[Previous] [Next] [Index]
[Thread]
Re: Cisco access control
At 22:01 16-04-1996 -0500, you wrote:
>When a tcp connection sets up it will set the ACK bit (which 'established'
>checks) and give the client both a SYN number and a random port above 1023
>to communicate with. All communications are then completed via these random
>ports above 1023 for that session. You can just allow packets above 1023 to
>pass or you can only pass 'established' packets. I prefer to pass only
>'established' packets; it seems safer and I hear that some Windows clients
>don't obey the port > 1023 rule - the fools ;-)
I know that's the idea, but I have clients calling a cisco terminal server
with an acl without the 'established' lines and accessing a SQL server with
no problem at all...
--
regards,
Antonio Vasconcelos @ The Lisbon $tock Exchange
..........................................................
vasco@bvl.pt, vasco@individual.puug.pt, postmaster@bvl.pt,
webmaster@bvl.pt, http://www.bvl.pt:8080/~vasco
..........................................................
TEL: +351-1-790-9904 Bolsa de Valores de Lisboa
FAX: +351-1-795-2026 R. Soeiro Pereira Gomes
1600 LISBOA
http://www.bvl.pt/ PORTUGAL
..........................................................
All opinions are my own, my employer thinks I'm working
..........................................................