Solved

access list blocking my telnet.

Posted on 2006-06-14
6
319 Views
Last Modified: 2010-03-19
hi, router newbe question: re: cisco 2524  ios version 11
I am trying to block  the ip addresses from a website that is always connected to my smtp.  This website apparently owns a block because the specific address is alway different in the last octet.
i tried using RouterA(config)#access-list 1 deny 203.66.88.0 0.0.0.255
and then
RouterA>enable
RouterA#config t
RouterA(config)# int s0
RouterA(config-if)#ip access-group 1 in

My problem is that as soon as I entered the last command, I was kicked off the telnet and can not reconnect.  I'm sure this is a dumb newbe mistake.  FYI my ip address is NOT 203.66.88.0
Laura
0
Comment
Question by:lizardqueen007
6 Comments
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908592
If possible, I would like to block all smtp coming into server from domain  hinet.net which I'm sure creates huge amouts of spam for us all.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 16908686
Hopefully you have s serial console cable and can connect via the console port to fix your telnet problem.

I am not sure from a router you can block e-mail from a domina.  You can block it by address, but are you 100% sure that the offending e-mail is really coming from hinet.net and not being spoofed or relayed through an open SMTP relay?
0
 

Expert Comment

by:nurulbhai
ID: 16908784
You can not block domain name by using only a router. If you know the IP address range of the domain you are blocking, go ahead use the access-list as you did but with another line added. Please add the following line also.
access-list 1 permit any
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908821
yes I can use hyperterminal and now that I am at the location (51 miles away ouch!) I restarted the router and the config went back to startup.
I still would like to create an access list if possible.  No I am not positive that the ip is not spoofed except for using the whois.  I was mostly experimenting with access lists and I do not understand why the router kicked me off.  I also figured so what if I block all traffic from
inetnum:      61.216.0.0 - 61.219.255.255
netname:      HINET-TW
descr:        CHTD, Chunghwa Telecom Co.,Ltd.
descr:        Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr:        Taipei Taiwan 100
Do I really care?
If this is a stupid thing to do, please tell me.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 250 total points
ID: 16908843
It's not a bad idea to block these hosts if you never expect to get email from Taiwan anyway...

Here's how:

access-list 101 deny ip 61.216.0.0 0.0.255.255 any
access-list 101 permit ip any any

interface Serial 0
 ip access-group 101 in

Basic problem is that you forgot the "permit any"
Access lists *always* have an implicit "deny all" at the end.

access-list 1 deny 61.216.0.0 0.0.0.255
access-list 1 permit any

would work just as well..

You're a quick study, Laura!

0
 
LVL 1

Author Comment

by:lizardqueen007
ID: 16908922
Thanks again Irmoore- Maybe I should have split some points because everyone has been helpful, but I haven't forgotten giltr that you are helping me alot and I will make sure points are given on other questions.  Believe me, I have a lot of questions.
Thank everyone this is a great resource.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now