From: Scott Morris (swm@emanon.com)
Date: Mon Nov 10 2003 - 09:57:05 GMT-3
Sort of, kind of, but not necessarily intentionally...
The first one you are denying things with the ACK bit (established) and
permitting all else (including udp, etc.)
In the second one, you are simply permitting the SYN exchange and
denying all else (this denies udp, etc.)
So they are a little different, but either one isn't TCP friendly. :)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peng Zheng
Sent: Sunday, November 09, 2003 11:04 PM
To: Kurt Kruegel; ccielab@groupstudy.com
Subject: Re: What's the difference between these two?
In first one, I DENIED packets with the ack bit set
and permit others. I think it's same as second one.
--- Kurt Kruegel <kurt@cybernex.net> wrote:
> the first one permits packets with the ack bit set ,
> meaning they are part of an already "established"
> tcp session.
>
> the second
> you are allowing packets with syn
> bit set.
> meaning you are allowing all tcp handshakes to be
> started.
>
> ----- Original Message -----
> From: "Peng Zheng" <zpnist@yahoo.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, November 09, 2003 2:21 PM
> Subject: What's the difference between these two?
>
>
> > access-list 100 deny tcp any any established
> > access-list 100 permit tcp any any
> >
> > and
> >
> > access-list 100 permit tcp any any syn
> >
> >
> > Thanks.
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Protect your identity with Yahoo! Mail
> AddressGuard
> > http://antispam.yahoo.com/whatsnewfree
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:10 GMT-3