I think it is the normal practice because historically that was the only
capability which routers had (filtering on destination ports) and as the
IOS became more capable people were either unsure, or reluctant to change
their ways. The second example is more secure, and to take it a step
further (
Example 1 is most common. Example 2 is a little more
picky. Realistically a connect that is sourced to web or DNS should
originate on a non-privledged port (>=1024) so this just makes sure of
that. I don't go thru that kind of intensiveness in my ACL'sI
feel that checking the destinati
Well,
In any circumstance, whatever device who generate traffic to any target,
this device will use
the port number greater than 1023 as the "From port #" and the "destination
port #" will be specific
like "80" or "53" etc...
when the target device receive this packet, it will swap their "for
, January 20, 1980 9:26 PM
To: GNOME; [EMAIL PROTECTED]
Subject: Re: * Access List Enquiry **
I think it is the normal practice because historically that was the only
capability which routers had (filtering on destination ports) and as the
IOS became more capable people were either
4 matches
Mail list logo