wangwat_private wrote: > My understanding of the basic way cisco ACL works are: if your ACL is not > empty, then any unmatched packet (with ACL list) will be dropped, like a > default deny all. So in your case, the supposedly attack packets all use > protocol 53, 55 etc, thus won't match anything in your ACL list, thus shall be > dropped. So for this particular attack, it shall be OK (provided the ACL has > applied to the external interface for external attacks). There is a default 'deny ip any any' at the end, yes. But if your ACLs are setup ending with 'permit ip any any' then you need to explicitly deny 53, 55, 77, and 103 before the permit ip any any. You might want to setup the deny statements anyway just to accumulate counters to know if you're getting hit or not. Jeff ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 13:10:38 PDT