RE: Port 0 Filter (Repost)

From: yuki hisano (yukyhisano@hotmail.com)
Date: Tue Apr 27 2004 - 14:16:47 GMT-3

• Next message: Church, Chuck: "RE: Port 0 Filter (Repost)"
• Previous message: David Hiers: "RE: Port 0 Filter (Repost)"
• Maybe in reply to: yuki hisano: "Port 0 Filter (Repost)"
• Next in thread: Church, Chuck: "RE: Port 0 Filter (Repost)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Unlike the third example below?

Yuki

>From: "David Hiers" <David_Hiers@adp.com>
>To: "yuki hisano" <yukyhisano@hotmail.com>,<ccielab@groupstudy.com>
>Subject: RE: Port 0 Filter (Repost)
>Date: Tue, 27 Apr 2004 10:14:30 -0700
>
>Try permitting a range from 1-65353 and letting the implicit deny at the
>end kill port 0. Shoot, make the last line an explict deny and log the
>junk.
>
>David
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
>yuki hisano
>Sent: Tuesday, April 27, 2004 8:34 AM
>To: ccielab@groupstudy.com
>Subject: RE: Port 0 Filter (Repost)
>
>
>Chuck, Jonathan, and else,
>
>I am sorry that my explanation was not clear enough. I thought
>what I was asking was something well known to most of the guys on the list.
>
>Here is the better explanation;
>
>There is a private Hub-Spoke frame-relay network associated with one hub
>and
>7 spoke locations.
>There are two Spoke sites generating a lot of traffic to each other. These
>two sites
>send traffic to other sites as well although the amount is less in
>comparison.
>I hooked some access-list just to see what type of port number it is using.
>The result is like this:
>
>source: 192.168.X.X (0) destination 192.168.X.X (0) (they are either TCP
>or
>UDP)
>
>The number in parethesis is my question. Usually I find 445, 69, 25, 80
>etc.
>But I went ahead and deny port 0 with access-lists and it was unsuccessful.
>
>I have tried:
>
>access-list 113 deny tcp any any eq 0
>access-list 113 deny udp any any eq 0
>access-list 113 permit ip any any
>
>and,
>
>access-list 113 deny tcp any eq 0 any
>access-list 113 deny tcp any any eq 0
>access-list 113 deny udp any eq 0 any
>access-list 113 deny udp any any eq 0
>access-list 113 permit ip any any
>
>and,
>
>access-list 113 permit tcp any any gt 0 lt 65535
>access-list 113 permit tcp any gt 0 lt 65535 any
>access-list 113 permit udp any any gt 0 lt 65535
>access-list 113 permit udp any gt 0 lt 65535 any
>access-list 113 deny tcp any any
>access-list 113 deny udp any any
>access-list 113 permit ip any any
>
>all of the above did not work.
>I am kind of stuck and doesnt seem to go anywhere with my knowledge.
>
>Does this explain good enough?
>
>Thanks for your help!
>
>Yuki
>
>
>
>
> >From: "Jonathan Hays" <nomad@gfoyle.org>
> >Reply-To: "Jonathan Hays" <nomad@gfoyle.org>
> >To: <ccielab@groupstudy.com>
> >Subject: RE: Port 0 Filter (Repost)
> >Date: Tue, 27 Apr 2004 09:44:20 -0400
> >
> >you wrote:
> > >-----Original Message-----
> > >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > >Behalf Of yuki hisano
> > >Sent: Tuesday, April 27, 2004 8:36 AM
> > >To: ccielab@groupstudy.com
> > >Subject: Port 0 Filter (Repost)
> > >
> > >
> > >Hi,
> > >
> > >I am posting this again since I had only one response and did
> > >not solve the
> > >prob.
> > >
> > >Is there any ways to filter port "0"ed traffic ??
> > >
> > >
> > >Thanks.
> > >
> > >Yuki
> >= = =
> >
> >In my opinion you did not provide enough information for a knowledgeable
> >network engineer to even make a wild guess at your problem.
> >
> >1. Describe the relevant network topology
> >2. Provide a sniffer or debug trace of the problem packets
> >3. Post sanitized configurations
> >4. Or at least describe the problem in more detail.
> >
> >While you're at it, you might read this:
> >
> >http://www.catb.org/~esr/faqs/smart-questions.html
> >
> >-Jonathan
> >
> >_______________________________________________________________________
> >Please help support GroupStudy by purchasing your study materials from:
> >http://shop.groupstudy.com
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
>_________________________________________________________________
>MSN 8 with e-mail virus protection service: 2 months FREE*
>http://join.msn.com/?page=features/virus
>
>_______________________________________________________________________
>Please help support GroupStudy by purchasing your study materials from:
>http://shop.groupstudy.com
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Church, Chuck: "RE: Port 0 Filter (Repost)"
• Previous message: David Hiers: "RE: Port 0 Filter (Repost)"
• Maybe in reply to: yuki hisano: "Port 0 Filter (Repost)"
• Next in thread: Church, Chuck: "RE: Port 0 Filter (Repost)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:56 GMT-3