Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
818
Views
0
Helpful
3
Replies

accesslist

subashmbi
Level 1
Level 1

‎02-15-2006 06:42 AM - edited ‎03-03-2019 11:45 AM

We are having two routers 7206VXR in routers we applied the accesslist. some virus will come in remote location. in our core routers accesslist netbios hit count is increasing.pls find the attachment of the accesslist.pls study this accesslist.and what is the use for this accesslist?

Pls reply.

Labels:
16619-acceslist.txt
0 Helpful
3 Replies 3

jarathbu
Level 1
Level 1

‎02-15-2006 02:26 PM

Hello,

From the attached output, the extended ACL#135 references MS NetBIOS ports and indicates hits to the ACL statements:

Extended IP access list 135

10 deny tcp any any eq 135 (391406 matches)

40 deny tcp any any eq 139 (918111 matches)

60 deny udp any any eq netbios-ns (14663 matches)

70 deny udp any any eq netbios-dgm (1005 matches)

90 deny tcp any any eq 445 (450131 matches)

160 deny tcp any eq 135 any (2 matches)

190 deny tcp any eq 139 any (2499 matches)

These are well known port numbers defined within the ACL which deny any source making a connection to any destination on these ports.

epmap 135/tcp DCE endpoint resolution

epmap 135/udp DCE endpoint resolution

netbios-ns 137/tcp NETBIOS Name Service

netbios-ns 137/udp NETBIOS Name Service

netbios-dgm 138/tcp NETBIOS Datagram Service

netbios-dgm 138/udp NETBIOS Datagram Service

netbios-ssn 139/tcp NETBIOS Session Service

netbios-ssn 139/udp NETBIOS Session Service

microsoft-ds 445/tcp Microsoft-DS

microsoft-ds 445/udp Microsoft-DS

Additional well known ports can be found at:

http://www.iana.org/assignments/port-numbers

For specific purposes of the Microsft networking protocols (i.e. end-point mapper, Directory Services, etc) you can verify at www.microsoft.com.

Hope this helps.

Regards.

0 Helpful

subashmbi
Level 1
Level 1
In response to jarathbu

‎02-16-2006 01:15 AM

epmap 135/tcp DCE endpoint resolution

epmap 135/udp DCE endpoint resolution

netbios-ns 137/tcp NETBIOS Name Service

netbios-ns 137/udp NETBIOS Name Service

netbios-dgm 138/tcp NETBIOS Datagram Service

netbios-dgm 138/udp NETBIOS Datagram Service

netbios-ssn 139/tcp NETBIOS Session Service

netbios-ssn 139/udp NETBIOS Session Service

microsoft-ds 445/tcp Microsoft-DS

microsoft-ds 445/udp Microsoft-DS

the above access list is applied in remote location router?.suppose any virus attack in remotelocation this will deny the traffic.

how to know which location is affected virus.

pls send me some commands for checking.

0 Helpful

jarathbu
Level 1
Level 1
In response to subashmbi

‎02-16-2006 03:43 AM

Hello,

Have you tried configuring ip accounting access-violations on the interface where the ACL is applied. You can view the results with show ip accounting access-violations.

http://www.cisco.com/en/US/products/sw/iosswrel/ps5187/products_command_reference_chapter09186a008017d169.html#wp1091971

Hope this helps.

Regards,

James

0 Helpful
Customers Also Viewed These Support Documents