Home page logo
/

basics logo Security Basics mailing list archives

RE: deny access
From: "Tran, Nhon" <Nhon.Tran () logicacmg com>
Date: Thu, 2 Dec 2004 14:06:14 +1100

If this is an edge router you'd like secure it a bit more, a good place to
start is the NSA security configuration guides. They give an explaination of
the configurations to make and why they are needed
http://www.nsa.gov/snac/index.cfm?MenuID=scg10.3.1 
They have guides for switches, routers, servers etc etc.  

If you're just looking at cisco gear, look out for the cisco SAFE
whitepapers. If you have a cisco cco login, the output interperter is pretty
niffty in recommend security fixes if you paste in a show run.. But if you
have any other concerns about the config of the router/switch stick in a
show tech.. 


-----Original Message-----
From: Paris E. Stone [mailto:pstone () alhurra com] 
Sent: Wednesday, 1 December 2004 11:52 AM
To: richardw () area52 allserve net; GuidoZ
Cc: Carlos Garcia; Agarwal, Ankur; security-basics () securityfocus com
Subject: RE: deny access

~Begin Chastise~
He posted to the SECURITY-BASICS mailing list.  
That would pretty much "determine the correct level of help" in my mind.
~End Chastise~
~
~Begin pathetic attempt at help~

And, technically speaking,

"access-list 101 deny ip source ip destination ip" 

is the correct syntax, but the information he didn't get was:

There is an implicit "deny any any" in all Cisco ACLs, which means a 1 line
ACL to block one host would effectively block all hosts.
&
ACL built, but it still needs bound

From interface config mode,

"ip access-group 101 in interface "

is the second part of the equation.
&
If there are no ACLs now, make it a two liner, the deny line, and:
access-list 101 permit ip any any

~End pathetic attempt at help~

My .02

-----Original Message-----
From: richardw [mailto:richardw () area52 allserve net]
Sent: Monday, November 29, 2004 11:11 PM
To: GuidoZ
Cc: Carlos Garcia; Agarwal, Ankur; security-basics () securityfocus com
Subject: Re: deny access

Everyone, I want to take this opportunity to apologize for Guido. 
Carlos, if you still need help, email me off the list, and we'll help get
squared away.

Saludos,

Richard

GuidoZ wrote:
This is why I said it was better for him to find the answers on his 
own, and not just tell him the ACL format. Otherwise it's very likely 
that something will get messed up and he won't be able to fix it, or 
ask questions online. ;)

Think about things before you act everyone. There is certainly nothing 
wrong with helping out someone in need, although, you must determine 
the correct level of help.

--
Peace. ~G


On Thu, 25 Nov 2004 19:40:40 -0700, Carlos Garcia 
<carlosg () cabonet net mx> wrote:

ok i just write
access-list 101 deny ip host 216.212.33.185 any is this ok?
i put too
access-list 101 deny ip 216.212.33.185 255.255.255.255 any...
and can somebody tell me how to improve this, i run some servers and i
want
to protec them
mail, web,dns,proxy's where can i find a list so that it helps me how
to
configure the router to support QoS i need it for VoIP service???
thanks for
all the help

Atte.
Carlos A. Garcia G.
Cabonet Staff
Tel (624) 14 30120


----- Original Message -----
From: "Agarwal, Ankur" <Ankur.Agarwal () colt-telecom com>
To: "'Carlos Garcia'" <carlosg () cabonet net mx>; 
<security-basics () securityfocus com>
Sent: Thursday, November 25, 2004 7:17 PM
Subject: RE: deny access


HI
Simply create an deny access list to block this IP.

Access-list 101 deny ip source ip destination ip



Thanks & Regards,

___________________________________________________
Ankur Agarwal



One Dial : 8-911-7428
Tel : +91 124 5157000 (Ext. 2272)
*Cell : +91 9810702016



COLT India
ankur.agarwal () colt-telecom com

___________________________________________________




-----Original Message-----
From: Carlos Garcia [mailto:carlosg () cabonet net mx]
Sent: 25 November 2004 04:58
To: security-basics () securityfocus com
Subject: deny access


newbie question how can i block this ip 216.212.33.185 i have a cisco
7200
this ip is trying to send mail with my server, i did not configure
the
router so i dont know how to do this any help?


Atte.
Carlos A. Garcia G.
Cabonet Staff
Tel (624) 14 30120



*********************************************************************
****************
The message is intended for the named addressee only and may not be 
disclosed to or used by anyone else, nor may it be copied in any way.

The contents of this message and its attachments are confidential and
may
also be subject to legal privilege.  If you are not the named
addressee
and/or have received this message in error, please advise us by
e-mailing
security () colt net and delete the message and any attachments without 
retaining any copies.

Internet communications are not secure and COLT does not accept 
responsibility for this message, its contents nor responsibility for
any
viruses.

No contracts can be created or varied on behalf of COLT 
Telecommunications, its subsidiaries or affiliates ("COLT") and any
other
party by email Communications unless expressly agreed in writing with
such
other party.

Please note that incoming emails will be automatically scanned to 
eliminate potential viruses and unsolicited promotional emails. For
more
information refer to www.colt.net or contact us on +44(0)20 7390
3900.






--
------------------------------------------------------------------------
   ____/\___  |                                     | "If you can't beat
   ___/__\__) |              richardw               | them, then they're
  (__/    \__ | mailto:richardw!area52.allserve.net | not tied down good
    /      \  |                                     | enough..."
------------------------------------------------------------------------


This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary 
material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, 
retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and 
any attachment and all copies and inform the sender. Thank you.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]