Re: Cisco access control

• To: rhicks@MO.NET, www-security@ns2.rutgers.edu
• Subject: Re: Cisco access control
• From: Antonio Vasconcelos <vasco@bvl.pt>
• Date: Wed, 17 Apr 1996 19:56:05 GMT

At 22:01 16-04-1996 -0500, you wrote:
>When a tcp connection sets up it will set the ACK bit (which 'established'
>checks) and give the client both a SYN number and a random port above 1023
>to communicate with.  All communications are then completed via these random
>ports above 1023 for that session.  You can just allow packets above 1023 to
>pass or you can only pass 'established' packets.  I prefer to pass only
>'established' packets; it seems safer and I hear that some Windows clients
>don't obey the port > 1023 rule - the fools ;-)

I know that's the idea, but I have clients calling a cisco terminal server
with an acl without the 'established' lines and accessing a SQL server with
no problem at all...
-- 
regards,

Antonio Vasconcelos @ The Lisbon $tock Exchange
..........................................................
vasco@bvl.pt, vasco@individual.puug.pt, postmaster@bvl.pt,
webmaster@bvl.pt, http://www.bvl.pt:8080/~vasco
..........................................................
TEL: +351-1-790-9904            Bolsa de Valores de Lisboa
FAX: +351-1-795-2026            R. Soeiro Pereira Gomes
                                1600 LISBOA
http://www.bvl.pt/              PORTUGAL
..........................................................
 All opinions are my own, my employer thinks I'm working
..........................................................

• Previous: Re: Cisco access control
• Next: Re: Cisco access control
• Index(es):
  • Index
  • Thread