Turn The Other Way Unknown 3:13:00 pm Turn The Other Way Slit my wrists, take away the pain. Slit my throat, everyone's to blame. Lost in the fields of confusion. Restless nights, they're not far away. I came here for something and I'm not turning back. A calm piece of mind but you still hold my keys. Keeping my fate deep within your threshold. Petty inconvenience but it means the world to me. You have the power. To set me free. Caught in your grasp, how? Just let me be. Give me control out. Out of these depths. A fiery hell. I pray for death. I've been the wrong one time and time again. Now I'm on my knees forgive me please. Tore out my heart and handed to me on a silver platter. Sew up the hole, emptiness in the place of compassion. You made me this way. I am the product of your creation. Look the other way. Now you've turned your back on me. You've turned away from me, the future's much to far away to see. I hope you learn the truth, not the way things were meant to be with me and you. To End The Rapture The wind of life and air from above smells of death. Angels sing of the end. Nothing you say and nothing you try can change time. Human race prepares to die... 2.Turn The Other Way Slit my wrists, take away the pain. Slit my throat, everyone's to blame. Lost in the fields of confusion. Restless nights, they're not far away. I came here for something and I'm not turning back. A calm piece of mind but you still hold my keys. Keeping my fate deep within your threshold. Petty inconvenience but it means the world to me. You have the power. To set me free. Caught in your grasp, how? Just let me be. Give me control out. Out of these depths. A fiery hell. I pray for death. I've been the wrong one time and time again. Now I'm on my knees forgive me please. Tore out my heart and handed to me on a silver platter. Sew up the hole, emptiness in the place of compassion. You made me this way. I am the product of your creation. Look the other way. Now you've turned your back on me. You've turned away from me, the future's much to far away to see. I hope you learn the truth, not the way things were meant to be with me and you. Darkness Surrounding Darkness coats us. The smell of fall. Changing season. The graveyard is alive, black cat across my path, the chill of cold wind, the breath of the dead. Imprisoned souls. Trapped for eternity. Black crows break the silence. The garden of the dead's alive tonight and you can't stop it. Just enjoy it. Open up your mind and you will feel it too. The sound, the touch, the thoughts, that you've been so blind to. You can feel the thoughts of the dead. Feeling the thoughts of the dead. True or false, it's still there, teaching me. True or false, still there, teaching me. You can feel it tonight. The wood has rotted away. Take the time absorb it. Their time is slipping away. Stone all carved by hand. Statues that resemble their faces. They still breathe. Come join us. Smell the burning embers, time flickering away. Timeless but soon gone. Timeless but soon gone. And I can find myself, alone with just my thoughts. As time crumbles away. Time crumble away. 4.The Art Of Subconscious Illusion A living nightmare, asleep but still aware. The endless torture. The painless pleasure. I grasp myself. Trying to regain control. I experience and learn. In another faction of my mind. So confused. But everything makes perfect sense. Can't feel the pain. Emotional pain's so much deadlier. Lost, you've just been raped. Pain. Your friends can't help you. Why wont they help you? Another reality. This can't be happening. Why is this happening? Who the fuck are you? Who the fuck. Are you? Trying hard to figure out what's done. I scramble but now I run. The images in my head. All the problems that I've been fed. Punching slowly my mind can't change the speed. As my victims bleed. No matter what I do or how hard I try. I can't use my abilities. Use my abilities. Art of Illusion. My razor sharp knife's edge, pierces my victim's body. But I can't take their soul. Punching through jello, stabbing not killing. Disappointment. Discomfort. 5.We Come Out At Night Black and gray clouds willow in the balance as the sun falls. Rain plays a heart warming tune, on the pavement. Emotions stir. A feeling of warmness, compassion, fullness, I feel at home. Disguised by surroundings. As the torn and left in the gutter seek vengeance on their mistreated lives. As the torn and left in the cold, seek vengeance on mistreated lives. A silhouette stands still. A cactus on a warm summer night. But the rain falls cold and the moon shines bright. Black as night. Cold as ice. Warm as home. Ready to live. Stars they shoot. In a clear. Across the sky. As does my time. Waiting, wanting, feeling, emotion. Crying, breaking, loving, nothing. Clouds swallow the moon, and I'm alone, thinking good times, and why'd they go? Falling down, breaking down parts of me. Fuck. I need this place to get away from you. 6.Lips Of Deceit The mark I breathe on you. It's burning through your soul. The breath I waste. Losing control. I bleed in pain. Testing what I know. Lips soaked in deceit. Pull me from here. No one's innocent. So why do I feel bad? But guilt keeps creeping, creeping up on me. Guilt. Tearing me up inside. The innocent. An evil in disguise. The face of beauty to fall for. I fall to my knees, deceitful. Brought down by feelings of regret. Again your mind has failed the test. Not everyone feels the same. Pacifist blinded by the game. Stand tall. They'll break your heart. Stand tall. They'll smash your ego. Stand tall. They'll tear you down. Stand tall. Scar your soul. Break your thought. Fuck your mind. The mark I breathe on you. It's burning through your soul. The breath I waste. Losing control. I bleed in pain. Testing what I know. Lips soaked in deceit. Pull me from this hole. Warmness On The Soul Your hazel green tint eyes watching every move I make. And that feeling of doubt, it's erased. I'll never feel alone again with you by my side. You're the one, and in you I confide. And we have gone through good and bad times. But your unconditional love was always on my mind. You've been there from the start for me. And your loves always been true as can be. I give my heart to you. I give my heart, cause nothing can compare in this world to you. And we have gone through good and bad times. But your unconditional love was always on my mind. You've been there from the start for me. And your loves always been true as can be. I give my heart to you. I give my heart, cause nothing can compare in this world to you. I give my heart to you. I give my heart, cause nothing can compare in this world to you. 8.An Epic Time Wasted So much time I've wasted. I can truly say I never thought it would come to this. Never would I doubt you, but the truth kept smacking me in the face. Reality. You never stopped to think and you ripped us apart. How could you? Now our time is gone but it's still breaking my heart. Tears run down as I think of the days we've had, and the memories will last forever, but you and I have died and gone our separate ways. You are the one. You are the wrong one. Breaking the mold. Going your own way. All I feel, betrayal. So much time I've wasted, and I never thought it'd come to this. Apology. We had something great, then it was washed away. We had something more, then I can explain. I'm sorry. No! We had something great, then it was washed away. No! Not all friendships last, the genuine are harder to take. No! Time to start again, hope someday you'll think of me. No! The end reality, I know someday I'll think of you. 9.Breaking The Hold When you see them coming in form. And they say they do what's best for you. Fighting for one total control. They are planned and organized for you. Breaking their hold. Breaking their hold of control they strive. To keep you down, behind your back, the time has come, the end is near. It's when you sleep, so late at night, and in the light, getting prepared. It's not to help you, but help their cause, under one system, you wont exist. They are the few, with all the power, our system screams, we can't let them tear our hearts out. Screaming, pulling on our pride. Stand together for the right cause, one system to our demise. 10.Forgotten Faces Forgotten faces. Lost in yesterdays realm. Drained with confusion. Where did it all go? Look into the past, look into their faces. Never, the thought of being time fucked. But now they're all gone and all that's left is this blank faced picture. Ninety percent, nothing was done, nothing accomplished, coasting through life didn't seize the day. No one ever realized that they're already dead. By the time you realize, you'll be dead too. Without another chance to save the world, these things they're gone, your gone, forgotten. Now your face in my picture frame. It's gone, forever. Right before my very eyes. And just when I thought I made light of things. It slips away, into darkness. My life passes now I see. Just what this world does hold for me. It's getting hard, harder to breathe. Am I out of time is that what this means? Well that's what it means. That's what it means, you and me try to breathe. Now you. Realize. Your life, flies by. Now I. Realize. My life, I die. Thick And Thin I don't want to know. And I don't want to see you in this place. Your kind is a disgrace as I spit in your face. And I don't want to hear anymore. A friend is fucked with while he's having fun on the dance floor. Get the fuck out of here now. Come on you kids, stand your ground. This is your show, it's your family. All of my friends there for me. There's four-hundred more of us then them. So kick them out. Keep it positive. Keep it real. Keep it true. Together with my friends. I'll be there for you. Through the problems thick and thin and problems we'll fight through. This is to my brothers, I'll be there for you. Through the problems thick and thin and problems we'll fight through. This is to my family. I'll be there for you. 12.Streets You live your whole life staring at a wall, your mind goes blank sooner now you will fall. You never learned the things you say to know now, but how? There seems to be a difference, two different types of kids. The ones who go out and the ones that are taught to live. One groups taught how and the other group is taught why. There's no need to tell you what's in my mind, but in the game of life I'm doing fine. No reason to tell you which way to be. Cause the streets have opened my eyes to see. Look what's happening now. What are the reasons why and how? And don't you think it sounds stupid when someone's treated different cause they're not the same as me or you? Shattered By Broken Dreams I see you fading away from us. I'll miss you very much. Room with empty bottles, broken dreams, and pride still running high, always on your side. But I wanted more for you. You can't go on this way. And now I see it all fall through. We pray for better days. Stuck alone and scared. Throw your life away and now choking on your pride may be the only way. I don't want to see you like this. We all tried to save you but missed. I still feel the hope on your road. Now come back to us like the days of the old. I still feel you there, trying to get on top. You'll always have my support, in my heart. People you've hurt. Friends that you've lied to. But we understand, and that's not (you) can see the end of the road, I can see it too, for you, I'm scared, if I lose you, I'm not prepared. This time, if you die. I watch you, right before my eyes. Just trust me, and listen. You have no self control. This will take your life. Overdose and then indulge until you die. Pondering, we all ask the question why. Broken home, and then abandoned by your dad. And we are left the only family that you've ever had. Help you see it through. Fight this me and you. Reaching deep inside. Problems not just you is what we find. Our friendship makes it mine.
Mengamankan Data Diflashdisk Unknown 2:32:00 pm Mengamankan Data Diflashdisk -----|Preface Bagi Anda yang memiliki flash disk tentunya tidak lepas dari aktivitas tukar menukar data. Hal ini tidak menjadi persoalan jika Anda tidak memiliki “privacy data” atau teman Anda merupakan seorang yang dapat dipercaya. Persoalan akan menjadi lain jika teman Anda merupakan seorang yang usil dan sering ‘utak-atik’ data Anda. Apalagi jika memang dalam flash disk Anda terdapat data yang sangat ‘super rahasia’ dan tidak boleh diketahui oleh siapapun, termasuk sahabat Anda. -----|Preface Bagi Anda yang memiliki flash disk tentunya tidak lepas dari aktivitas tukar menukar data. Hal ini tidak menjadi persoalan jika Anda tidak memiliki “privacy data” atau teman Anda merupakan seorang yang dapat dipercaya. Persoalan akan menjadi lain jika teman Anda merupakan seorang yang usil dan sering ‘utak-atik’ data Anda. Apalagi jika memang dalam flash disk Anda terdapat data yang sangat ‘super rahasia’ dan tidak boleh diketahui oleh siapapun, termasuk sahabat Anda. -----|Mengamankan Flashdisk Aman disini dalam dua artian, yang pertama aman dari 'malware' seperti virus, trojan, worm, dan makhluk-makhluk sejenisnya.Yang kedua adalah aman dalam artian terjaganya privasi data anda. .::Aman dari Virus::. Caranya sangat mudah, anda tinggal membuat file bernama autorun.inf pada flashdisk anda(tidak di dalam folder). Caranya [klik kanan]->[New]->[Text Documents]-> rename menjadi . Setelah itu isikan file tersebut dengan kode di bawah ini: [Autorun] Open=System.exe Cara ini mencegah aktifitas penulisan file pada flashdisk anda (bukan di dalam folder).Sayang cara ini hanya berfungsi pada windows xp sp. 1 dan tidak berpengaruh bagi virus yang mengkopi ke setiap folder seperti brontox dan kawan-kawan. Alternatif lain adalah dengan menyimpan portable antivirus di flashdisk anda. Antivirus ini sangat banyak, tetapi saya sarankan anda memilih yang buatan lokal. Selain karena kita 'cinta produk dalam negeri' juga karena antivirus jenis inilah yang banyak mengenali virus-virus baru (karena sejak tahun 2006 di indonesia lebih banyak beredar virus lokal daripada virus impor) Berikut ini beberapa diantaranya: ## Fix Norman (lokal) ## Gucup Antivirus (lokal) ## portableav (impor) ## clamav (lokal) ## PCMAV (lokal) ## VundoFix (impor) ## aswclnr (lokal) ## SMPFULL (lokal) ## OgAV (lokal) ## Avigen (lokal) atau googling dengan keyword [download: portable antivirus] .::Privasi Data::. Software yang banyak beredar di internet seperti PC Security, Lock folder hanya berlaku jika anda menginstalnya dan tidak bisa dilakukan pada removable disk (flashdisk, disket, dll). Sederhananya seperti ini: "Saya ingin mengunci sebuah folder yang berisi file-file penting dan sangat 'pribadi'. Untuk hal tersebut, saya kemudian menginstal PC Security dan menguncinya. Masalah timbul ketika folder tersebut saya pindahkan ke flashdisk kesayangan saya, PC Security memang bisa menguncinya tetapi kalau di komputer lain folder tersebut tidak terkunci lagi.Saya coba software lain, tapi hasilnya sama saja". Untuk itu saya berinisiatif membuat tools khusus yang saya beri nama Security Folder. Kapasitasnya tidak besar, hanya sekitar 15 kb jadi bisa dibawa kemana-mana. Sekarang sudah versi 1.4. Mudah-mudahan dapat dikembangkan lebih sempurna lagi. --//Apa saja yang bisa dilakukan dengan Security Folder Seperti namanya, tools ini khusus untuk mengunci folder (Win Xp) baik pada hardisk maupun media penyimpanan yang lainnya. --//Apa kelebihannya # Bisa mengunci folder tidak hanya di hardisk, tetapi juga di tempat lainnya. # Disertai Username dan password sehingga folder yang kita kunci tidak bisa dibuka oleh orang lain. # Kapasitas file sangat kecil # Sangat mudah digunakan --//Bagaimana mendapatkannya Cukup kirim permintaan tools tersebut ke email saya < fatamorghana_02@yahoo.com > dengan . Nanti akan saya kirimkan ke email anda. Tools ini belum saya share ke internet karena masih jauh dari sempurna. -----|Membuat Flashdisk Tampil Menarik .::: LayOut Background ::. Aman saja belum cukup, sekarang kita akan melakukan permak terhadap flashdisk. Langkah pertama membuat file dengan nama 'desktop.ini'(sudah tahukan caranya). Setelah itu tuliskan kode di bawah ini: [.ShellClassInfo] ConfirmFileOp=0 [{5984FFE0-28D4-11CF-AE66-08002B2E1262}] PersistMoniker=file://Secret\Variasi\Folder.htt [ExtShellFolderViews] {5984FFE0-28D4-11CF-AE66-08002B2E1262}={5984FFE0-28D4-11CF-AE66-08002B2E1262} {BE098140-A513-11D0-A3A4-00C04FD706EC}={BE098140-A513-11D0-A3A4-00C04FD706EC} [{BE098140-A513-11D0-A3A4-00C04FD706EC}] Attributes=1 IconArea_Image=Secret\Variasi\BG46.jpg IconArea_Text=0x0040FF00 Penjelasan: --//PersistMoniker=file: Diisi dengan alamat file 'folder.htt'. Alamat tersebut bisa ditulis secara absolut maupun relatif. File folder.htt biasa digunakan untuk mengubah tampilan folder seperti file html. Misalnya anda akan menjadikan layout flashdisk anda dengan menampilkan jam online, kita bisa memasukkan script jam tersebut pada file folder.htt ini. Kita juga bisa membuat morque atau efek-efek lainnya.Hanya sayang file ini tidak berpengaruh lagi pada Windows Xp sp.2 ke atas. --//IconArea_Image= Diisi dengan alamat gambar yang akan kita jadikan background. Seperti halnya 'PersistMoniker', bagian inipun dapat kita isi dengan 'relative path' atau 'absolute path'. Absolut path adalah alamat yang tidak akan berubah dalam kondisi apapun sedangkan relative path adalah alamat yang sewaktu-waktu bisa berubah, tergantung keaadaannya. Contoh: [IconArea_Image=C:\WINDOWS\winnt.bmp], alamat ini merupakan alamat yang bersifat absolut karena bagaimanapun juga gambar yang akan ditampilkan adalah gambar yang berada di [C:\WINDOWS\] dengan nama file [winnt.bmp]. Gambar yang akan ditampilkan tidak akan berubah meskipun file 'desktop.ini' kita pindah di tempat lain. Dianalogikan seperti ini: Si A bertanya tentang alamat sekolah kamu lalu kamu jawab "sekolah saya terletak di Jln. Baji gau III No.17 Makassar". Maka si A ini mengetahui alamat sekolah kamu secara pasti. Meskipun dia mencari dari Jakarta atau bahkan dari planet lain sekalipun. Dia akan dapat menemukan alamat sekoah kamu. Tapi jika anda menjawab "sekolah saya dari jalan raya belok ke kiri, di lorong kedua belok kiri lagi, dan jalan terus sampai kamu dapat pagar tinggi warna coklat dan bertuliskan SMADA". Jawaban terakhir itu merupakan alamat relatif. Si A akan mendapatkan sekolah anda jika ia berada di jalan cendrawasih di sekitar baji gau. Bagaimana jadinya jika si A berada di jalan petterani. Meskipun dia sudah mengikuti petunjuk anda (belok ke kiri, di lorong kedua belok kiri lagi, dan jalan terus) ia tidak akan mendapatkan SMADA karena sekolah ini ada di baji gau. Apalagi jika si A bertanya dari Bone, saya yakin ia idak akan mendapatkan alamat sekolah anda. Sekarang tahukan mana yang absolut dan bagaimana yang relatif. Baik kita lanjutkan. Untuk flashdisk biasanya kita memiliki selera sendiri misalnya gambarnya Tukul Arwana. Kita tentu tahu tidak semua gambar langka itu ada di setiap komputer, makanya kita harus menggunakan alamat relatif. caranya kita letakkan file gambar tersebut di flashdisk yang akan kita permak. Bisa diluar atau di dalam folder. Jangan sekali-kali menulis alamatnya dengan mengikutkan drive dimana gambar tersebut berada. Contoh lagi: misalnya komputer anda memiliki 5 drive Drive A untuk disket Drive C untuk sistem Drive D untuk data Drive E merupakan CD rom Drive F merupakan flashdisk Maka jika anda meletakkan file gambar (misalnya namanya tukul.bmp) maka alamatnya jangan ditulis [F:\tukul.bmp] tetapi cukup [tukul.bmp]. Jika gambar fans anda itu ada di dalam folder [variasi\fansku] maka penulisannya jangan [F:\Variasi\fasku\tukul.bmp] tetapi cukup [Variasi\fasku\tukul.bmp]. Hal tersebut dlakukan agar alamat file gambar anda tetap merujuk pada alamat yang benar. Jika alamat yang anda tulisakan lengkap (misalnya F:\Variasi\fasku\tukul.bmp) ini akan menjadi absolut path yang akan salah jika anda buka flashdisk anda di komputer lain yang flashdisknya di drive bukan F (misalnya flashdisk di kompi lain di D, E, G, atau yang lain). --//IconArea_Text Diisi dengan warna tulisan folder yang kita inginkan. Merah = 0x000000FF Kuning = 0x0000FFFF Hijau = 0x0000FF00 Biru = 0x00FF0000 Putih = 0x00FFFFFF Dan masih banyak warna laiannya. Anda tinggal memilih warna text dengan warna kesukaan anda dan mengkonversinya menjadi seperti bentuk diatas.Kalau anda merasa susah dan menurut anda kurang praktis maka akan saya kirimkan toolsnya ke alamat email anda. .::Ikon Flashdisk tampil Beda::. Untuk melengkapi penamplan flashdisk, kita tinggal menambahkan ikon kusus pada flashdisk. Secara default ikon flasdisk seperti ikon hardisk. Untuk mengubahnya kita membutuhkan file ikon baik yang asli (file berekstensi *.ico) atau pada file lain (seperti ikon file aplikasi). Kodenya adalah sebagai berikut: icon=%SystemRoot%\system32\SHELL32.dll,11 Ket: Kode ini juga ditulis pada file [autorun.inf], dapat diletakkan sebelum atau sesudah kode [open]. --//%SystemRoot%\system32\SHELL32.dll,11 ini merupakan alamat ikon yang berada pada system direktori (kebanyakan berada pada 'C:\Windows\'). Aturan penulisannya -[alamat file aplikasi yang akan diambil ikonnya] [koma] [nomor ikon]. Untuk contoh diatas saya mengambil ion dari file shell32.dll dimana file ini adalah file yang berisi seluruh ikon-ikon windows, dan nomor 11 adalah ikon untuk CD-Rom. Jika anda hanya akan mengambil ikon dari file aplikasi maka kodenya: icon=Secret\Variasi\hartoto.exe,0 Seperti penjelasan sebelumnya alamat yang digunakan adalah alamat relatif. pada contoh diatas file yang kita ambil ikon nya adalah file aplikasi yang bernama [hartoto.exe] yang terletak pada flasdisk di subfolder [Secret\Variasi\], angka [0] adalah nomor ikonnya (disarankan tetap menggunakan angka nol untuk file aplikasi) Jika anda hanya akan mengambil ikon dri file ikon [ekstensi *.ico] maka caranya hampir sama dengan cara mengisi file gambar pada contoh diawal pembahasan ini. Misalnya: icon=Secret\Variasi\CD-ROM.ico Ket: --//[Secret\Variasi\] alamat folder ikon berada --//[CD-ROM.ico] nama file ikon -----|Penutup Data aman adalah dambaan setiap pengguna komputer, untuk itu ada bebrapa cara yang harus dilakukan baik dengan melakukan proteksi terhadap folder, menggunakan antivirus, ataupun trik-trik lain. Selain itu kita juga dapat mempercantik penampilannya dengan menambah file khusus yang disertai kode-kode tertentu. ----|Contact Author : Hartoto Subject : Membuat Flashdisk Aman dan Tampil Menarik Email : fatamorghana_02@yahoo.com
Standard Access List Overview Unknown 2:11:00 pm Materi WAN Standard Access-List OverviewAs the name implies, access-lists are sequential listings of guidelines, which are used to provide or prevent the flow of packets within a network based on information provided within the list. Standard IP access lists are very straightforward in the fact that the only criteria used to determine if packets should be ‘permitted’ or ‘denied’ is based solely on the source address of any given packet.Access-lists may be used for a variety of reasons, including controlling the propagation and reception of routing updates, traffic shaping, definition of traffic that will allow dial backup connectivity, and security. The primary implementation, and the main topic of this lesson, will be to implement the access-list as a security mechanism.Standard Access-List OverviewAs the name implies, access-lists are sequential listings of guidelines, which are used to provide or prevent the flow of packets within a network based on information provided within the list. Standard IP access lists are very straightforward in the fact that the only criteria used to determine if packets should be ‘permitted’ or ‘denied’ is based solely on the source address of any given packet.Access-lists may be used for a variety of reasons, including controlling the propagation and reception of routing updates, traffic shaping, definition of traffic that will allow dial backup connectivity, and security. The primary implementation, and the main topic of this lesson, will be to implement the access-list as a security mechanism.Why implement restricted access?You may choose to implement security policies for a variety of reasons, which includes, but is certainly not limited to, prevention of outside attacks on company devices, isolation of interdepartmental traffic, or load distribution. Without the use of access-lists all packets within a network are allowed without restriction to all parts of the network.When using access-lists as a “firewall”, routers can limit or restrict access to your internal network from an outside network, for example the Internet. This type of access-list would typically be placed at the point of connection between the two networks. When using access-lists for interdepartmental isolation, the access-list would typically be placed at strategic locations within the internal network.The Basics of Standard IP Access-ListsThe basic format of the Standard IP Access-List is:access-list [#] [permit | deny] [source-address | keyword any] [source mask]As mentioned earlier, an access-list is a sequential listing of guidelines that are used to provide or prevent the flow of packets. In other words a access-list may contain multiple lines, each following the format as listed above. The access-list may contain multiple lines, specifying multiple source addresses to be evaluated. Each line entry of the access-list must maintain the same access-list number identifier so the router will know that the entities listed will be grouped into the same access-list. Always remember that access-lists are processed “top down”, which means that the first line of the access-list will be check, then the second, etc. The router will immediately break out of processing the access list with the first “match”. Therefore the most general statements should be placed at the beginning of the list to avoid extra processing, more to follow on this.Various access-lists can be defined by different protocols within a router. The router will know the type of access-list based on the access-list number that is assigned. The numbering range for Standard IP Access-Lists is from 1 to 99. All Standard IP Access-Lists must be numbered within this range.After a number in the appropriate range has been selected for your access-list, the list must know if the packets to be evaluated will be ‘permitted’ (allowed to pass) or ‘denied’ (dropped and not allowed to pass). This is accomplished by placing either a permit or deny keyword within the line of the access-list. The usage of the keyword instructs the router to allow the packet to pass or not to allow the packet to pass based on the next specified parameter, the source address contained within the evaluated packet.As briefly discussed earlier, the only criteria used by Standard IP Access-Lists to determine if a packet should be ‘permitted’ or ‘denied’ is based solely on the source address of any given packet. This brings us to the point where we specify exactly which host (or hosts) will be permitted or denied by our access list. This parameter is quite simply, the source ip address of the host that you wish the access-list to take action upon. You may optionally replace the address with the keyword any which will cause the router to act upon “any” ip address.As found with most all IP addressing schemes, the standard IP access-list allows for a source-mask to be applied to the source ip address. Although similar to the subnet mask that is applied to ip addresses, the source-mask is somewhat different. When using a source-mask with ip access-lists, a bit set to 0 means “match exactly” and a bit set to 1 means “don’t care”. For example, if you would like to include all hosts in the class C network 192.1.1.0, the source address, source mask combination would be: 192.1.1.0 0.0.0.255. This statement says: In the first, second, and third octet of this address (192.1.1), all bits must “match exactly” (0.0.0, or all 0’s in the source-mask for the first, second, and third octet), but we “don’t care” what bits are sent in the fourth octet (255, or all 1’s in the source-mask for the fourth octet). By using this source address / source mask combination a single line in our access list includes all hosts in the 192.1.1.0 network. The keyword any, was briefly mentioned earlier. This keyword is the same as using a source address / source mask combination of 0.0.0.0 255.255.255.255. The 255.255.255.255 source mask indicates we “don’t care” what bits are set in any of the four octets. The use of the source mask parameter is optional. If omitted from the configuration line, the router by default will use a source mask of 0.0.0.0, or “match exactly” the address entered.We now have the basic building blocks to begin building our first standard IP access-list. There is one more note that is critical to the successful completion of building an access-list. After an access-list has been created, the Cisco router will assume that any source ip addresses that are not explicitly mentioned in the list will be *DENIED*. In other words, at the end of the access-list, the router will implicitly deny all remaining traffic. If your access-list has been configured to permit only a single source-address of 1.1.1.1, ALL OTHER SOURCE ADDRESSES WILL BE IMPLICITLY DENIED.Creating a simple Standard IP Access-ListNow the time has come to create our first Standard IP Access-list. We will use the format as discussed:access-list [#] [permit | deny] [source-address | keyword any] [source mask]Access-lists are created in global configuration mode of the router. Remember that all standard IP access-lists must be numbered in the range of 1-99, for our example we will use #1. We have decided that we want to permit traffic from address 1.1.1.1, and deny all other traffic. The procedure will be as follows:Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list 1 permit 1.1.1.1Router(config)#^ZRouter#This configuration creates a permit statement for host address 1.1.1.1. Since the source-mask was not specified, the router uses a default of 0.0.0.0 (match exactly). Don’t forget the implicit “deny any” at the end of the access-list, this automatically denies everything we did not permit.Applying the Access-list to an interfaceNow that we have created out access-list, before the access-list actually does any work it has to be applied to an interface. The interface configuration command for applying the standard ip access-list to an interface is:ip access-group [access-list-number] [in | out]Access lists may be applied as either outbound or inbound on the router interfaces. When you apply the access-list as an inbound list, the router will receive an inbound packet, check the source address of the packet against the access list, and either “permit” the packet to be routed to the destination interface if the packet matches a “permit” statement in the access-list, or discard the packet if the packet matches a “deny” statement in the access-list.When you apply the access-list as an outbound list, the router will receive a packet on an interface, route the packet to the appropriate outbound interface, and then check the source address of the packet against the access-list, and either “permit” the packet to exit the interface if the packet matches a “permit” statement in the access-list, or discard the packet if the packet matches a “deny” statement in the access-list.To apply the access-list we created above to interface Ethernet 0 as an inbound access-list:Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int Ethernet 0Router(config-if)#ip access-group 1 inRouter(config-if)#^ZRouter#To apply the access-list we created above to interface Ethernet 0 as an outbound access-list:Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#int Ethernet 0Router(config-if)#ip access-group 1 outRouter(config-if)#^ZRouter#Creating a more advanced Standard IP Access-ListNow let’s create a more advanced access list. In this exercise we will create access-list #2, with the following criteria.Permit all packets originating from network 10.1.1.0 255.255.255.128, but deny all packets originating from network 10.1.1.128 255.255.255.128. We also want to deny all packets originating from network 15.1.1.0 except for packets from a single host of 15.1.1.5. The final criteria is to permit all other traffic not previously mentioned. The procedure will be as follows:Router#conf tEnter configuration commands, one per line. End with CNTL/Z.Router(config)#access-list 2 deny 10.1.1.128 0.0.0.127Router(config)#access-list 2 permit 15.1.1.5Router(config)#access-list 2 deny 15.1.1.0 0.0.0.255Router(config)#access-list 2 permit anyRouter(config)#^ZRouter#One of the first things you may notice about our configuration is that there is no permit statement for the network 10.1.1.0, which our criteria specified we must permit. The last line of the access-list (access-list 2 permit any) will take care of this criteria. Let’s review our criteria and verify we have completed our tasks: * Permit all packets originating from network 10.1.1.0 255.255.255.128 The last line of our access list accomplishes this criteria. It was not necessary to explicitly permit this network in our access list since there were no statements in our access-list matching this network except for the final line of “permit any”. * Deny all packets originating from network 10.1.1.128 255.255.255.128. The first line of our access list accomplishes this criteria. It is very important to note that it was necessary to use a source-mask of 0.0.0.127 for this network. This mask says we “don’t care” about the final seven bits of the fourth octet, which are the bits have have been assigned for host addressing on this network. The subnet mask specified for the network was 255.255.255.128 which says the first bit of the fourth octet has been assigned to the “subnet” the last seven bits have been assigned for host addressing. * Deny all packets originating from network 15.1.1.0 except for packets from a single host of 15.1.1.5. This has been accomplished with lines 2 and three of our access-list. It is very important to note however that the access-list did not accomplish this in the same order as the criteria specified. It is imperative to remember that access-lists are processed top down, and that upon the first match processing stops and action is taken. Our criteria specified to deny packets from network 15.1.1.0 and secondly permit packets from host 15.1.1.5. If lines two and three had been swapped, and the entire network 15.1.1.0 was denied prior to permitting host 15.1.1.5, packets with a source address of 15.1.1.5 would match the more general criteria of “deny 15.1.1.0” first, thus the host would have been denied before it could have been permitted. * The final criteria is to permit all other traffic not previously mentioned. The last line of our access list accomplishes this by permitting “any” packets that were not matched in the first three lines of the list.Bringing it all togetherIn general the process for creating and implementing standard ip access-lists are: 1. Define the rules for which to design the access-list 2. Create the access-list with a number in the range of 1-99 3. Apply the access-list either inbound or outbound to the appropriate interface Items 1 and 2 above have been fairly well covered in this lesson. In closing of the lesson one small item still exists for the application of standard ip access-lists. That item is regarding the placement of the access-list. In general standard ip access-lists should be placed nearest the destination and not the source. This is not an absolute rule however and there are exceptions. Due to the fact standard ip access-lists only operate on the source address, detailed granularity is not always possible. Care must be taken to avoid implementing undesirable policies. If a standard access-list is placed near the source it is very possible that access to devices other than those desired will be impeded.For example, if access-list 2, which we created in this lesson, were implemented as an inbound access-list on the Ethernet interface of a router directly connected to the 15.1.1.0 network, the only workstation that would be allowed off the local segment would be 15.1.1.5. This access-list would most likely be implemented as an outbound access-list on the remote end of the connection, where the filtering of packets is truly desired.Viewing the figure below, let’s assume that workstation C is device 15.1.1.5, and Workstation D is device 10.1.1.133. Our desire is to implement a policy for Workstation A that only allows Workstation C access from remote Ethernet C. We also wish to implement a policy that will deny any access from remote Ethernet D. Placement is critical for this accomplishment. If access-list 2 from above is implemented as an outbound access-list on Router 2’s serial interface we will accomplish the desired task, BUT we will also deny traffic from Ethernet D to Ethernet B, which is undesired. The same scenario holds true if the access-list is implemented as an inbound access-list on Router 1’s serial interface. If we place this access-list as an outbound access-list on Router 1’s Ethernet A interface, our policy is intact, without any unwanted policy implementations.