2 messages in net.nether.puck.cisco-nsp[c-nsp] Problem with ADSL and ports t...| From | Sent On | Attachments |
|---|---|---|
| secu...@cytanet.com.cy | Jul 23, 2004 10:01 am | |
| Ryan O'Connell | Jul 23, 2004 1:55 pm |
| Subject: | [c-nsp] Problem with ADSL and ports tcp 445 & tcp 135 | |
|---|---|---|
| From: | secu...@cytanet.com.cy (secu...@cytanet.com.cy) | |
| Date: | Jul 23, 2004 10:01:34 am | |
| List: | net.nether.puck.cisco-nsp | |
Hello all
I had a very strange problem that is taking a lot of my time and I could not
figure out what it could be the cause. The situation is like below:
I have adsl users that connects to the INTERNET via cisco7400 routers. On the
C7400 I have ATM links that connect to the BAS (Broadband Access Servers). On
the ATM interface of the C7400 I have an access-list that denies some ports.
Among the ports that we are denying are the tcp 445 and tcp 135. Some customers
have routers installed at their premises and they connect these routers to the
adsl router of the provider. The strange thing is that some of the customers
that have routers at their sides cannot see local webpages (Web pages that are
located on our network as we are their local ISP) and they cannot get e.mail.
The same customers can see all other web pages and they can browse on the
Internet without any problem..
What is really strange is that if I permit tcp any any 445 and tcp any any 135
on the access-list that is located in the c7400 the customers with the routers
start working.. But the most strange thing is that I have to permit first tcp
445 and then 135 and I must put them as the very first line on the access-list.
If I have a line before them, the problem is their. (as below
This scenario works Access-list 101 permit tcp any any eq 145 Access-list 101 permit tcp any any 135 Other lines follow.................
This scenario is not working Access-list 101 permit tcp any any eq 135 Access-list 101 permit tcp any any eq 445 ..other lines follow..
This scenario is not working Access-list 101 deny ip any host x.x.x.x Access-list 101 permit tcp any any eq 145 Access-list 101 permit tcp any any 135 ..Other lines follow.
Also I put log-in on the access list but could not get any log from problematic
customers
We need to have ports 445 and 135 blocked due to a lot of attacks on this ports
but I did not understand why I need to open this ports in order for the certain
routers to work. D-LINK and US-robotics have problem. NetGear works..
I used a sniffer to capture the communication but couldn't find anything
strange. I believe there is somewhere a problem with MTU sizes but I did not
understand the effect of port tcp 445 and TCP 135 on the MTU.
Any help or any suggestion on the above problem will e appreciated