RE: Access list question

From: David Prall (dcp@dcptech.com)
Date: Fri Oct 17 2008 - 17:26:21 ART

• Next message: Scott M Vermillion: "RE: Access list question"
• Previous message: Scott Ralph: "Re: Fail Your Written? Try Again for Free!"
• Maybe in reply to: ccie820@gmail.com: "Access list question"
• Next in thread: Scott M Vermillion: "RE: Access list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What kind of traceroute, different implementations work in differnet ways.
Typical unix/cisco traceroute sends a packet to the destination using
udp/33434 and then increments them by one for each hop. So you could block
everything destined to these ports.

Access-list 100 deny udp any any range 33434-33464
Access-list 100 permit ip any any

--
http://dcp.dcptech.com
 
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> ccie820@gmail.com
> Sent: Friday, October 17, 2008 3:55 PM
> To: ccielab@groupstudy.com
> Subject: Access list question
> 
> *All,
> 
> Is there way to block traceroutes and allow pings ?
> Your help will be very much appreciated.
> 
> GG
> *
> 
> 
> Blogs and organic groups at http://www.ccie.net
> 
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net

• Next message: Scott M Vermillion: "RE: Access list question"
• Previous message: Scott Ralph: "Re: Fail Your Written? Try Again for Free!"
• Maybe in reply to: ccie820@gmail.com: "Access list question"
• Next in thread: Scott M Vermillion: "RE: Access list question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:21 ARST