Block Blubster and Cisco’s typo

Posted on September 25th, 2006 by wilson

I had a problem with music file sharing source blubster, and went on to google more info about it. Out came this article from cisco on blocking blubster. I am reproducing some excerpts below:

Applying these on your PIX should block this program:

access-list outbound deny tcp any 128.121.0.0 255.255.0.0 eq www
access-list outbound permit ip any any 
access-group outbound in interface inside

Alternatively, if you want to be a little bit more selective, this should also work:

access-list outbound deny tcp any 128.121.20.0 255.255.255.240 eq www
access-list outbound deny tcp any 128.121.4.0 255.255.255.0 eq www
access-list outbound permit ip any any 
access-group outbound in interface inside
Did you see the typo?
The netmask must be in reverse net mask order! Otherwise, what you get is 0.0.0.0 255.255.255.240
Which essentially blocks everythign else on the net.

 


Digg This!

Filed under: Computing

2 Responses to “Block Blubster and Cisco’s typo”

  1. John, on September 25th, 2006 at 9:09 pm Said:

    What are you talking about? I assume you mean the inverse mask? If so, the PIX does not use inverse masks for ACLs.

  2. wilson, on September 26th, 2006 at 6:28 am Said:

    Ah! I stand corrected. Thank you John. The entries from Cisco are for the PIX. I applied them to a cisco router.

    The post should then read:
    If you apply this to the router, please change the netmask to inverse mask instead!

Leave a Reply

« Singapore Expo Adsense without owning the site? »