Security Basics mailing list archives
RE: router access control list
From: "Shain Singh" <shain.singh () aapt com au>
Date: Tue, 24 Oct 2006 11:16:46 +1000
Hi there, Have read of these to get a feel for extended ACLs on Cisco's: http://www.pantz.org/os/ios/ioscommands.shtml#Notes-AccessLists (you can grab it off Cisco's site to but this is a nice summary). Just remember that you just need to add your specific allow rules as ACLs have an implicity deny that is applied at the end of your ruleset. As an example for allowing telnet (then you add the rule to the specific interface): access-list 100 allow tcp host 1.1.1.1 host 2.2.2.2 eq 23 -- Shaineel Singh MakePeace Media LTD http://mpm.org.au/shsingh pgp id: 0xA9D8D351 fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C This message was written entirely with recycled electrons.
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of apaez1084 () gmail com Sent: Tuesday, 24 October 2006 2:44 a.m. To: security-basics () securityfocus com Subject: router access control list Hi, Im a rookie. And i worked on access-list 2 years ago once nad never have again. Now i need to do it for my new job. cisco 800 series. (827) I need to block alot of traffic. specially using remote access. I need to block all ports execpt 3390, 3389, and another one that i cant remember. thouse are remote access open ports for different computers. Also block all other ports that except the common ones. (ftp, email, internet, etc...) Now in ip addresses: the router has change the ip address for the people out side dont know the real address. i need to block everyone else. how can i do this in an access list. some examples or something will help greatlly. thanks -------------------------------------------------------------- ------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- router access control list apaez1084 (Oct 23)
- RE: router access control list Shain Singh (Oct 24)
- RE: router access control list Erick Jensen (Oct 24)
- RE: router access control list Murda Mcloud (Oct 24)
- Re: router access control list Ivan . (Oct 24)
- <Possible follow-ups>
- Re: router access control list apaez1084 (Oct 25)
- RE: router access control list David Gillett (Oct 27)
- Re: Re: router access control list apaez1084 (Oct 27)
- Re: Re: router access control list Alexey Eremenko (Oct 27)