RE: What's the difference between these two?

From: Scott Morris (swm@emanon.com)
Date: Mon Nov 10 2003 - 16:49:17 GMT-3

• Next message: Casey, Paul (6822): "peer neighbor route.,"
• Previous message: Enrico Asproni: "Re: ACL and debug ip packet questions"
• Maybe in reply to: Peng Zheng: "What's the difference between these two?"
• Next in thread: Peng Zheng: "RE: What's the difference between these two?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Because they'll be denied by default (implicit deny). Just didn't know
whether that was part of the equation of whether it was cared. There
wasn't a context given to where this ACL was being used. :)

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Volkov Dmitry
Sent: Monday, November 10, 2003 2:42 PM
To: 'Peng Zheng'; swm@emanon.com
Cc: ccielab@groupstudy.com
Subject: RE: What's the difference between these two?

I think they are the same.
First one denyes every TCP packet but SYN and after that allows all TCP
packets ==> allows only SYN second one allows only TCP SYN

I don't have any idea why Scott is talking about UDP...
Scott, WHY UDP ?

> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of

> Peng Zheng
> Sent: Monday, November 10, 2003 11:53 AM
> To: swm@emanon.com; ccielab@groupstudy.com
> Subject: RE: What's the difference between these two?
>
>
> But in first, I use
> access-list 100 permit tcp any any
>
> I think it denied UDP either.
>
> --- Scott Morris <swm@emanon.com> wrote:
> > Sort of, kind of, but not necessarily
> > intentionally...
> >
> > The first one you are denying things with the ACK
> > bit (established) and
> > permitting all else (including udp, etc.)
> >
> > In the second one, you are simply permitting the SYN exchange and
> > denying all else (this denies udp, etc.)
> >
> > So they are a little different, but either one isn't
> > TCP friendly. :)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com
> > [mailto:nobody@groupstudy.com] On Behalf Of
> > Peng Zheng
> > Sent: Sunday, November 09, 2003 11:04 PM
> > To: Kurt Kruegel; ccielab@groupstudy.com
> > Subject: Re: What's the difference between these
> > two?
> >
> >
> > In first one, I DENIED packets with the ack bit set
> > and permit others. I think it's same as second one.
> >
> > --- Kurt Kruegel <kurt@cybernex.net> wrote:
> > > the first one permits packets with the ack bit set
> > ,
> > > meaning they are part of an already "established"
> > > tcp session.
> > >
> > > the second
> > > you are allowing packets with syn
> > > bit set.
> > > meaning you are allowing all tcp handshakes to be started.
> > >
> > > ----- Original Message -----
> > > From: "Peng Zheng" <zpnist@yahoo.com>
> > > To: <ccielab@groupstudy.com>
> > > Sent: Sunday, November 09, 2003 2:21 PM
> > > Subject: What's the difference between these two?
> > >
> > >
> > > > access-list 100 deny tcp any any established access-list 100
> > > > permit tcp any any
> > > >
> > > > and
> > > >
> > > > access-list 100 permit tcp any any syn
> > > >
> > > >
> > > > Thanks.
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > Protect your identity with Yahoo! Mail
> > > AddressGuard
> > > > http://antispam.yahoo.com/whatsnewfree
> > > >
> > > >
> > >
> >
> ______________________________________________________________
> _________
> > > > Please help support GroupStudy by purchasing
> > your
> > > study materials from:
> > > > http://shop.groupstudy.com
> > > >
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> >
> ______________________________________________________________
> _________
> > > Please help support GroupStudy by purchasing your
> > > study materials from:
> > > http://shop.groupstudy.com
> > >
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > __________________________________
> > Do you Yahoo!?
> > Protect your identity with Yahoo! Mail AddressGuard
> > http://antispam.yahoo.com/whatsnewfree
> >
> >
> ______________________________________________________________
> _________
> > Please help support GroupStudy by purchasing your
> > study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
> __________________________________
> Do you Yahoo!?
> Protect your identity with Yahoo! Mail AddressGuard
> http://antispam.yahoo.com/whatsnewfree
>
> ______________________________________________________________
> _________
> Please help support GroupStudy by purchasing your study materials
> from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Casey, Paul (6822): "peer neighbor route.,"
• Previous message: Enrico Asproni: "Re: ACL and debug ip packet questions"
• Maybe in reply to: Peng Zheng: "What's the difference between these two?"
• Next in thread: Peng Zheng: "RE: What's the difference between these two?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:10 GMT-3