Re: Classifying incoming vs outgoing HTTP traffic from naveen M S on 2009-04-02 (Ccielab archives 04/2009)

From: naveen M S <navin.ms_at_gmail.com>
Date: Thu, 2 Apr 2009 17:13:51 -0700

As Salah has rightly pointed out,

WebClient---------------------------------WebServer

1) For Traffic flowing from Client to Server:
Src TCP port = Random port (say, RND > 1024)
Dest TCP port = 80

2) For traffic flowing from Server to Client:
Src TCP port = 80
Dest TCP port = Same Random port (RND)

The trick is how you interpret the Question !!

When the task says all HTTP traffic coming from (or) to Vlan 34, it could
mean one or both of -
a) Client to Server traffic
b) Server to Client traffic

*Hence my solution would be to match both types of traffic.*

For example:
1) All HTTP traffic coming from Vlan 34.

   ip access-list extended V34_in
     permit tcp 10.1.34.0 0.0.0.255 eq www any <-- HTTP traffic from
Server to Client
     permit tcp 10.1.34.0 0.0.0.255 any eq www <-- HTTP traffic from
Client to Server

Regards,
Naveen.

On Thu, Apr 2, 2009 at 2:01 PM, Cisco Fanatic
<ebay_products_at_hotmail.com>wrote:

> This is what I belive is right?
>
> 1) All HTTP traffic coming from Vlan 34.
>
> ip access-list extended V34_in
> permit tcp 10.1.34.0 0.0.0.255 eq www any
>
> 2) All HTTP traffic coming from R1 on Vlan 34.
>
> ip access-list extended V34_R1_in
> permit tcp host 10.1.34.1 eq www any
>
> 3) All HTTP traffic coming from Web Server on Vlan 34.
>
> ip access-list extended V34_WS_in
> permit tcp host 10.1.30.100 eq www any
>
> 4) All HTTP traffic going out to Vlan 34.
>
> ip access-list extended V34_out
> permit tcp any 10.1.30.0 0.0.0.255 eq www
>
> 5) All HTTP traffic going out to Web Server on Vlan 34.
>
> ip access-list extended V34_WS_out
> permit tcp any host 10.1.30.100 eq www
>
>
> -Yuri
>
>
> > >>
> > >> On Thu, Apr 2, 2009 at 9:38 PM, naveen M S <navin.ms_at_gmail.com>
> wrote:
> > >>
> > >>> Thanks Divin. This is my understanding.
> > >>>
> > >>> WebClient---------------------------------WebServer
> > >>>
> > >>> 1) For Traffic flowing from Client to Server:
> > >>> Src TCP port = Any
> > >>> Dest TCP port = 80
> > >>>
> > >>> 2) For traffic flowing from Server to Client:
> > >>> Src TCP port = 80
> > >>> Dest TCP port = 80
> > >>>
> > >>> Is this correct ?
> > >>>
> > >>>
> > >>> On Thu, Apr 2, 2009 at 11:19 AM, Divin Mathew John <
> divinjohn_at_gmail.com
> > >>> >wrote:
> > >>>
> > >>> > I think destination Port would be more APT.! becoz to connect to a
> > >>> normal
> > >>> > HTTP webserver u wud use port 80 to connect to web server and not
> > >>> > necessarily POrt 80 on your comp.!
> > >>> > Thanking You
> > >>> >
> > >>> > Yours Sincerely
> > >>> >
> > >>> > Divin Mathew John
> > >>> > divinjohn_at_gmail.com
> > >>> > divin_at_dide3d.com
> > >>> > +91 9945430983
> > >>> > +91 9846697191
> > >>> > +974 5008916
> > >>> > PGP PUBLIC KEY BLOCK @
> http://www.dide3d.com/divin_Public_PGP_key.txt
> > >>> > Sent from Bangalore, KA, India
> > >>> >
> > >>> > On Thu, Apr 2, 2009 at 11:44 PM, naveen M S <navin.ms_at_gmail.com>
> > >>> wrote:
> > >>> >
> > >>> >> Group,
> > >>> >>
> > >>> >> I have trouble translating these statements to ACLs.
> > >>> >>
> > >>> >> 1) All HTTP traffic coming from Vlan 34.
> > >>> >> 2) All HTTP traffic coming from R1 on Vlan 34.
> > >>> >> 3) All HTTP traffic coming from Web Server on Vlan 34.
> > >>> >> 4) All HTTP traffic going out to Vlan 34.
> > >>> >> 5) All HTTP traffic going out to Web Server on Vlan 34.
> > >>> >>
> > >>> >> *Question is:*
> > >>> >> Should I match both Source and Destination TCP port to 80 (or)
> just
> > >>> one of
> > >>> >> them ?
> > >>> >> Assume Vlan 34 = 10.1.34.0/24, R1 = 10.1.34.1/24, WebServer =
> > >>> >> 10.1.34.100/24
> > >>> >>
> > >>> >> My solutions is for the above are:
> > >>> >>
> > >>> >> a) Match source tcp port = 80 for incoming HTTP traffic
> > >>> >> b) Match destination tcp port = 80 for outgoing HTTP traffic.
> > >>> >>
> > >>> >> 1) ip access-list extended V34_in
> > >>> >> permit tcp 10.1.34.0 0.0.0.255 eq www any
> > >>> >>
> > >>> >> 2) ip access-list extended V34_R1_in
> > >>> >> permit tcp 10.1.34.1 0.0.0.0 eq www any
> > >>> >>
> > >>> >> 3) ip access-list extended V34_WS_in
> > >>> >> permit tcp 10.1.30.100 0.0.0.0 eq www any
> > >>> >>
> > >>> >> 4) ip access-list extended V34_out
> > >>> >> permit tcp any 10.1.30.0 0.0.0.255 eq www
> > >>> >>
> > >>> >> 5) ip access-list extended V34_WS_out
> > >>> >> permit tcp any 10.1.30.100 0.0.0.0 eq www
> > >>> >>
> > >>> >> Can someone please highlight the Source & Destination TCP ports
> for
> > >>> HTTP
> > >>> >> traffic in both directions ?
> > >>> >>
> > >>> >> Thanks very much,
> > >>> >> Naveen.
> > >>> >>
> > >>> >>
> > >>> >> Blogs and organic groups at http://www.ccie.net
> > >>> >>
> > >>> >>
> > >>>
> _______________________________________________________________________
> > >>> >> Subscription information may be found at:
> > >>> >> http://www.groupstudy.com/list/CCIELab.html
> > >>>
> > >>>
> > >>> Blogs and organic groups at http://www.ccie.net
> > >>>
> > >>>
> _______________________________________________________________________
> > >>> Subscription information may be found at:
> > >>> http://www.groupstudy.com/list/CCIELab.html
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
> ------------------------------
> Rediscover Hotmail.: Get e-mail storage that grows with you. Check it
out.<http://windowslive.com/RediscoverHotmail?ocid=TXT_TAGLM_WL_HM_Rediscover
_Storage1_042009>

Blogs and organic groups at http://www.ccie.net
Received on Thu Apr 02 2009 - 17:13:51 ART

This archive was generated by hypermail 2.2.0 : Mon May 04 2009 - 07:39:11 ART