02-11-2004 10:19 AM - edited 03-09-2019 06:23 AM
Hey all, I have a quick question. I currently am being flooded from one IP with SMTP packets going to my email server. I am trying to block this IP address at the router level but cannot seem to get it. I am hoping this is a simple thing, but am not sure. The offending IP address is 192.165.243.110 Here is my current ACL for the incoming connections:
==SNIP==
access-list 101 deny tcp any any eq 28
access-list 101 deny udp any any eq tftp
access-list 101 deny tcp any any eq 135
access-list 101 deny udp any any eq 135
access-list 101 deny udp any any eq netbios-ns
access-list 101 deny udp any any eq netbios-dgm
access-list 101 deny tcp any any eq 139
access-list 101 deny tcp any any eq 445
access-list 101 deny tcp any any eq 4444
access-list 101 deny tcp host 192.165.243.110 any
access-list 101 deny udp host 192.165.243.110 any
access-list 101 deny ip host 192.165.243.110 any
access-list 101 deny ip 192.168.0.0 0.0.255.255 192.168.0.0 0.0.255.255
access-list 101 permit ip 192.168.0.0 0.0.255.255 any
==SNIP==
Now I could go into detail about every line, but the lines I am concerned about are the ones denying access to that IP address. By all accounts, blocking it at udp, tcp and ip should work but it is not. Anyone have any suggestions as to what I am doing wrong? Thanks!
Joe
02-11-2004 01:55 PM
Hi,
Your access-list statement is correct, now the question is , what are the top few lines of this access-list?
I mean, you have provided with a snippet from the middle, so unless you tell us the access-list entreis from teh begining till this line
access-list 101 deny tcp host 192.165.243.110 any
we can't be sure of what is happening.
Secondly, is the access-list really applied? if yes, then on which interface and on which direction.
Thanks
Nadeem
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide