Re: TFTP ports different than UDP 69 ?

From: Joseph Saad (joseph.samir.saad@gmail.com)
Date: Mon Jan 07 2008 - 09:08:01 ARST

• Next message: gregg malcolm: "Re: 19711"
• Previous message: Joseph Saad: "Re: TFTP ports different than UDP 69 ?"
• Maybe in reply to: Geert Nijs: "TFTP ports different than UDP 69 ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

it should be match-all (Oh, negative logic is a killer) and all statements
must be using "not"
or match-any and all statement must not have "not".

Complementary logic is a killer

On Jan 7, 2008 3:01 PM, Joseph Saad <joseph.samir.saad@gmail.com> wrote:

> or replace your ACL with MQC-based security and NBAR to match TFTP.
>
> You can match (or not match) TFTP by
> class-map match-any DISALLOWED_TRAFFIC
> match not protocol tftp
> match other "disallowed" traffic
>
> policy-map POLICY
> class DISALLOWED_TRAFFIC
> drop
>
> int Wx/y
> service-policy out POLICY
>
>
> On Jan 7, 2008 1:54 PM, Geert Nijs <Geert.Nijs@simac.be > wrote:
>
> > Hi group,
> >
> > Does TFTP uses other ports like UDP 69 ?
> > ie maybe also dynamically assigned data transfer ports like FTP ?
> >
> > In between a switch and a Ciscoworks/TFTP server i am seeing hits on
> > random UDP ports, and i suspect this has something to do
> > with the automatic config download towards the Ciscoworks server:
> >
> >
> > Dec 20 14:28: 07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> > 193.74.xxx.4(38052) -> 10.63.xxx.2(49872), 5 packets
> >
> > Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> > 193.74.xxx.4(37992) -> 10.63.xxx.2(49872), 9 packets
> >
> > Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> > 193.74.xxx.4(37990) -> 10.63.xxx.2(49516), 9 packets
> >
> > Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> > 193.74.xxx.4(38028) -> 10.63.xxx.2(49872), 5 packets
> >
> > Dec 20 14:28:07.101 CET: %SEC-6-IPACCESSLOGP: list 100 denied udp
> > 193.74.xxx.4(38058) -> 10.63.xxx.2(49516), 9 packets
> >
> >
> >
> >
> >
> > Is this true ?
> >
> > Is so, is there a command to disable this behaviour and to force TFTP to
> > always use port UDP 69 only ?
> >
> >
> >
> >
> >
> > regards,
> >
> > Geert
> >
> > ________________________________
> > disclaimer : http://webservices.simac.be/disclaimer.htm
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: gregg malcolm: "Re: 19711"
• Previous message: Joseph Saad: "Re: TFTP ports different than UDP 69 ?"
• Maybe in reply to: Geert Nijs: "TFTP ports different than UDP 69 ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:37:58 ARST