Block Blubster and Cisco’s typo

Posted on September 25th, 2006 by wilson

I had a problem with music file sharing source blubster, and went on to google more info about it. Out came this article from cisco on blocking blubster. I am reproducing some excerpts below:

Applying these on your PIX should block this program:

access-list outbound deny tcp any 128.121.0.0 255.255.0.0 eq www
access-list outbound permit ip any any 
access-group outbound in interface inside

Alternatively, if you want to be a little bit more selective, this should also work:

access-list outbound deny tcp any 128.121.20.0 255.255.255.240 eq www
access-list outbound deny tcp any 128.121.4.0 255.255.255.0 eq www
access-list outbound permit ip any any 
access-group outbound in interface inside
Did you see the typo?
The netmask must be in reverse net mask order! Otherwise, what you get is 0.0.0.0 255.255.255.240
Which essentially blocks everythign else on the net.

 
Digg This!

Filed under: Computing

« »