Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
538
Views
0
Helpful
1
Replies

Does blocking ip blocks tcp, udp and icmp?

vikrantarora
Level 1
Level 1

‎03-19-2003 11:07 AM - edited ‎03-09-2019 02:35 AM

I am trying to block access to all messenger from within our network and I have the following questions:

1. Can I block using names of servers for eg login.osacar.aol.com

2.If I block ip traffic , I am sure to block tcp, udp adn icmp. Please confirm

3. Applying access lists to inside interface is enough or should I consider applying them on the outside as well.

Finally are these enough :

for msn

access-list acl_in deny ip any any eq 1863

access-list acl_in deny ip any 64.4.13.0 255.255.255.0

for aol

access-list acl_in deny ip any any eq 5190

and all IP's resolving to IP host login.oscar.aol.com. which I find by doing netstat

for yahoo

block IP's found by doing netstat for cs.yahoo.com, sca.yahoo.com, msg.edit.yahoo.com

Labels:
0 Helpful
1 Reply 1

mostiguy
Level 6
Level 6

‎03-19-2003 11:33 AM

ip any any eq 1863 won't work - the ip protocol has no concept of port numbers. ICMP does not either - only tcp and udp have port numbers.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents