blocking layer 4 ports using accesslists

hai ,

I have started a project for blocking all layer 4 ports except the working ports for the internet browsing using access control list on the cisco 1600router.

the concept is i want to permit the needed ports for the internet ,so automatically all other ports will be blocked.

anybody interested join with me and share the ideas.....

Reply to
Loading thread data ...

Unless you define "internet browsing" very narrowly, what you are proposing does not work.

The HTTP protocol used by "internet browsing" can run on any TCP port. Port 80 is the default and most common port, but people put their web servers on a wide variety of ports, including, not uncommonly, 8080, 8888, 8800, and just about any other port you could name.

If you know exactly which ports you will support, and if you intend to simply not support browsing to servers on unusual ports, then what you are asking for is a relatively trivial ip extended access-list on a 1600 router -- the sort of access list that is done as an introductory exercise, not as a "project".

By the way, keep in mind that in order to do "internet browsing", that you will need to permit access to -some- DNS server.

Reply to
Walter Roberson

If you are talking about doing this on a border router, I would suggest that you concentrate on the interface connected to the outside and block the ports that are most commonly used in attacks. You should use a firewall to control outgoing ports and filter the incoming ports that are allowed through the router. Routers are not meant to be used as firewalls and adding huge ACL lists to them tends to decrease performance considerably, especially on lower-end routers like the 1600.

Reply to
Default User Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.