Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Cisco Workaround

From: Charlie Winckless <CharlieW () netarch com>
Date: Wed, 23 Jul 2003 10:27:26 -0600
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, because you aren't blocking TCP/UDP 53 (the DNS ports)
but instead the IP PROTOCOL 53.

- -- Charlie


-----Original Message-----
From: Alvaro Gordon-Escobar [mailto:alvaroge () molecularstaging com]
Sent: Wednesday, July 23, 2003 8:15 AM
To: firewalls () securityfocus com; security-basics () securityfocus com
Subject: Cisco Workaround


will this access list modification prevent my internal DNS 
server from updates to it self from my telco's DNS server?

access-list 101 deny 53 any any
access-list 101 deny 55 any any
access-list 101 deny 77 any any
access-list 101 deny 103 any any
!--- insert any other previously applied ACL entries here
!--- you must permit other protocols through to allow normal
!--- traffic -- previously defined permit lists will work
!--- or you may use the permit ip any any shown here
access-list 101 permit ip any any

Thanks in advance

~alvaro Escobar

--------------------------------------------------------------
-------------
--------------------------------------------------------------
--------------



-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4

iQA/AwUBPx63bcrtF6HAen5cEQKgdwCgjt/DHXe+rwS+C1XzJ72PMRF9QYgAnR2g
2aoE7gL9V0yqUkKGzq6tx0Qj
=umqL
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: