Support User Manuals

D-Link DES-7200 Refrigerator User Manual

Open as PDF

of 1968

DES-7200 Configuration Guide Chapter 1 Access Control List

Configuration

1-30

☞

Configuration

Guide

The worms viruses on the network will create a TFTP

server on the local port of "udp/69" in order to transmit the

binary virus program to other infected systems. While

selecting the destination IP address, the worms will

generally select the IP of subnet to which the infected

system belongs, and then randomly select the attack target

on Internet as per certain algorithm. Once the connection

is established, the worms will send attack data to TCP

ports (135, 445, 593, 1025, 5554, 9995, 9996), UDP ports

(136, 445, 593, 1433, 1434) and UDP/TCP ports (135,

137, 138, 139) of targets. If the attack is successful,

TCP/4444 port of target system will be used as the

backdoor port. After that, worms will connect to this port

and send tftp command in order to transmit virus file to the

target system and run the file. The infected server will send

substantive invalid data packets to the network, thus

wasting network bandwidth and even causing failure of

network devices and the network. In such a case, the

extended ACL can be used to filter data packets destined

for these ports.

SwitchA#configure terminal

SwitchA(config)#ip access-list extended Virus_Defence

! Block packets destined for internal and external TCP ports which may have

been used by viruses

SwitchA(config-ext-nacl)#deny tcp any any eq 135

SwitchA(config-ext-nacl)#deny tcp any eq 135 any

SwitchA(config-ext-nacl)#deny tcp any any eq 136

SwitchA(config-ext-nacl)#deny tcp any eq 136 any

SwitchA(config-ext-nacl)#deny tcp any any eq 137

SwitchA(config-ext-nacl)#deny tcp any eq 137 any

…………! The configuration is the same for other ports.

SwitchA(config-ext-nacl)#deny tcp any any eq 9996

SwitchA(config-ext-nacl)#deny tcp any eq 9996 any

! Block packets destined for internal and external UDP ports which may have

been used by viruses

SwitchA(config-ext-nacl)#deny udp any any eq 69

SwitchA(config-ext-nacl)#deny udp any eq 69 any

SwitchA(config-ext-nacl)#deny udp any any eq 135

SwitchA(config-ext-nacl)#deny udp any eq 135 any

SwitchA(config-ext-nacl)#deny udp any any eq 137

SwitchA(config-ext-nacl)#deny udp any eq 137 any

…………! The configuration is the same for other ports.

SwitchA(config-ext-nacl)#deny udp any any eq 1434

SwitchA(config-ext-nacl)#deny udp any eq 1434 any

! Block ICMP packets

SwitchA(config-ext-nacl)#deny icmp any any

previous next