On Thu, 25 Apr 1996, Eric Wieling wrote:
Eric,
this is a classic example of a more unpopular stance which says:
"That which is not expressly prohibited, is permited"
That which is not expressly prohibited...
> ! Prevent IP spoofing
> access-list 100 deny ip 127.0.0.0 0.255.255.255 any log
> access-list 100 deny ip 198.105.96.0 0.0.7.255 any log
> ! Prevent access to unprotected services
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq netbios-ns log
> access-list 100 deny tcp any 198.105.96.0 0.0.7.255 eq 139 log
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq snmp log
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq snmptrap log
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq syslog log
> access-list 100 deny tcp any 198.105.96.0 0.0.7.255 eq 515 log
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq 1645 log
> access-list 100 deny udp any 198.105.96.0 0.0.7.255 eq 1646 log
> access-list 100 deny tcp any 198.105.96.0 0.0.7.255 eq 8080 log
is permited.
> ! Allow everything else.
> access-list 100 permit ip any any
> access-list 100 permit udp any any
> access-list 100 permit icmp any any
Most paranoids will take the more popular stance which states:
"That which is not expressly permited, is prohibited!"
Enough said.
-blast
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
\ Tim Keanini | "The limits of my language, /
/ aka blast | are the limits of my world." \
\ | --Ludwig Wittgenstein /
/ | \
\ +================================================/
/ PUB KEY: http://www-swiss.ai.mit.edu/~bal/pks-commands.html \
\ <blast @
crl .
com> /
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
References:
|
|
