Hi there,
Have read of these to get a feel for extended ACLs on Cisco's:
http://www.pantz.org/os/ios/ioscommands.shtml#Notes-AccessLists (you can
grab it off Cisco's site to but this is a nice summary).
Just remember that you just need to add your specific allow rules as ACLs
have an implicity deny that is applied at the end of your ruleset.
As an example for allowing telnet (then you add the rule to the specific
interface):
access-list 100 allow tcp host 1.1.1.1 host 2.2.2.2 eq 23
--
Shaineel Singh
MakePeace Media LTD
http://mpm.org.au/shsingh
pgp id: 0xA9D8D351
fp: 38 0D A8 C8 74 A2 33 5E CE 0E 5A FA D5 A0 04 7C
This message was written entirely with recycled electrons.
-----Original Message-----
From: listbounce@securityfocus.com
[mailto:listbounce@securityfocus.com] On Behalf Of apaez1084@gmail.com
Sent: Tuesday, 24 October 2006 2:44 a.m.
To: security-basics@securityfocus.com
Subject: router access control list
Hi,
Im a rookie. And i worked on access-list 2 years ago once
nad never have again. Now i need to do it for my new job.
cisco 800 series. (827)
I need to block alot of traffic. specially using remote
access. I need to block all ports execpt 3390, 3389, and
another one that i cant remember. thouse are remote access
open ports for different computers. Also block all other
ports that except the common ones. (ftp, email, internet, etc...)
Now in ip addresses: the router has change the ip address for
the people out side dont know the real address. i need to
block everyone else.
how can i do this in an access list. some examples or
something will help greatlly.
thanks
--------------------------------------------------------------
-------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of
Academic Excellence
in Information Security. Our program offers unparalleled
Infosec management
education and the case study affords you unmatched consulting
experience.
Using interactive e-Learning technology, you can earn this
esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
--------------------------------------------------------------
-------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
