This problem is causing my Windows 2000 clients to take a very long time to log on to their remote domain controller.
Due to the SQL Slammer worm, we put ACL's on all Fast/Ethernet interfaces, inbound and outbound:
access-list 110 deny udp any any eq 1434 log
access-list 110 deny udp any eq 1434 any log
access-list 110 permit ip any any
I realize the second line maybe unnecessary.
I ran a protocol analyzer on one of the affected clients. While the client was booting up, the router was showing hits against the first line. The source of the packet was supposedly the client I was testing. But when I viewed the captured packets, there were only a handful of udp datagrams. None of them had a destination port of 1434.
So this leads me to believe the router is incorrectly blocking legitimate datagrams.
When I temporarily disable the ACL on the Ethernet interface, the problem goes away. The client can authenticate against its remote domain controller.
You are assuming that the traffic the router blocked was the "handful" of datagrams caught by the analyzer. But if the counts dont match on the access-list and the analyzer then it wasn't set up right. The list should work without significant delays. The real point may be that it looks like the client is infected.
I've modified the ACL on affected routers to the follwoing, and it seems to have fixed the problem. The common factors so far are: low-end routers, low-bandwidth circuits, and an old version of the IOS (the most recent I've seen is 11.2(18)).
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...