savagecurtis
MIS
OK. My question is similar to this thread:
thread557-699450 a more detailed.
I want to block port 135. My server keeps recieving/sending packets from this port. I have tried adding access-lists in my Cisco 802 router such as:
access-list 121 deny tcp any any eq 135
access-list 121 deny tcp any eq 135 any
ect....but I am still seeing these packets reach my server. I added these filters to list 121 because that is an existing list configured in the router (before I came here).
Do you have to set the access list to certain interfaces for it to work? If I look in the startup/running config I can see under the "Ethernet0" interface "ip access-group 121 in" ....which I am assuming sets the access group 121 to that interface. Am I even close to the right track here????
Also, right before the port 135 packets show up, i usually see a couple ICMP packets go to and from the IP address that then sends the packets to port 135. Do I need to do something with the tcp flag status?
I would really appreciate help with this...I feel very lost
Thanks
P.S. I know this sounds like Blaster...but i have the patch installed, and the removal tool does not find blaster! >_<
thread557-699450 a more detailed.
I want to block port 135. My server keeps recieving/sending packets from this port. I have tried adding access-lists in my Cisco 802 router such as:
access-list 121 deny tcp any any eq 135
access-list 121 deny tcp any eq 135 any
ect....but I am still seeing these packets reach my server. I added these filters to list 121 because that is an existing list configured in the router (before I came here).
Do you have to set the access list to certain interfaces for it to work? If I look in the startup/running config I can see under the "Ethernet0" interface "ip access-group 121 in" ....which I am assuming sets the access group 121 to that interface. Am I even close to the right track here????
Also, right before the port 135 packets show up, i usually see a couple ICMP packets go to and from the IP address that then sends the packets to port 135. Do I need to do something with the tcp flag status?
I would really appreciate help with this...I feel very lost
Thanks
P.S. I know this sounds like Blaster...but i have the patch installed, and the removal tool does not find blaster! >_<