Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
524
Views
0
Helpful
3
Replies

ACL question (2)

Go to solution
rezaalikhani
Level 3
Level 3

‎01-22-2006 03:08 AM - edited ‎03-03-2019 01:32 AM

What do the following ACLs mean?

deny or permit deny ip host 127.0.0.1 any

deny or permit deny tcp any any eq 1025

deny or permit deny tcp any any eq 445

deny or permit deny udp any any eq 445

deny or permit tcp any any range 135 139

deny or permit udp any any range 135 netbios-ss

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
pkhatri
Level 11
Level 11

‎01-22-2006 03:26 AM

Hi,

deny or permit deny ip host 127.0.0.1 any

- matches on packets sourced from the loopback address 127.0.0.

deny or permit deny tcp any any eq 1025

- matches on packets destined to tcp port 1025, which is used by by the Microsft RPC service

deny or permit deny tcp any any eq 445

- matches on packets destined to tcp port 445, which is used by windows for supporting Samba over TCP

deny or permit deny udp any any eq 445

- matches on packets destined to tcp port 445, which is used by windows for supporting Samba over UDP

deny or permit tcp any any range 135 139

- matches on packets destined to tcp ports 135-139, which are used by by the Microsft RPC & NetBIOS services

deny or permit udp any any range 135 netbios-ss

- matches on packets destined to udp ports 135-139, which are used by by the Microsft RPC & NetBIOS services

These entries are typically used in ACLs for the provision of security by blocking access to common Microsoft services...

Pls remember to rate posts.

Paresh

View solution in original post

0 Helpful
3 Replies 3

Go to solution
pkhatri
Level 11
Level 11

‎01-22-2006 03:26 AM

Hi,

deny or permit deny ip host 127.0.0.1 any

- matches on packets sourced from the loopback address 127.0.0.

deny or permit deny tcp any any eq 1025

- matches on packets destined to tcp port 1025, which is used by by the Microsft RPC service

deny or permit deny tcp any any eq 445

- matches on packets destined to tcp port 445, which is used by windows for supporting Samba over TCP

deny or permit deny udp any any eq 445

- matches on packets destined to tcp port 445, which is used by windows for supporting Samba over UDP

deny or permit tcp any any range 135 139

- matches on packets destined to tcp ports 135-139, which are used by by the Microsft RPC & NetBIOS services

deny or permit udp any any range 135 netbios-ss

- matches on packets destined to udp ports 135-139, which are used by by the Microsft RPC & NetBIOS services

These entries are typically used in ACLs for the provision of security by blocking access to common Microsoft services...

Pls remember to rate posts.

Paresh

0 Helpful

Go to solution
rezaalikhani
Level 3
Level 3
In response to pkhatri

‎01-22-2006 04:13 AM

thanks;

Where can I find a complete list of these options?

reza

0 Helpful

Go to solution
pkhatri
Level 11
Level 11
In response to rezaalikhani

‎01-22-2006 04:18 AM

You can't.. you just have to find out the applications you want to block and craft access-lists accordingly.

However, the following site maintains a secure IOS template that you can use as a starting point:

http://www.cymru.com/Documents/secure-ios-template.html

Pls rate the post if it helps.

Paresh

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents