blocking RTSP on my PIX
Results 1 to 8 of 8

Thread: blocking RTSP on my PIX

  1. #1

    blocking RTSP on my PIX

    I'm trying to block RTSP (TCP 554) using an ACL on my PIX. But whenever I apply it, it blocks everything and no one can get out. What am I doing wrong? I'm typing:

    access-list 101 deny TCP any any eq 554
    access-list 101 permit ip any any

  2. #2
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    On what interface are you applying the acl?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Is this inbound or outbound?

    I'm presuming that as you say no one can get out after you apply it, that it is outbound?

    The commands look OK, although there is no need to follow it up with the permit ip any any command if it is on the Inside interface.

    What command are you using to apply it to the actual Interface?
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hmmm, not my area but don't those streaming players try to look for another port if 554 is blocked by a firewall?

    http port 80 perhaps?

    Nothing to do with your initial question, but it might affect what you are trying to achieve?
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  5. #5
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    shouldnt it be..
    access-list 101 permit tcp any any

  6. #6
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    if he wants to permit TCP traffic, yes......however it looks like he wants to permit all IP traffic
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  7. #7
    Senior Member
    Join Date
    Oct 2003
    Location
    MA
    Posts
    1,053
    Hmm well if IP isnt work maybe you should put an entry for TCP and UDP separately...

  8. #8
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    Permitting UDP and TCP separately will do the exact same thing as permitting IP. The OP's problem more than likely lies with the way the ACL is being applied to the interface, not with the actual command.
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

Similar Threads

  1. Are Hotmail And Yahoo! Blocking Gmail Invites?
    By yourdeadin in forum AntiOnline's General Chit Chat
    Replies: 12
    Last Post: September 16th, 2004, 10:55 AM
  2. Ad Blocking w/o Third Party Software
    By Soda_Popinsky in forum Other Tutorials Forum
    Replies: 3
    Last Post: June 19th, 2004, 12:42 AM
  3. Pop-up blocking = thievery?
    By ZeroOne in forum Web Development
    Replies: 7
    Last Post: January 12th, 2003, 02:52 AM
  4. Blocking content with squid
    By Phat_Penguin in forum The Security Tutorials Forum
    Replies: 2
    Last Post: December 14th, 2002, 04:05 AM
  5. Blocking POP UP Ads
    By bombayofpigs in forum AntiOnline's General Chit Chat
    Replies: 7
    Last Post: July 16th, 2002, 02:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides