Re: What's the difference between these two?

From: Peng Zheng (zpnist@yahoo.com)
Date: Mon Nov 10 2003 - 01:04:08 GMT-3

• Next message: Marco P. Rodrigues: "REGEX matches on prefixes?"
• Previous message: Chen Kwong Wai William: "Distribute-list apply to OSPF."
• Maybe in reply to: Peng Zheng: "What's the difference between these two?"
• Next in thread: Scott Morris: "RE: What's the difference between these two?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

In first one, I DENIED packets with the ack bit set
and permit others. I think it's same as second one.

--- Kurt Kruegel <kurt@cybernex.net> wrote:
> the first one permits packets with the ack bit set ,
> meaning they are part of an already "established"
> tcp session.
>
> the second
> you are allowing packets with syn
> bit set.
> meaning you are allowing all tcp handshakes to be
> started.
>
> ----- Original Message -----
> From: "Peng Zheng" <zpnist@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, November 09, 2003 2:21 PM
> Subject: What's the difference between these two?
>
>
> > access-list 100 deny tcp any any established
> > access-list 100 permit tcp any any
> >
> > and
> >
> > access-list 100 permit tcp any any syn
> >
> >
> > Thanks.
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Protect your identity with Yahoo! Mail
> AddressGuard
> > http://antispam.yahoo.com/whatsnewfree
> >
> >
>

• Next message: Marco P. Rodrigues: "REGEX matches on prefixes?"
• Previous message: Chen Kwong Wai William: "Distribute-list apply to OSPF."
• Maybe in reply to: Peng Zheng: "What's the difference between these two?"
• Next in thread: Scott Morris: "RE: What's the difference between these two?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:09 GMT-3