Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 337
  • Last Modified:

access list blocking my telnet.

hi, router newbe question: re: cisco 2524  ios version 11
I am trying to block  the ip addresses from a website that is always connected to my smtp.  This website apparently owns a block because the specific address is alway different in the last octet.
i tried using RouterA(config)#access-list 1 deny 203.66.88.0 0.0.0.255
and then
RouterA>enable
RouterA#config t
RouterA(config)# int s0
RouterA(config-if)#ip access-group 1 in

My problem is that as soon as I entered the last command, I was kicked off the telnet and can not reconnect.  I'm sure this is a dumb newbe mistake.  FYI my ip address is NOT 203.66.88.0
Laura
0
lizardqueen007
Asked:
lizardqueen007
1 Solution
 
lizardqueen007Author Commented:
If possible, I would like to block all smtp coming into server from domain  hinet.net which I'm sure creates huge amouts of spam for us all.
0
 
giltjrCommented:
Hopefully you have s serial console cable and can connect via the console port to fix your telnet problem.

I am not sure from a router you can block e-mail from a domina.  You can block it by address, but are you 100% sure that the offending e-mail is really coming from hinet.net and not being spoofed or relayed through an open SMTP relay?
0
 
nurulbhaiCommented:
You can not block domain name by using only a router. If you know the IP address range of the domain you are blocking, go ahead use the access-list as you did but with another line added. Please add the following line also.
access-list 1 permit any
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
lizardqueen007Author Commented:
yes I can use hyperterminal and now that I am at the location (51 miles away ouch!) I restarted the router and the config went back to startup.
I still would like to create an access list if possible.  No I am not positive that the ip is not spoofed except for using the whois.  I was mostly experimenting with access lists and I do not understand why the router kicked me off.  I also figured so what if I block all traffic from
inetnum:      61.216.0.0 - 61.219.255.255
netname:      HINET-TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
Do I really care?
If this is a stupid thing to do, please tell me.
0
 
lrmooreCommented:
It's not a bad idea to block these hosts if you never expect to get email from Taiwan anyway...

Here's how:

access-list 101 deny ip 61.216.0.0 0.0.255.255 any
access-list 101 permit ip any any

interface Serial 0
 ip access-group 101 in

Basic problem is that you forgot the "permit any"
Access lists *always* have an implicit "deny all" at the end.

access-list 1 deny 61.216.0.0 0.0.0.255
access-list 1 permit any

would work just as well..

You're a quick study, Laura!

0
 
lizardqueen007Author Commented:
Thanks again Irmoore- Maybe I should have split some points because everyone has been helpful, but I haven't forgotten giltr that you are helping me alot and I will make sure points are given on other questions.  Believe me, I have a lot of questions.
Thank everyone this is a great resource.
0

Featured Post

[Webinar On Demand] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now