Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Server down in case of configuring access-list for protecting worms

I find a strange situation.

In the router, when I configure the access-list for protecting worm port like followings. If I configure these access-lists, servers connected to this router is well operating. But, when I delete access-list configuration, servers will be downed. What is the cause ?

interface Vlan200

ip address 203.237.0.5 255.255.255.0

ip access-group 101 in

ip access-group 102 out

access-list 101 remark "Bagle.U Worm"

access-list 101 deny tcp any any eq 4751

access-list 101 remark "WORM_Agobot.gen"

access-list 101 deny tcp any any eq 135

access-list 101 remark "WORM_MYDOOM.b"

access-list 101 deny tcp any any eq 1080

access-list 101 deny tcp any any eq 3218

access-list 101 deny tcp any any eq 10080

access-list 101 remark "WORM_MYDOOM.A"

access-list 101 deny tcp any any eq 3127

access-list 101 remark "SPYBOT.S

access-list 101 deny tcp any any eq 31031

access-list 101 remark "Wout32.Bagle , Mirc"

access-list 101 deny tcp any any eq 6667

access-list 101 remark "Wout32.Sobig.worm.F"

access-list 101 deny udp any any range 995 999

access-list 101 remark "Wout32.Welchia.worm"

access-list 101 deny tcp any any eq 707

access-list 101 deny udp any any eq 2048

access-list 101 remark "W32.Blaster.Worm"

access-list 101 deny tcp any any eq 4444

access-list 101 remark "Backdoor.IRC.Cirebot"

access-list 101 deny tcp any any eq 57005

access-list 101 deny udp any any eq 57005

access-list 101 deny tcp any any range 1235 1238

access-list 101 remark "Kita Worm"

access-list 101 deny udp any any eq 1204

access-list 101 deny tcp any any eq 593

access-list 101 deny tcp any any eq 28290

access-list 101 deny tcp any any eq 12345

access-list 101 remark "Bagle.P"

3 REPLIES

Re: Server down in case of configuring access-list for protectin

Hi

Hope ur well aware that if u have access-group under the interface and if u remvoe the aceess lists associated with it you will loose the connectivity.

Again in the ACLs mentioned in your post i dont c any permit statement in the end of the same and also u didnt mention up the second part which is access-lsit 102..

if possible do post them out as an attachment over here..

have you got all windows based servers over there ?

if yes have u got them patched them with the latest updates ??Also about Antivirus,have u got the latest updates installed ??

Also do close out the unecessary unsed ports if you arent using them up in the server.

regds

Hall of Fame Super Silver

Re: Server down in case of configuring access-list for protectin

Actually it has not been true for a long time that if you have access lists defined, have access-group applied to interface, and then remove the access list that you lose connectivity because of the implicit deny any at the end of the access list. At one point in time that was the behavior of IOS, but it has not worked that way for a very long time. The behavior now is that if you remove the access list it acts like there is a permit any.

Edwin's point about not seeing any permit in the access list is well taken. If an access list has a number of deny statements and no permit statements, then I would expect to lose connectivity since everything would be denied.

So the behavior described is the reverse of the behavior that I would expect. I am not sure how to explain this.

HTH

Rick

New Member

Re: Server down in case of configuring access-list for protectin

Access -list command will have 'permit' statement below. And ip access-group command is configured on the router. So, accees-list configuration is perfect.

OS of servers are Window or Linux based.

Antivirus patch is done.

I think slow servers is problem.

Complex access-list configurations on the router enable fast packet transmission to servers.

Then server will be downed.

Can this scenario be correct?

In fact, if I delete access-list configuration, server become downed.

Server upgrade can be a change fot the better?

113
Views
0
Helpful
3
Replies
CreatePlease to create content