Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

accesslist

We are having two routers 7206VXR in routers we applied the accesslist. some virus will come in remote location. in our core routers accesslist netbios hit count is increasing.pls find the attachment of the accesslist.pls study this accesslist.and what is the use for this accesslist?

Pls reply.

3 REPLIES
New Member

Re: accesslist

Hello,

From the attached output, the extended ACL#135 references MS NetBIOS ports and indicates hits to the ACL statements:

Extended IP access list 135

10 deny tcp any any eq 135 (391406 matches)

40 deny tcp any any eq 139 (918111 matches)

60 deny udp any any eq netbios-ns (14663 matches)

70 deny udp any any eq netbios-dgm (1005 matches)

90 deny tcp any any eq 445 (450131 matches)

160 deny tcp any eq 135 any (2 matches)

190 deny tcp any eq 139 any (2499 matches)

These are well known port numbers defined within the ACL which deny any source making a connection to any destination on these ports.

epmap 135/tcp DCE endpoint resolution

epmap 135/udp DCE endpoint resolution

netbios-ns 137/tcp NETBIOS Name Service

netbios-ns 137/udp NETBIOS Name Service

netbios-dgm 138/tcp NETBIOS Datagram Service

netbios-dgm 138/udp NETBIOS Datagram Service

netbios-ssn 139/tcp NETBIOS Session Service

netbios-ssn 139/udp NETBIOS Session Service

microsoft-ds 445/tcp Microsoft-DS

microsoft-ds 445/udp Microsoft-DS

Additional well known ports can be found at:

http://www.iana.org/assignments/port-numbers

For specific purposes of the Microsft networking protocols (i.e. end-point mapper, Directory Services, etc) you can verify at www.microsoft.com.

Hope this helps.

Regards.

New Member

Re: accesslist

epmap 135/tcp DCE endpoint resolution

epmap 135/udp DCE endpoint resolution

netbios-ns 137/tcp NETBIOS Name Service

netbios-ns 137/udp NETBIOS Name Service

netbios-dgm 138/tcp NETBIOS Datagram Service

netbios-dgm 138/udp NETBIOS Datagram Service

netbios-ssn 139/tcp NETBIOS Session Service

netbios-ssn 139/udp NETBIOS Session Service

microsoft-ds 445/tcp Microsoft-DS

microsoft-ds 445/udp Microsoft-DS

the above access list is applied in remote location router?.suppose any virus attack in remotelocation this will deny the traffic.

how to know which location is affected virus.

pls send me some commands for checking.

New Member

Re: accesslist

Hello,

Have you tried configuring ip accounting access-violations on the interface where the ACL is applied. You can view the results with show ip accounting access-violations.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d169.html#wp1091971

Hope this helps.

Regards,

James

163
Views
0
Helpful
3
Replies
CreatePlease login to create content