Network Security: Detailed info on Re: Dumb Dumb Question

Subject:	Re: Dumb Dumb Question
Date:	Thu, 13 Jan 2005 09:50:08 +0500


MSN uses a variety of ports: See link below for more information.

http://www.outpostfirewall.com/guide/rules/preset_rules/communication.htm

MSN File Transfers are on Ports 6891-6900 and Port 6901 is for Voice communication. Otherwise MSN uses TCP/UDP Port # 1863.

At 10:14 PM 1/12/2005, you wrote:

Ok,

I am having a hell of a time with some ACLs on a border device attached to our LAN.

I have a PIX which I am offloading some Processing to a 2600 from. I need the ACLs which would allow MSN Messenger access to the LAN as well as file sharing. However, I have hunted down all the known ports for MSN and even with the ACL applied I get immediate log outs from the clients when the ACL is applied.


Take a look and see if perhaps I am missing something.


Thanks,

These deny statements are just in the interest of keeping port scans from hitting my FW.

access-list 101 deny   tcp any any eq 135
access-list 101 deny   tcp any any eq 139
access-list 101 deny   tcp any any eq 445
access-list 101 deny   tcp any any range 3127 3198
access-list 101 deny   tcp any any eq 4899
access-list 101 permit ip host my.pub.ip. any
access-list 101 permit ip host my.pub.ip. any
access-list 101 permit ip host my.pub.ip. any
access-list 101 permit esp any any
access-list 101 permit gre any any
access-list 101 permit ahp any any
access-list 101 permit icmp any any
access-list 101 permit tcp any any eq 1023
access-list 101 permit udp any any eq 1701
access-list 101 permit tcp any any eq 1701
access-list 101 permit udp any any eq 1723
access-list 101 permit tcp any any eq 1723
access-list 101 permit tcp any any eq ftp
access-list 101 permit tcp any any eq 22
access-list 101 permit tcp any any eq telnet
access-list 101 permit tcp any any eq www
access-list 101 permit udp any any eq 47
access-list 101 permit udp any any eq domain
access-list 101 permit udp any any eq 92
access-list 101 permit tcp any any eq 443
access-list 101 permit udp any any eq isakmp
access-list 101 permit udp any any eq 990
access-list 101 permit tcp any any eq 990
access-list 101 permit udp any any eq non500-isakmp
access-list 101 permit udp any any eq 10000
access-list 101 permit tcp any any eq 10000
access-list 101 permit udp any any eq 62515
access-list 101 permit udp any any eq 2070
access-list 101 permit tcp any any eq 2070
access-list 101 permit udp any any eq 2797
access-list 101 permit tcp any any eq 2797
BJD


Brad Davenport, Director
Network Services
eGistics Inc.
<http://www.egisticsinc.com>www.egisticsinc.com
<mailto:bdavenport@egisticsinc.com>bdavenport@egisticsinc.com
972-851-3131
214-995-5629

Faisal Khan (Managing Director)
Net Access Communication Systems (Private) Limited.
1107 Park Avenue, 24-A, Block 6, PECHS,
Main Shahrah-e-Faisal, Karachi 74500 (PAKISTAN)

Tel: +92 (21) 431-0979, 431-0839, 454-4344, 454-4345
Fax: +92 (21) 454-4347, Mobile: +92 (300) 229019


URL:http://www.netxs.com.pk email: faisal@netxs.com.pk
ICQ ID: 3273471


"There are two major products that come out of Berkley:
LSD and UNIX. We do not believe this to be a coincidence."

                                - quote from -
                                Jeremy S. Anderson

<Prev in Thread]	Current Thread	[Next in Thread>
Dumb Dumb Question, Brad Davenport RE: Dumb Dumb Question, Pablo Hauser Re: Dumb Dumb Question, Faisal Khan <= RE: Dumb Dumb Question, Cameron . Dry RE: Dumb Dumb Question, Andrew Shore RE: Dumb Dumb Question, Stong, Ian C. \(Contractor\) Re: Dumb Dumb Question, Roger McLaren

Previous by Date:	RE: PIX 512E as VPN server : internal users ?, Cameron . Dry
Next by Date:	Re: Establishing VPN tunnel between Checkpoint Express and Netscreen, G.Sivasubramanian
Previous by Thread:	RE: Dumb Dumb Question, Pablo Hauser
Next by Thread:	RE: Dumb Dumb Question, Cameron . Dry
Indexes:	[Date] [Thread] [Top] [All Lists]