The list stated is what Cisco recommends in thier work around for the transit ACL.
The exploit for this has already come out and they state that you don't need any combinations, just 76 packets of one of the protocols. I gave it a quick read through and you can find it at: http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2003-07/0703.html Take a look, it may help you refine the ACLs that you want. Jac --- DOUGLAS GULLETT <[EMAIL PROTECTED]> wrote: > I don't think you have to put all the access-list > in. I believe that > the hack requires a certain combination of packets > to the four ports, > so leaving one or two of them open should still > prevent the hack. That > might be a good question for Cisco TAC...they should > be willing to help > even if you "misplaced" your SmartNet contract > information. ;-) > > Doug > > > > ----- Original Message ----- > From: Alvaro Gordon-Escobar > <[EMAIL PROTECTED]> > Date: Wednesday, July 23, 2003 10:15 am > Subject: Cisco Workaround > > > will this access list modification prevent my > internal DNS server > > from updates to it self from my telco's DNS > server? > > > > access-list 101 deny 53 any any > > access-list 101 deny 55 any any > > access-list 101 deny 77 any any > > access-list 101 deny 103 any any > > !--- insert any other previously applied ACL > entries here > > !--- you must permit other protocols through to > allow normal > > !--- traffic -- previously defined permit lists > will work > > !--- or you may use the permit ip any any shown > here > > access-list 101 permit ip any any > > > > Thanks in advance > > > > ~alvaro Escobar > > > > > ------------------------------------------------------------------- > > -------- > > > ------------------------------------------------------------------- > > --------- > > > > > > > --------------------------------------------------------------------------- > ---------------------------------------------------------------------------- > __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com --------------------------------------------------------------------------- ----------------------------------------------------------------------------
