DES-7200 Configuration Guide Chapter 1 Access Control List
Configuration
1-30
☞
Configuration
Guide
The worms viruses on the network will create a TFTP
server on the local port of "udp/69" in order to transmit the
binary virus program to other infected systems. While
selecting the destination IP address, the worms will
generally select the IP of subnet to which the infected
system belongs, and then randomly select the attack target
on Internet as per certain algorithm. Once the connection
is established, the worms will send attack data to TCP
ports (135, 445, 593, 1025, 5554, 9995, 9996), UDP ports
(136, 445, 593, 1433, 1434) and UDP/TCP ports (135,
137, 138, 139) of targets. If the attack is successful,
TCP/4444 port of target system will be used as the
backdoor port. After that, worms will connect to this port
and send tftp command in order to transmit virus file to the
target system and run the file. The infected server will send
substantive invalid data packets to the network, thus
wasting network bandwidth and even causing failure of
network devices and the network. In such a case, the
extended ACL can be used to filter data packets destined
for these ports.
SwitchA#configure terminal
SwitchA(config)#ip access-list extended Virus_Defence
! Block packets destined for internal and external TCP ports which may have
been used by viruses
SwitchA(config-ext-nacl)#deny tcp any any eq 135
SwitchA(config-ext-nacl)#deny tcp any eq 135 any
SwitchA(config-ext-nacl)#deny tcp any any eq 136
SwitchA(config-ext-nacl)#deny tcp any eq 136 any
SwitchA(config-ext-nacl)#deny tcp any any eq 137
SwitchA(config-ext-nacl)#deny tcp any eq 137 any
…………! The configuration is the same for other ports.
SwitchA(config-ext-nacl)#deny tcp any any eq 9996
SwitchA(config-ext-nacl)#deny tcp any eq 9996 any
! Block packets destined for internal and external UDP ports which may have
been used by viruses
SwitchA(config-ext-nacl)#deny udp any any eq 69
SwitchA(config-ext-nacl)#deny udp any eq 69 any
SwitchA(config-ext-nacl)#deny udp any any eq 135
SwitchA(config-ext-nacl)#deny udp any eq 135 any
SwitchA(config-ext-nacl)#deny udp any any eq 137
SwitchA(config-ext-nacl)#deny udp any eq 137 any
…………! The configuration is the same for other ports.
SwitchA(config-ext-nacl)#deny udp any any eq 1434
SwitchA(config-ext-nacl)#deny udp any eq 1434 any
! Block ICMP packets
SwitchA(config-ext-nacl)#deny icmp any any