Re: How to block ports 1024 & up in a cisco access-list

Anonymous Sat, 5 Jun 1999 09:42:07 -0700
Take a look at the Firewall FAQ ( http://www.interhack.net/pubs/fwfaq/
). I belive there are some very good examples of setting up CISCO
rulesets


Gerardo Soto wrote:
> 
> Hi to everyone:
>         First of all, I would like to take a little time to express my
> greatfullness to all of you that are enrolled to this firewall list. Let
> me tell you that eventhough posting a message sometimes is more risky
> than informative , it is a well worth it one, that is ,  as
> we all know , there are crackers enlisted , so when they see someone
> like me, asking silly questions , they inmediately launch an attack to
> the person or site requesting the information, but like I said , in my
> humble opinion , one learns and gets 5 times as much worthy information
> than , exploit attacks from the "dark side of the force ".
> My question in turn is the following :
> I have configured my cisco router to deny-permit (with an access-list)
> some ports and protocols.
> Since ( thanks to all of you ) I could set up
> a logging machine other than the router , I am watching what is coming in
> and out of my network through the logs that i get directly from the router
> and the tcpdump . My problem is that some of the ports that I have blocked
> are still letting in some connections tcp udp for example 113.
> Also now these guys are sending tcp udp packets to ports higher than 1024
> How can I stop this and how can such actions affect my site ?
> Here is a little part of my logs:
> 
> Jun  1 13:10:26 kraken2 157796: *Apr 24 19:41:14: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(20615), 1 packet
> Jun  1 13:30:55 kraken2 158498: *Apr 24 20:01:43: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(21563), 1 packet
> Jun  1 13:37:27 kraken2 158676: *Apr 24 20:08:15: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(21629), 1 packet
> Jun  1 14:04:51 kraken2 159546: *Apr 24 20:35:38: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(22635), 1 packet
> Jun  1 14:32:49 kraken2 160889: *Apr 24 21:03:36: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(24616), 1 packet
> Jun  1 14:53:26 kraken2 161361: *Apr 24 21:24:13: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(25144), 1 packet
> Jun  1 15:14:13 kraken2 162312: *Apr 24 21:44:59: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(25698), 1 packet
> Jun  1 15:23:03 kraken2 162444: *Apr 24 21:53:50: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(25906), 1 packet
> Jun  1 15:44:13 kraken2 162802: *Apr 24 22:14:59: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(26718), 1 packet
> Jun  1 15:48:00 kraken2 162890: *Apr 24 22:18:47: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(27160), 1 packet
> Jun  1 16:25:35 kraken2 163296: *Apr 24 22:56:22: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(29253), 1 packet
> Jun  1 16:25:37 kraken2 163302: *Apr 24 22:56:23: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(29254), 1 packet
> Jun  1 16:53:16 kraken2 164097: *Apr 24 23:24:02: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(30532), 1 packet
> Jun  1 17:23:44 kraken2 164573: *Apr 24 23:54:29: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(31855), 1 packet
> Jun  1 17:51:20 kraken2 164983: *Apr 25 00:22:06: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(1337), 1 packet
> Jun  1 18:40:54 kraken2 165700: *Apr 25 01:11:39: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(4205), 1 packet
> Jun  1 19:09:24 kraken2 165867: *Apr 25 01:40:10: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(5318), 1 packet
> Jun  1 19:39:18 kraken2 166371: *Apr 25 02:10:03: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(6944), 1 packet
> Jun  1 21:20:50 kraken2 167041: *Apr 25 03:51:34: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(11283), 1 packet
> Jun  1 21:28:22 kraken2 167092: *Apr 25 03:59:06: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(11853), 1 packet
> Jun  1 21:51:40 kraken2 167243: *Apr 25 04:22:24: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(12876), 1 packet
> Jun  1 23:12:10 kraken2 167495: *Apr 25 05:42:53: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(16455), 1 packet
> Jun  2 01:16:52 kraken2 167765: *Apr 25 07:47:34: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(21536), 1 packet
> Jun  2 01:58:35 kraken2 167844: *Apr 25 08:29:17: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(22890), 1 packet
> Jun  2 02:17:20 kraken2 167866: *Apr 25 08:48:03: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(24300), 1 packet
> Jun  2 02:53:10 kraken2 167903: *Apr 25 09:23:52: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(25372), 1 packet
> Jun  2 06:06:17 kraken2 168056: *Apr 25 12:36:58: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(2100), 1 packet
> Jun  2 06:14:58 kraken2 168067: *Apr 25 12:45:38: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(2575), 1 packet
> Jun  2 07:54:59 kraken2 168175: *Apr 25 14:25:39: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(6954), 1 packet
> Jun  2 07:55:54 kraken2 168176: *Apr 25 14:26:34: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(7021), 1 packet
> Jun  2 08:00:02 kraken2 168181: *Apr 25 14:30:42: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(7277), 1 packet
> Jun  2 08:38:01 kraken2 168280: *Apr 25 15:08:40: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(8809), 1 packet
> Jun  2 09:20:04 kraken2 168399: *Apr 25 15:50:43: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(10299), 1 packet
> Jun  2 09:46:07 kraken2 168488: *Apr 25 16:16:46: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(12174), 1 packet
> Jun  2 09:56:06 kraken2 168520: *Apr 25 16:26:45: %SEC-6-IPACCESSLOGP: list 101 
>permitted tcp 209.182.195.70(113) -> 200.38.80.1(12411), 1 packet
> 
> Let me assure you that I have:
>  access-list 101 deny tcp any any eq 113 log
> included in  my access-list
> 
>                         Thanks in advance !!!!!
> Gerardo,
> 
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Re: How to block ports 1024 & up in a cisco access-list

Reply via email to
