Re: Riddle [7:41491]
Not knowing the specific answer, I will say that in terms of good security practice, it is NOT a good idea to provide specific or detailed information as to why something fails. Detailed responses can provide help to the bad people as they try to do bad things to your network. Chuck ""Dimitris Vassilopoulos"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Team, > > I was wondering > Is it possible to make a router respond to an access-list blocking, > using a custom-made user defined phrase? > > For example, if we deny telnet from a host we need to reply to > him "Access-list blocks incoming telnet..." > > ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41492&t=41491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Riddle [7:41491]
Hi , This is possible if you have an Cisco IDS and CSPM.In that you can point the router towards CSPM for Syslog and configure CSPM for those access-list. Kind Regards /Thangavel -- CCIE (qual),CCS,CCDP,CCNP,MCSE 186K Reading,Brkshire Direct No -0118 9064259 Mobile No -07796292416 Post code: RG16LH www.186k.co.uk -- The greatest glory in living lies not in never falling, but in rising every time we fall ." -- Nelson Mandela "Dimitris Vassilopoulos" cc: Sent by: Fax to: [EMAIL PROTECTED] Subject: Riddle [7:41491] 15/04/2002 15:42 Please respond to "Dimitris Vassilopoulos" Team, I was wondering Is it possible to make a router respond to an access-list blocking, using a custom-made user defined phrase? For example, if we deny telnet from a host we need to reply to him "Access-list blocks incoming telnet..." ? ** This e-mail is from 186k Ltd and is intended only for the addressee named above. As this e-mail may contain confidential or priveleged information, if you are not the named addressee or the person responsible for delivering the message to the named addressee, please advise the sender by return e-mail. The contents should not be disclosed to any other person nor copies taken. 186k Ltd is a Lattice Group company, registered in England & Wales No. 3751494 Registered Office 130 Jermyn Street London SW1Y 4UR ** Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41493&t=41491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Riddle [7:41491]
I agree with you Chuck. It's very unsecure indeed... However, consider it as one of the certifications' riddle... Too theoretic, but must be solved... It has a solution, and it is ROUTER oriented. No IDS or CSPM included... In case you come up with something let me know... Thanx Dvass Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41564&t=41491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Riddle [7:41491]
The last time I looked, a Cisco router would send an ICMP "administratively unreachable" message when an access list blocked a packet. What the source host does with that is not up to the router. Marc Dimitris Vassilopoulos wrote: > > Team, > > I was wondering > Is it possible to make a router respond to an access-list blocking, > using a custom-made user defined phrase? > > For example, if we deny telnet from a host we need to reply to > him "Access-list blocks incoming telnet..." > > ? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=41579&t=41491 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]