RE: Port 0 Filter (Repost)

From: Church, Chuck (cchurch@wamnetgov.com)
Date: Tue Apr 27 2004 - 16:22:25 GMT-3

• Next message: mo ddin: "Ipexpert Workbook (6.0)"
• Previous message: yuki hisano: "Re: Port 0 Filter (Repost)"
• Maybe in reply to: yuki hisano: "Port 0 Filter (Repost)"
• Next in thread: Larry Clark: "RE: Port 0 Filter (Repost)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, but like David mentioned, your access list is only matching UDP or
TCP, not subsets (ports) of these two IP protocols. Since it's not
necessary to look at the port number (only the IP protocol), the IOS
logs it as port 0, probably because it's more efficient to do so. Try
adding ranges to your access lists with the port numbers (ie allow UDP
1-1024, 1025-65535, and the same for TCP).

Chuck Church
Lead Design Engineer
CCIE #8776, MCNE, MCSE
Wam!Net Government Services - Design & Implementation Team
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnetgov.com
PGP key:
http://pgp.mit.edu:11371/pks/lookup?op=index&search=cchurch%40wamnetgov.
com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
yuki hisano
Sent: Tuesday, April 27, 2004 1:51 PM
To: ccie@netchild.pub.sa
Cc: ccielab@groupstudy.com
Subject: Re: Port 0 Filter (Repost)

I have tried it.
Here is the result.

access-list 113 permit tcp any 192.168.128.0 0.0.0.255 log-input
access-list 113 permit udp any 192.168.128.0 0.0.0.255 log-input
access-list 113 permit ip any any

Apr 27 17:35:09: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.201(0)
(Serial0/1 *HDLC*) -> 192.168.128.83(0), 1 packet Apr 27 17:35:19:
%SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.101(0)
(Serial0/1 *HDLC*) -> 192.168.128.4(0), 13 packets Apr 27 17:35:23:
%SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.101(0)
(Serial0/1 *HDLC*) -> 192.168.128.226(0), 247 packets
glory-ny#$-6-IPACCESSLOGP: list 113 permitted tcp 192.168.120.201(0) Apr
27 17:35:09: %SEC-6-IPACCESSLOGP: list 113 permitted tcp
192.168.120.201(0)

Yuki

>From: "ccie" <ccie@netchild.pub.sa>
>To: "yuki hisano" <yukyhisano@hotmail.com>
>Subject: Re: Port 0 Filter (Repost)
>Date: Tue, 27 Apr 2004 20:18:46 +0300
>
>Hi Yuki,
>
> > I hooked some access-list just to see what type of port number it is
>using.
> > The result is like this:
> >
> > source: 192.168.X.X (0) destination 192.168.X.X (0) (they are
> > either
>TCP
>or
> > UDP)
>
>This is not a port 0. We you deny with ip the syslog will show you the
>port as (0). To know the real port try to remove the denied ip and put
>deny tcp/udp. check the log and you will see the correct port number.
>
>NetChild,
>
>

• Next message: mo ddin: "Ipexpert Workbook (6.0)"
• Previous message: yuki hisano: "Re: Port 0 Filter (Repost)"
• Maybe in reply to: yuki hisano: "Port 0 Filter (Repost)"
• Next in thread: Larry Clark: "RE: Port 0 Filter (Repost)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 03 2004 - 19:48:56 GMT-3