I just looked this up to verify my memory, in Managing Cisco Network Security by Michael Wenstrom (p.713) it says that undefined access list equals permit any. I’m not saying it is true… just referencing that book. But in this case a “tcp established” ACL isn’t empty anyway. Yeah, this should be fine. ____________________________________________________ http://www.attackprevention.com Information Security documents, articles, and policy > > My understanding of the basic way cisco ACL works are: if your ACL is not > empty, then any unmatched packet (with ACL list) will be dropped, like a > default deny all. So in your case, the supposedly attack packets all use > protocol 53, 55 etc, thus won't match anything in your ACL list, thus shall be > dropped. So for this particular attack, it shall be OK (provided the ACL has > applied to the external interface for external attacks). > > Any cisco expert has any comment / confirmation on this? > ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Jul 18 2003 - 13:14:59 PDT