""Barbu Alexandru"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Ok! Pay attention that the access-list that is > actually applied to the interface for inbound traffic > is access-list 194, which denies all ip traffic. > > Now lets see what the other access-lists do. > > access-list 195 deny udp any gt 1024 any eq 1434 > access-list 195 permit ip any any > > This one says so: access-list 195, denies udp > traffic generated by a greater port than 1024 (gt > 1024) that is going towards any host in your network > at the port 1434(eq = equal). > > The other entry allows all ip traffic to flow > towards your network. > > So, the access-list 195 and 196 do the same thing > and are not applied to the eth 0 interface. The one > applied to the eth 0 interface is 194 which denies all > ip traffic.
being as udp port 1434 is the well know port used by slammer, which sevrely effected internet traffic performance when it hit a few weeks ago, what the two access-lists do, assuming both are applied appropriately to an edge device, is stop slammer traffic into and out of wherever they are applied. probably the enterprise border. my question to the guy who made the original post remains. were lists 195 and 196 applied anywhere else on the router? and why does list 194 even exist? > > To apply an access-list to an interface you use the > command: ip access-group xxx [in|out]. It depends > whether you want to filter the traffic coming to that > interface or traffic going out that interface. > > no ip redirects > no ip unreachables > no ip proxy-arp > ip route-cache same-interface > > These commands commands have nothing to do with > access-lists. > > All the best, > Alexandru Barbu > CCAI > > > --- Karagozian Sarkis > wrote: > Can someone explain what these ACLs do ??? > > When applied to an interface (in) > > > > Interace e0 > > ! > > ! > > ip access-group 194 in > > no ip redirects > > no ip unreachables > > no ip proxy-arp > > ip route-cache same-interface > > ! > > access-list 194 deny ip any any > > access-list 195 deny udp any gt 1024 any eq > > 1434 > > access-list 195 permit ip any any > > access-list 196 deny udp any gt 1024 any eq > > 1434 > > access-list 196 permit ip any any > > > > These were applied since the SQL Worm attack... > > > > Thanks > [EMAIL PROTECTED] > > ===== > 'there is no such thing as a free meal' > > __________________________________________________ > Do You Yahoo!? > Everything you'll ever need on one web page > from News and Sport to Email and Music Charts > http://uk.my.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63068&t=62843 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
