Re: Cisco access control

• To: Josh McIver <jmmc@et.mohave.cc.az.us>
• Subject: Re: Cisco access control
• From: rhicks@MO.NET (Rick Hicks)
• Date: Tue, 16 Apr 1996 21:52:12 -0500
• Cc: www-security <www-security@ns2.rutgers.edu>

At 12:02 AM 4/16/96 -0700, Josh McIver wrote:
>  I believe that it would look like this.
>
>access-list 101 permit tcp any host 255.255.255.255 eq 25
>access-list 101 permit tcp any host 255.255.255.255 eq 80
>
>  This would permit tcp packets from any host to go to port 25 and 
>port 80 of machine 255.255.255.255.  Everything else is denied 
>implicitly(sp?).  You would then apply it as a inbound filter on you 
>incoming port.

This alone will not do it.  After a tcp connection has been established (ACK
bit set and SYN number given) the hosts communicate on random ports of 1024
and above.  If you do not allow communications for those ports it will fail.

Rick

__________________________________
Rick Hicks
System Specialist
Hussmann Corporation

• Re: Cisco access control
• From: John Halperin <JXH@slac.stanford.edu>

• Previous: Re: Cisco access control
• Next: Re: Cisco access control
• Index(es):
  • Index
  • Thread