Question : cisco access-list

Hello Experts,

I am hoping there is a cisco guru here. I am trying to block port 135 and 445 for non-existent networks in order to mitigate the effects of the Welchia/Blaster worm. I have these entries in our access-list but they are not working. They instead block all traffic for the class b network, only the class c address are working now.

We want to two-way traffic between any source and the networks below:
172.16.0.0 - 172.23.0.0 netmask 255.255.128.0(allowed)
172.24.0.0 (students - deny them)

----------------------------------------------------------------
permit tcp any 192.168.10.0 0.0.0.255 eq 135
permit tcp any 192.168.10.0 0.0.0.255 eq 445
permit tcp any 192.168.11.0 0.0.0.255 eq 135
permit tcp any 192.168.11.0 0.0.0.255 eq 445
permit tcp any 172.16.0.0 0.7.255.255 eq 135
permit tcp any 172.16.0.0 0.7.255.255 eq 445
deny ip 172.24.0.0 0.7.255.255 172.16.0.0 0.7.255.255
deny tcp any any eq 135 deny tcp any any eq 445
permit ip any any

Thanks in advance.

Ian

Answer : cisco access-list

Access lists tax the cpu. If all you want to do is block traffic to non-existent networks, then add the below to your router. Any traffic to a private network it doesn't have a route to will go nowhere.

ip route 10.0.0.0 255.0.0.0 Null0
ip route 172.16.0.0 255.240.0.0 Null0
ip route 192.168.0.0 255.255.0.0 Null0

-Pascal

Random Solutions

Am hooking up Linksys WRT54G router to dial return cable modem service from Communicom Cable.Netcommander.com. Cannot connect to internet.

What do I do with all these static ip's?

Practical Networking Guide

Lotus notes archiving

Can't get WSUS Group Policy to override Default Domain Policy

How do reverse DNS entries get reset?

RRAS Problem; can't connect to Windows 2000 PPTP server

Oddities when setting up a secondary dns server

DNS Name Resolution Problem

Avoidoing roaming profiles for all domain users on one workstation