Security Basics mailing list archives
RE: Cisco Workaround
From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 28 Jul 2003 08:39:53 -0700
They have. They've been amazingly responsive about providing fixed code versions for some frighteningly-old equipment. The *Workaround* is just a quick and dirty fix for those who need some time to schedule the code upgrade installations. David Gillett
-----Original Message----- From: Ghaith Nasrawi [mailto:libero () aucegypt edu] Sent: July 25, 2003 08:33 Cc: firewalls () securityfocus com; security-basics () securityfocus com Subject: RE: Cisco Workaround Well, my question is; what the hell if I was using any of these protocols?? Didn't cisco think of that?? They should have suggested a more decent solution. ./Ghaith =============== Today is the tomorrow you worried about yesterday -----Original Message----- From: jamesworld () intelligencia com [mailto:jamesworld () intelligencia com] Sent: Wednesday, July 23, 2003 6:48 PM To: Alvaro Gordon-Escobar Cc: firewalls () securityfocus com; security-basics () securityfocus com Subject: Re: Cisco Workaround Alvaro, No. The protocol blocked by the access-list is protocol 53 not protocol TCP or protocol UDP port 53. If you need further info, let me know, -James At 09:15 7/23/2003, Alvaro Gordon-Escobar wrote:will this access list modification prevent my internal DNSserver fromupdates to it self from my telco's DNS server? access-list 101 deny 53 any any access-list 101 deny 55 any any access-list 101 deny 77 any any access-list 101 deny 103 any any !--- insert any other previously applied ACL entries here !--- you must permit other protocols through to allow normal !--- traffic -- previously defined permit lists will work !--- or you may use the permit ip any any shown here access-list 101 permit ip any any Thanks in advance ~alvaro Escobar ----------------------------------------------------------------------- --------------------------------------------------------------------------- ----- -------------------------------------------------------------- ---------- --- -------------------------------------------------------------- ---------- ---- -------------------------------------------------------------- ------------- -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Cisco Workaround jamesworld (Jul 23)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 25)
- RE: Cisco Workaround (comment on actually using those protocols) jamesworld (Jul 28)
- RE: Cisco Workaround David Gillett (Jul 28)
- <Possible follow-ups>
- RE: Cisco Workaround Naman Latif (Jul 23)
- RE: Cisco Workaround Todd Mitchell - lists (Jul 23)
- RE: Cisco Workaround Charlie Winckless (Jul 23)
- Re: Cisco Workaround DOUGLAS GULLETT (Jul 23)
- RE: Cisco Workaround Terry Baranski (Jul 24)
- Re: Cisco Workaround Paul Kincaid (Jul 24)
- RE: Cisco Workaround Dave Gilmore (Intrusense) (Jul 24)
- Re: Cisco Workaround Kurt Seifried (Jul 24)
- RE: Cisco Workaround David Gillett (Jul 24)
- RE: Cisco Workaround Wolfpaw - Dale Corse (Jul 24)
(Thread continues...)
- RE: Cisco Workaround Ghaith Nasrawi (Jul 25)