Be aware - the hack is a Denial of Service attack, and it can be accomplished with ANY ONE of these protocols, there is no special combination required. Call Cisco TAC and they will give you updated software for your device, which voids the need for the ACL.
Regards, D. -------------------------------- Dale Corse System Administrator Wolfpaw Services Inc. http://www.wolfpaw.net (780) 474-4095 > -----Original Message----- > From: DOUGLAS GULLETT [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 23, 2003 1:16 PM > To: Alvaro Gordon-Escobar > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: Cisco Workaround > > > I don't think you have to put all the access-list in. I > believe that > the hack requires a certain combination of packets to the > four ports, > so leaving one or two of them open should still prevent the > hack. That > might be a good question for Cisco TAC...they should be > willing to help > even if you "misplaced" your SmartNet contract information. ;-) > > Doug > > > > ----- Original Message ----- > From: Alvaro Gordon-Escobar <[EMAIL PROTECTED]> > Date: Wednesday, July 23, 2003 10:15 am > Subject: Cisco Workaround > > > will this access list modification prevent my internal DNS server > > from updates to it self from my telco's DNS server? > > > > access-list 101 deny 53 any any > > access-list 101 deny 55 any any > > access-list 101 deny 77 any any > > access-list 101 deny 103 any any > > !--- insert any other previously applied ACL entries here > > !--- you must permit other protocols through to allow normal > > !--- traffic -- previously defined permit lists will work > > !--- or you may use the permit ip any any shown here > > access-list 101 permit ip any any > > > > Thanks in advance > > > > ~alvaro Escobar > > > > > ------------------------------------------------------------------- > > -------- > > > ------------------------------------------------------------------- > > --------- > > > > > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
