«

I have a cisco 1700 running IOS 12.1(. It is running as the gateway
between us and our ISP They have given me the username/password for the
1700 and I am trying to setup a deny for port 6881 in and out. But
everytime i set it up it cuts our DNS. I'm at a loss. I haven't used
any cisco stuff in a long time and can't seem to find out what I'm
doing wrong. the command I tried was this

router(config)#access-list 110 deny tcp any any eq 6881
router(config-if)#ip access-group 110 in

and at that point our net goes down. I get cut from the telnet session
i'm in and I have to reset the router. any help? I also tried:

router(config)#access-list 110 deny tcp any #.#.#.# 0.0.0.0 eq 6881
(where the # is our IP)
router(config-if)#ip access-group 110 in

Please can someone help me? We are getting a flood of 6881 syn packets
from a huge number of sources. At first I thought it was BitTorrent
but it has been continuing for 3 days now and I have checked every
machine and we have no BT clients running.

IshmaelDS wrote:

> I have a cisco 1700 running IOS 12.1(. It is running as the gateway
> between us and our ISP They have given me the username/password for the
> 1700 and I am trying to setup a deny for port 6881 in and out. But
> everytime i set it up it cuts our DNS. I'm at a loss. I haven't used
> any cisco stuff in a long time and can't seem to find out what I'm
> doing wrong. the command I tried was this
>
> router(config)#access-list 110 deny tcp any any eq 6881
> router(config-if)#ip access-group 110 in
>
> and at that point our net goes down. I get cut from the telnet session
> i'm in and I have to reset the router. any help? I also tried:
>
> router(config)#access-list 110 deny tcp any #.#.#.# 0.0.0.0 eq 6881
> (where the # is our IP)
> router(config-if)#ip access-group 110 in
>
> Please can someone help me? We are getting a flood of 6881 syn packets
> from a huge number of sources. At first I thought it was BitTorrent
> but it has been continuing for 3 days now and I have checked every
> machine and we have no BT clients running.

There is an implicit deny any any at the bottom of every access-list,
doing it the way you are doing it you just need to add in access-list
110 allow ip any any, make sure to remove the rule then paste them both
in at the same time because the allow rule must be at the bottom.

Flamer.

IshmaelDS wrote:

> I have a cisco 1700 running IOS 12.1(. It is running as the gateway
> between us and our ISP They have given me the username/password for the
> 1700 and I am trying to setup a deny for port 6881 in and out. But
> everytime i set it up it cuts our DNS. I'm at a loss. I haven't used
> any cisco stuff in a long time and can't seem to find out what I'm
> doing wrong. the command I tried was this
>
> router(config)#access-list 110 deny tcp any any eq 6881
> router(config-if)#ip access-group 110 in
>
> and at that point our net goes down. I get cut from the telnet session
> i'm in and I have to reset the router. any help? I also tried:
>
> router(config)#access-list 110 deny tcp any #.#.#.# 0.0.0.0 eq 6881
> (where the # is our IP)
> router(config-if)#ip access-group 110 in
>
> Please can someone help me? We are getting a flood of 6881 syn packets
> from a huge number of sources. At first I thought it was BitTorrent
> but it has been continuing for 3 days now and I have checked every
> machine and we have no BT clients running.

Oh and also, what ip address have you actually specified, why not block
this traffic to all ip addresses? deny tcp any any eq 6881

Flamer.

> IshmaelDS wrote:
>
> > router(config)#access-list 110 deny tcp any any eq 6881
> > router(config-if)#ip access-group 110 in

access-list 110 deny tcp any any eq 6881

is equivalent to

no access-list 110
access-list 110 deny tcp any any eq 6881
access-list 110 deny ip any any


What you want I imagine is

no access-list 110
access-list 110 deny tcp any any eq 6881
access-list 110 permit ip any any

Sweet I'll try that later today. Thank you both so much. I knew it
was something simple. Sigh, Guess this is why you should keep your
notes. I'm pretty sure that will work though. I'll let you know. Oh
and the reason I was blocking to a specific IP was because that is the
only one that is getting spammed.
wrote:
> > IshmaelDS wrote:
> >
> > > router(config)#access-list 110 deny tcp any any eq 6881
> > > router(config-if)#ip access-group 110 in
>
> access-list 110 deny tcp any any eq 6881
>
> is equivalent to
>
> no access-list 110
> access-list 110 deny tcp any any eq 6881
> access-list 110 deny ip any any
>
>
> What you want I imagine is
>
> no access-list 110
> access-list 110 deny tcp any any eq 6881
> access-list 110 permit ip any any

It worked. Thanks very much.
IshmaelDS wrote:
> Sweet I'll try that later today. Thank you both so much. I knew it
> was something simple. Sigh, Guess this is why you should keep your
> notes. I'm pretty sure that will work though. I'll let you know. Oh
> and the reason I was blocking to a specific IP was because that is the
> only one that is getting spammed.
> wrote:
> > > IshmaelDS wrote:
> > >
> > > > router(config)#access-list 110 deny tcp any any eq 6881
> > > > router(config-if)#ip access-group 110 in
> >
> > access-list 110 deny tcp any any eq 6881
> >
> > is equivalent to
> >
> > no access-list 110
> > access-list 110 deny tcp any any eq 6881
> > access-list 110 deny ip any any
> >
> >
> > What you want I imagine is
> >
> > no access-list 110
> > access-list 110 deny tcp any any eq 6881
> > access-list 110 permit ip any any