From: Jason Wydra (jasonwydra@yahoo.com)
Date: Wed Apr 16 2003 - 19:37:01 GMT-3
Then it seems to me that this access list allows more than what the scenario calls for.
Danny.Andaluz@triaton-na.com wrote:
I did a search on well known ports and what I got is that this port is reserved. However, I'm not sure if the GT includes 1024 or just 1025-65532. Either way, any application that targets a udp high port will be allowed. According to the line, the source port has to be a high port. There are probably some apps that let you manipulate the source port as well, but usually the source port is a high port.
-----Original Message-----
From: Jason Wydra [mailto:jasonwydra@yahoo.com]
Sent: Wednesday, April 16, 2003 4:18 AM
To: ccielab@groupstudy.com
Subject: What does this line in the access list do?
We only want to allow telnet, bgp, tftp, icmp echo and echo reply. "permit udp any gt 1024 any gt 1024"
permit tcp any any eq telnet
permit tcp any eq telnet any
permit tcp any any eq bgp
permit udp any any eq tftp
permit icmp any any echo
permit icmp any any echo-reply
permit udp any gt 1024 any gt 1024
permit udp any eq tftp any Thanks,Jason Wydra
---------------------------------
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:54 GMT-3