From: David Hiers (David_Hiers@adp.com)
Date: Tue Apr 27 2004 - 14:14:30 GMT-3
Try permitting a range from 1-65353 and letting the implicit deny at the end kill port 0. Shoot, make the last line an explict deny and log the junk.
David
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
yuki hisano
Sent: Tuesday, April 27, 2004 8:34 AM
To: ccielab@groupstudy.com
Subject: RE: Port 0 Filter (Repost)
Chuck, Jonathan, and else,
I am sorry that my explanation was not clear enough. I thought
what I was asking was something well known to most of the guys on the list.
Here is the better explanation;
There is a private Hub-Spoke frame-relay network associated with one hub and
7 spoke locations.
There are two Spoke sites generating a lot of traffic to each other. These
two sites
send traffic to other sites as well although the amount is less in
comparison.
I hooked some access-list just to see what type of port number it is using.
The result is like this:
source: 192.168.X.X (0) destination 192.168.X.X (0) (they are either TCP or
UDP)
The number in parethesis is my question. Usually I find 445, 69, 25, 80 etc.
But I went ahead and deny port 0 with access-lists and it was unsuccessful.
I have tried:
access-list 113 deny tcp any any eq 0
access-list 113 deny udp any any eq 0
access-list 113 permit ip any any
and,
access-list 113 deny tcp any eq 0 any
access-list 113 deny tcp any any eq 0
access-list 113 deny udp any eq 0 any
access-list 113 deny udp any any eq 0
access-list 113 permit ip any any
and,
access-list 113 permit tcp any any gt 0 lt 65535
access-list 113 permit tcp any gt 0 lt 65535 any
access-list 113 permit udp any any gt 0 lt 65535
access-list 113 permit udp any gt 0 lt 65535 any
access-list 113 deny tcp any any
access-list 113 deny udp any any
access-list 113 permit ip any any
all of the above did not work.
I am kind of stuck and doesnt seem to go anywhere with my knowledge.
Does this explain good enough?
Thanks for your help!
Yuki
>From: "Jonathan Hays" <nomad@gfoyle.org>
>Reply-To: "Jonathan Hays" <nomad@gfoyle.org>
>To: <ccielab@groupstudy.com>
>Subject: RE: Port 0 Filter (Repost)
>Date: Tue, 27 Apr 2004 09:44:20 -0400
>
>you wrote:
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> >Behalf Of yuki hisano
> >Sent: Tuesday, April 27, 2004 8:36 AM
> >To: ccielab@groupstudy.com
> >Subject: Port 0 Filter (Repost)
> >
> >
> >Hi,
> >
> >I am posting this again since I had only one response and did
> >not solve the
> >prob.
> >
> >Is there any ways to filter port "0"ed traffic ??
> >
> >
> >Thanks.
> >
> >Yuki
>= = =
>
>In my opinion you did not provide enough information for a knowledgeable
>network engineer to even make a wild guess at your problem.
>
>1. Describe the relevant network topology
>2. Provide a sniffer or debug trace of the problem packets
>3. Post sanitized configurations
>4. Or at least describe the problem in more detail.
>
>While you're at it, you might read this:
>
>http://www.catb.org/~esr/faqs/smart-questions.html
>
>-Jonathan
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:56 GMT-3