RE: deny access

[Omar Salvador Alcalá Ruiz <oalcala () scitum com mx>]

Always an ACL puts a "deny any any" at the end, so be careful to put your
ACL with all the permits before the end, or you may end up closing your
access to everything (maybe even your router).

For QoS, with ACL, you can look at the rate-limit command (at the interface
configuration) usage, which defines by bandwith size perecentage, how much
bandwith will be used and what will happen if the link becomes too used. The
? will help you understand the command, since it has many options.

regards

OA
 

-----Original Message-----
From: Carlos Garcia
To: Agarwal, Ankur; security-basics () securityfocus com
Sent: 25/11/2004 08:40 p.m.
Subject: Re: deny access

ok i just write
access-list 101 deny ip host 216.212.33.185 any is this ok?
i put too
access-list 101 deny ip 216.212.33.185 255.255.255.255 any...
and can somebody tell me how to improve this, i run some servers and i
want 
to protec them
mail, web,dns,proxy's where can i find a list so that it helps me how to

configure the router to support QoS i need it for VoIP service??? thanks
for 
all the help

Atte.
Carlos A. Garcia G.
Cabonet Staff
Tel (624) 14 30120


----- Original Message ----- 
From: "Agarwal, Ankur" <Ankur.Agarwal () colt-telecom com>
To: "'Carlos Garcia'" <carlosg () cabonet net mx>; 
<security-basics () securityfocus com>
Sent: Thursday, November 25, 2004 7:17 PM
Subject: RE: deny access


> HI
> Simply create an deny access list to block this IP.
>
> Access-list 101 deny ip source ip destination ip
>
>
>
> Thanks & Regards,
>
> ___________________________________________________
> Ankur Agarwal
>
>
>
> One Dial : 8-911-7428
> Tel : +91 124 5157000 (Ext. 2272)
> *Cell : +91 9810702016
>
>
>
> COLT India
> ankur.agarwal () colt-telecom com
>
> ___________________________________________________
>
>
>
> -----Original Message-----
> From: Carlos Garcia [mailto:carlosg () cabonet net mx]
> Sent: 25 November 2004 04:58
> To: security-basics () securityfocus com
> Subject: deny access
>
>
> newbie question how can i block this ip 216.212.33.185 i have a cisco
7200
> this ip is trying to send mail with my server, i did not configure the
> router so i dont know how to do this any help?
>
>
> Atte.
> Carlos A. Garcia G.
> Cabonet Staff
> Tel (624) 14 30120
************************************************************************
*************
> The message is intended for the named addressee only and may not be 
> disclosed to or used by anyone else, nor may it be copied in any way.
>
> The contents of this message and its attachments are confidential and
may 
> also be subject to legal privilege.  If you are not the named
addressee 
> and/or have received this message in error, please advise us by
e-mailing 
> security () colt net and delete the message and any attachments without 
> retaining any copies.
>
> Internet communications are not secure and COLT does not accept 
> responsibility for this message, its contents nor responsibility for
any 
> viruses.
>
> No contracts can be created or varied on behalf of COLT 
> Telecommunications, its subsidiaries or affiliates ("COLT") and any
other 
> party by email Communications unless expressly agreed in writing with
such 
> other party.
>
> Please note that incoming emails will be automatically scanned to 
> eliminate potential viruses and unsolicited promotional emails. For
more 
> information refer to www.colt.net or contact us on +44(0)20 7390 3900.