The more paranoid amongst us would apply a list inbound on the serial
permitting only traffic to desired servers, and maybe established
connections. Then on the ethernet interface, setup an inbound list that
blocks connections that were originated by the servers, since a server
shouldn't originate a connection. This last step would make the current IIS
worm die pretty quickly.
Brian
----- Original Message -----
From: "Tony van Ree"
To:
Sent: Monday, August 13, 2001 12:11 AM
Subject: Re: Access Lists On Routers [7:15830]
> Hi,
>
> This depends on what you are trying to acheive but under most
circumstances
> one would tend to block the traffic at the entry point. For example, if
it
> was traffic from the WAN the block it coming in on the WAN interface. If
> however you wanted to see the traffic in the router for some reason then
you
> might apply the same access-list on the ethernet going out.
>
> So it really depends on what the needs of your access-lists are. Usually
on
> a 1 WAN port to 1 Ethernet port incoming from the WAN do it as INCOMING on
> the WAN port.
>
> Just some long winded thoughts from an older guy.
>
> Teunis,
> Hobart, Tasmania
> Australia
>
>
> On Monday, August 13, 2001 at 02:25:48 AM, yusuf ujjainwala wrote:
>
> > I am a network engineer and have been assigned a task of implementing
> access
> > lists on our routers. I have decided on implementing extended access
lists
> > permitting specific ports and restricting the other unwanted ports,but I
am
> > not sure as to where I should apply the access lists ,on the ethernet or
> > serial interfaces ,and whether inbound or outbound access lists should
be
> > applied.
> > Can somebody help me .
> --
> www.tasmail.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=15882&t=15830
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
