Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: router access control list

From: "Shain Singh" <shain.singh () aapt com au>
Date: Tue, 24 Oct 2006 11:16:46 +1000
Hi there,

Have read of these to get a feel for extended ACLs on Cisco's:
http://www.pantz.org/os/ios/ioscommands.shtml#Notes-AccessLists (you can
grab it off Cisco's site to but this is a nice summary).

Just remember that you just need to add your specific allow rules as ACLs
have an implicity deny that is applied at the end of your ruleset.

As an example for allowing telnet (then you add the rule to the specific
interface):

access-list 100 allow tcp host 1.1.1.1 host 2.2.2.2 eq 23 

--
Shaineel Singh
MakePeace Media LTD
 
http://mpm.org.au/shsingh
pgp id:  0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
 
This message was written entirely with recycled electrons.



-----Original Message-----
From: listbounce () securityfocus com 
[mailto:listbounce () securityfocus com] On Behalf Of apaez1084 () gmail com
Sent: Tuesday, 24 October 2006 2:44 a.m.
To: security-basics () securityfocus com
Subject: router access control list

Hi,
 Im a rookie. And i worked on access-list 2 years ago once 
nad never have again. Now i need to do it for my new job. 

cisco 800 series. (827)

I need to block alot of traffic. specially using remote 
access. I need to block all ports execpt 3390, 3389, and 
another one that i cant remember. thouse are remote access 
open ports for different computers. Also block all other 
ports that except the common ones. (ftp, email, internet, etc...)

Now in ip addresses: the router has change the ip address for 
the people out side dont know the real address. i need to 
block everyone else. 

how can i do this in an access list. some examples or 
something will help greatlly. 

thanks 

--------------------------------------------------------------
-------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of 
Academic Excellence 
in Information Security. Our program offers unparalleled 
Infosec management 
education and the case study affords you unmatched consulting 
experience. 
Using interactive e-Learning technology, you can earn this 
esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------






---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: