From: Netwrkx (netwrkx@myeastern.com)
Date: Thu Feb 05 2004 - 01:07:46 GMT-3
Jason,
2 things to be aware of; you would use "in" interface inside as there is no
out and the ports are in Oracle's dynamic reply pool of ports.
-TV
----- Original Message -----
From: "Jason Aarons" <jaarons@hotmail.com>
To: <ccielab@groupstudy.com>
Sent: Wednesday, February 04, 2004 11:32 AM
Subject: PIX ACL for mydoom?
> I am suprised Cisco.com/security doesn't have a "risk mitigation"
> notice. Ie block outbound smtp except from your SMTP server, close
> outbound TCP ports, etc. Here is something I am trying at a customer
> until they patch/update/scan their computers for mydoom (temp like
> Welchia/Nachia). See anything wrong with the ACL? access-group
> inside_access_out out interface inside
> !
> access-list inside_access_out permit tcp 128.100.1.182 any smtp
> access-list inside_access_out deny tcp any any eq smtp
> access-list inside_access_out deny tcp any any range 3127 3198
> access-list inside_access_out permit ip any any
> !
>
> ------------------------------------------------------------------------
>
> Let the advanced features & services of MSN Internet Software maximize
> your online time.
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:46 GMT-3