Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Cisco: NSP

bcp on edge filtering & udp

  

 
Cisco nsp RSS feed   Index | Next | Previous | View Threaded


mrz at velvet

Jun 30, 2008, 1:32 PM

Post #1 of 8 (543 views)
Permalink
bcp on edge filtering & udp
Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
if one already exists, otherwise I'll have to build my own :)
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


scubacuda at gmail

Jun 30, 2008, 2:45 PM

Post #2 of 8 (527 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
matthew zeier wrote:
> Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
> if one already exists, otherwise I'll have to build my own :)

Where are you trying to filter this? At your CPE router?
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


mrz at velvet

Jun 30, 2008, 10:29 PM

Post #3 of 8 (520 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
haven't made up my mind on that - either the routers directly connecting
to the Internet or closer into my "core".

Rogelio wrote:
> matthew zeier wrote:
>> Trying to find a pre-build set of ACLs for filtering bogus inbound
>> udp, if one already exists, otherwise I'll have to build my own :)
>
> Where are you trying to filter this? At your CPE router?
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


mksmith at adhost

Jun 30, 2008, 10:34 PM

Post #4 of 8 (521 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
Hey Matt:


> From: matthew zeier <mrz [at] velvet>
> Date: Mon, 30 Jun 2008 13:32:06 -0700
> To: "cisco-nsp [at] puck" <cisco-nsp [at] puck>
> Subject: [c-nsp] bcp on edge filtering & udp
>
> Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
> if one already exists, otherwise I'll have to build my own :)

Here's a good start.

access-list 199 deny udp any any eq 135
access-list 199 deny udp any any eq 137
access-list 199 deny udp any any eq 138
access-list 199 deny udp any any eq 139
access-list 199 deny udp any any eq 445
access-list 199 deny udp any any eq 4899
access-list 199 deny udp any any eq 1434
access-list 199 deny udp any any eq 194
access-list 199 deny udp any any eq 529
access-list 199 deny udp any any eq 994
access-list 199 deny udp any any eq 69
access-list 199 deny udp any any range 6666 6669

Regards,

Mike

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


mrz at velvet

Jul 1, 2008, 9:40 AM

Post #5 of 8 (516 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
I keep seeing stuff with a udp src or dst port of 0. Anyone else see
that in the wild?

Michael Smith wrote:
> Hey Matt:
>
>
>> From: matthew zeier <mrz [at] velvet>
>> Date: Mon, 30 Jun 2008 13:32:06 -0700
>> To: "cisco-nsp [at] puck" <cisco-nsp [at] puck>
>> Subject: [c-nsp] bcp on edge filtering & udp
>>
>> Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
>> if one already exists, otherwise I'll have to build my own :)
>
> Here's a good start.
>
> access-list 199 deny udp any any eq 135
> access-list 199 deny udp any any eq 137
> access-list 199 deny udp any any eq 138
> access-list 199 deny udp any any eq 139
> access-list 199 deny udp any any eq 445
> access-list 199 deny udp any any eq 4899
> access-list 199 deny udp any any eq 1434
> access-list 199 deny udp any any eq 194
> access-list 199 deny udp any any eq 529
> access-list 199 deny udp any any eq 994
> access-list 199 deny udp any any eq 69
> access-list 199 deny udp any any range 6666 6669
>
> Regards,
>
> Mike
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


p.mayers at imperial

Jul 1, 2008, 9:42 AM

Post #6 of 8 (511 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
matthew zeier wrote:
> I keep seeing stuff with a udp src or dst port of 0. Anyone else see
> that in the wild?

If you're getting that from netflow, it's probably IP fragments.
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


dwinkworth at wi

Jul 1, 2008, 11:26 AM

Post #7 of 8 (513 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
DLSw uses UDP port 0 by default. There is a feature that allows you to disable this.

http://www.cisco.com/en/US/tech/tk331/tk336/technologies_tech_note09186a0080093eca.shtml


---- matthew zeier <mrz [at] velvet> wrote:
> I keep seeing stuff with a udp src or dst port of 0. Anyone else see
> that in the wild?
>
> Michael Smith wrote:
> > Hey Matt:
> >
> >
> >> From: matthew zeier <mrz [at] velvet>
> >> Date: Mon, 30 Jun 2008 13:32:06 -0700
> >> To: "cisco-nsp [at] puck" <cisco-nsp [at] puck>
> >> Subject: [c-nsp] bcp on edge filtering & udp
> >>
> >> Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
> >> if one already exists, otherwise I'll have to build my own :)
> >
> > Here's a good start.
> >
> > access-list 199 deny udp any any eq 135
> > access-list 199 deny udp any any eq 137
> > access-list 199 deny udp any any eq 138
> > access-list 199 deny udp any any eq 139
> > access-list 199 deny udp any any eq 445
> > access-list 199 deny udp any any eq 4899
> > access-list 199 deny udp any any eq 1434
> > access-list 199 deny udp any any eq 194
> > access-list 199 deny udp any any eq 529
> > access-list 199 deny udp any any eq 994
> > access-list 199 deny udp any any eq 69
> > access-list 199 deny udp any any range 6666 6669
> >
> > Regards,
> >
> > Mike
> >
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/


whisper555 at gmail

Jul 1, 2008, 8:59 PM

Post #8 of 8 (500 views)
Permalink
Re: bcp on edge filtering & udp [In reply to]
access-list 199 permit tcp any any
access-list 199 permit icmp any any

:)

On Tue, Jul 1, 2008 at 3:34 PM, Michael Smith <mksmith [at] adhost> wrote:

> Hey Matt:
>
>
> > From: matthew zeier <mrz [at] velvet>
> > Date: Mon, 30 Jun 2008 13:32:06 -0700
> > To: "cisco-nsp [at] puck" <cisco-nsp [at] puck>
> > Subject: [c-nsp] bcp on edge filtering & udp
> >
> > Trying to find a pre-build set of ACLs for filtering bogus inbound udp,
> > if one already exists, otherwise I'll have to build my own :)
>
> Here's a good start.
>
> access-list 199 deny udp any any eq 135
> access-list 199 deny udp any any eq 137
> access-list 199 deny udp any any eq 138
> access-list 199 deny udp any any eq 139
> access-list 199 deny udp any any eq 445
> access-list 199 deny udp any any eq 4899
> access-list 199 deny udp any any eq 1434
> access-list 199 deny udp any any eq 194
> access-list 199 deny udp any any eq 529
> access-list 199 deny udp any any eq 994
> access-list 199 deny udp any any eq 69
> access-list 199 deny udp any any range 6666 6669
>
> Regards,
>
> Mike
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp [at] puck
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
_______________________________________________
cisco-nsp mailing list cisco-nsp [at] puck
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Cisco nsp RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.