I don't think you have to put all the access-list in. I believe that the hack requires a certain combination of packets to the four ports, so leaving one or two of them open should still prevent the hack. That might be a good question for Cisco TAC...they should be willing to help even if you "misplaced" your SmartNet contract information. ;-)
Doug ----- Original Message ----- From: Alvaro Gordon-Escobar <[EMAIL PROTECTED]> Date: Wednesday, July 23, 2003 10:15 am Subject: Cisco Workaround > will this access list modification prevent my internal DNS server > from updates to it self from my telco's DNS server? > > access-list 101 deny 53 any any > access-list 101 deny 55 any any > access-list 101 deny 77 any any > access-list 101 deny 103 any any > !--- insert any other previously applied ACL entries here > !--- you must permit other protocols through to allow normal > !--- traffic -- previously defined permit lists will work > !--- or you may use the permit ip any any shown here > access-list 101 permit ip any any > > Thanks in advance > > ~alvaro Escobar > > ------------------------------------------------------------------- > -------- > ------------------------------------------------------------------- > --------- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------