I have a max 6000 that has been in service for over a year and recently began having problems. My monitoring program shows that it is dropping off line at any given time. I am unable to telnet to it but my customers and I can still reach it on a dialup request. My question is this seems to have started since the release of the blast worm, does/can this have any effect on this box? Are they any measusres I can take to stop this, patch/fix this the problem if it is coming from this problem?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Max 6000 1
- Thread starter gdeclue
- Start date
-
1
- #2
MaxPipeline
Vendor
You can try applying filters for the ports specified by the CERT regarding the blaster worm. Goto for details on ports to filter.
- Thread starter
- #3
To show my stupidity with the vast functionality of this piece of equipment would this be a valid filter
Forward= (no or yes)
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=1
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=N/A
Then I apply this filter under the wan how? Sorry for the dumb questions but I am not 100% sure how to do this.
Forward= (no or yes)
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=1
Src Port Cmp=None
Src Port #=N/A
Dst Port Cmp=None
Dst Port #=N/A
TCP Estab=N/A
Then I apply this filter under the wan how? Sorry for the dumb questions but I am not 100% sure how to do this.
MaxPipeline
Vendor
No this is not a valid filter. You have to first apply a filter for a particular TCP/UDP port or protocol. Then do the next port, etc. Then you need end that with a generic forward all. The idea is the Max will look at each filter rule. If the condition is met then the packet is dropped. However, if the condition is not met then it will look at the next filter and so on and so forth. That is why you need the final generic forward all filter as the last filter. If it was anywhere else it would supercede any filter after that numerically. Remember that the same applies for incoming and outgoing.
That said, here is an example of the first filter. For this example I will block TCP 135.
Ethernet > Filters > IP Call > Input filter... > In filter 01
Valid=Yes
Type=IP
Ip...
Forward=No (No means to drop packet if condition is met)
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=6 (1=ICMP, 6=TCP, 17=UDP. This info is in your manuals)
Src Port Cmp=None (leave as None since it is the dest port we are concerned with here)
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=135
TCP Estab=No
The next filter to block UDP 135 would be the same except Protocol=17 instead of 6. Follow this example for all filters. Make sure you still have one filter left for your Generic Forward all. Configure as follows:
Ethernet > Filters > IP Call > Input filter... > In filter x
Valid=Yes
Type=Generic
Generic...
Forward=Yes
Leave all else default. Do the same for the outgoing filter. To apply the filter to your dial in users goto:
Ethernet > Connections > [connection profile name] > Session options...
Data Filter=1 (Assuming you used the first filter position 90-501. For 90-502 set Data filter=2, etc.)
Keep in mind the filter will not take affect until after the user reconnects to the Max. To apply the filter to your ethernet port goto:
Ethernet > Mod Config > Ether options...
Filter=1 (same rule applies as with connection profile)
Just another note, all this can be found in your manuals. If you don't have a manual, you can download PDF versions at
Good luck!
That said, here is an example of the first filter. For this example I will block TCP 135.
Ethernet > Filters > IP Call > Input filter... > In filter 01
Valid=Yes
Type=IP
Ip...
Forward=No (No means to drop packet if condition is met)
Src Mask=0.0.0.0
Src Adrs=0.0.0.0
Dst Mask=0.0.0.0
Dst Adrs=0.0.0.0
Protocol=6 (1=ICMP, 6=TCP, 17=UDP. This info is in your manuals)
Src Port Cmp=None (leave as None since it is the dest port we are concerned with here)
Src Port #=N/A
Dst Port Cmp=Eql
Dst Port #=135
TCP Estab=No
The next filter to block UDP 135 would be the same except Protocol=17 instead of 6. Follow this example for all filters. Make sure you still have one filter left for your Generic Forward all. Configure as follows:
Ethernet > Filters > IP Call > Input filter... > In filter x
Valid=Yes
Type=Generic
Generic...
Forward=Yes
Leave all else default. Do the same for the outgoing filter. To apply the filter to your dial in users goto:
Ethernet > Connections > [connection profile name] > Session options...
Data Filter=1 (Assuming you used the first filter position 90-501. For 90-502 set Data filter=2, etc.)
Keep in mind the filter will not take affect until after the user reconnects to the Max. To apply the filter to your ethernet port goto:
Ethernet > Mod Config > Ether options...
Filter=1 (same rule applies as with connection profile)
Just another note, all this can be found in your manuals. If you don't have a manual, you can download PDF versions at
Good luck!
- Status
Similar threads
- Locked
- Question