From: Chua, Parry (Parry.Chua@xxxxxxxxxx)
Date: Mon Mar 11 2002 - 06:50:40 GMT-3
It depend on your goal, to use min number of access lists or just one access-li
st with leakage. Your answer should work for one access-list.
Parry Chua
-----Original Message-----
From: Russell Lusignan [mailto:rlusignan@rogers.com]
Sent: Monday, March 11, 2002 3:22 PM
To: ccielab@groupstudy.com
Subject: Solie: Darth Reid Access-list
> Hey guys, I am a little confused on Section VII for the funky
> access-list. The question states:
>
> Write a filter to block data from the following sources:
> 1: Deny FTP, HTTP from 131.24.194.x
> 2: Deny FTP, HTTP from 131.25.194.x
> 3: Deny FTP, HTTP from 135.152.1.1
> 4: Deny FTP, HTTP from 131.24.195.x
> 5: Deny FTP, HTTP from 131.24.193.x
>
> The content was modified with the errata from the Darth Reid solution
> PDF file. My access-list looks like this:
>
> Extended IP access-list darth
> deny tcp 131.24.0.0 4.129.195.255 any range ftp-data ftp
> deny tcp 131.24.0.0 4.129.195.255 any eq 80
> permit tcp any any
>
> What I did was write out all the address in binary and then set the
> wildcard bits based on the bits that changed in each of the addresses,
> needless to say my solution differs from the actual lab answer, but I
> still believe that my access-list will meet the requirements of the
> question.
>
> It looks like even though the errata says to "delete line with IP
> address 227.24.194.x" their solution still takes that address into
> consideration for the wildcard bits, can anyone comment on this?
>
> -Russ
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:00 GMT-3