From: Scott Morris (swm@emanon.com)
Date: Mon Nov 10 2003 - 17:39:12 GMT-3
Ahh... That's a whole different issue then. No problems...
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Peng Zheng
Sent: Monday, November 10, 2003 3:36 PM
To: Scott Morris; 'Volkov Dmitry'
Cc: ccielab@groupstudy.com
Subject: RE: What's the difference between these two?
What if I want to use them in CAR to prevent SYN
attack?
--- Scott Morris <swm@emanon.com> wrote:
> Because they'll be denied by default (implicit
> deny). Just didn't know
> whether that was part of the equation of whether it
> was cared. There
> wasn't a context given to where this ACL was being
> used. :)
>
> Scott
>
> -----Original Message-----
> From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com] On Behalf Of
> Volkov Dmitry
> Sent: Monday, November 10, 2003 2:42 PM
> To: 'Peng Zheng'; swm@emanon.com
> Cc: ccielab@groupstudy.com
> Subject: RE: What's the difference between these
> two?
>
>
> I think they are the same.
> First one denyes every TCP packet but SYN and after
> that allows all TCP
> packets ==> allows only SYN second one allows only
> TCP SYN
>
> I don't have any idea why Scott is talking about
> UDP...
> Scott, WHY UDP ?
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com
> [mailto:nobody@groupstudy.com]On Behalf Of
>
> > Peng Zheng
> > Sent: Monday, November 10, 2003 11:53 AM
> > To: swm@emanon.com; ccielab@groupstudy.com
> > Subject: RE: What's the difference between these
> two?
> >
> >
> > But in first, I use
> > access-list 100 permit tcp any any
> >
> > I think it denied UDP either.
> >
> > --- Scott Morris <swm@emanon.com> wrote:
> > > Sort of, kind of, but not necessarily
> > > intentionally...
> > >
> > > The first one you are denying things with the
> ACK
> > > bit (established) and
> > > permitting all else (including udp, etc.)
> > >
> > > In the second one, you are simply permitting the
> SYN exchange and
> > > denying all else (this denies udp, etc.)
> > >
> > > So they are a little different, but either one
> isn't
> > > TCP friendly. :)
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf Of Peng Zheng
> > > Sent: Sunday, November 09, 2003 11:04 PM
> > > To: Kurt Kruegel; ccielab@groupstudy.com
> > > Subject: Re: What's the difference between these
> > > two?
> > >
> > >
> > > In first one, I DENIED packets with the ack bit
> set
> > > and permit others. I think it's same as second
> one.
> > >
> > > --- Kurt Kruegel <kurt@cybernex.net> wrote:
> > > > the first one permits packets with the ack bit
> set
> > > ,
> > > > meaning they are part of an already
> "established"
> > > > tcp session.
> > > >
> > > > the second
> > > > you are allowing packets with syn
> > > > bit set.
> > > > meaning you are allowing all tcp handshakes to
> be started.
> > > >
> > > > ----- Original Message -----
> > > > From: "Peng Zheng" <zpnist@yahoo.com>
> > > > To: <ccielab@groupstudy.com>
> > > > Sent: Sunday, November 09, 2003 2:21 PM
> > > > Subject: What's the difference between these
> two?
> > > >
> > > >
> > > > > access-list 100 deny tcp any any established
> access-list 100
> > > > > permit tcp any any
> > > > >
> > > > > and
> > > > >
> > > > > access-list 100 permit tcp any any syn
> > > > >
> > > > >
> > > > > Thanks.
> > > > >
> > > > >
> > > > > __________________________________
> > > > > Do you Yahoo!?
> > > > > Protect your identity with Yahoo! Mail
> > > > AddressGuard
> > > > > http://antispam.yahoo.com/whatsnewfree
> > > > >
> > > > >
> > > >
> > >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Dec 12 2003 - 12:29:10 GMT-3