone numbers on the
> AS5300.
> > >
> > > Appreciate your responses.
> > >
> > >
> > > Regards,
> > >
> > > S Dave
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:32:36 GMT-3