blocking layer 4 ports using accesslists - Firewalls

This is a discussion on blocking layer 4 ports using accesslists - Firewalls ; hai , I have started a project for blocking all layer 4 ports except the working ports for the internet browsing using access control list on the cisco 1600router. the concept is i want to permit the needed ports for ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: blocking layer 4 ports using accesslists

  1. blocking layer 4 ports using accesslists

    hai ,

    I have started a project for blocking all layer 4 ports
    except the working ports for the internet browsing using access
    control list on the cisco 1600router.

    the concept is i want to permit the needed ports for the internet ,so
    automatically all other ports will be blocked.


    anybody interested join with me and share the ideas.....


  2. Re: blocking layer 4 ports using accesslists

    In article <1171516735.957652.321080@p10g2000cwp.googlegroups. com>,
    wrote:
    > I have started a project for blocking all layer 4 ports
    >except the working ports for the internet browsing using access
    >control list on the cisco 1600router.


    >the concept is i want to permit the needed ports for the internet ,so
    >automatically all other ports will be blocked.


    >anybody interested join with me and share the ideas.....


    Unless you define "internet browsing" very narrowly, what you
    are proposing does not work.

    The HTTP protocol used by "internet browsing" can run on any
    TCP port. Port 80 is the default and most common port, but people
    put their web servers on a wide variety of ports, including,
    not uncommonly, 8080, 8888, 8800, and just about any other port
    you could name.

    If you know exactly which ports you will support, and if you intend
    to simply not support browsing to servers on unusual ports, then
    what you are asking for is a relatively trivial ip extended access-list
    on a 1600 router -- the sort of access list that is done as an
    introductory exercise, not as a "project".

    By the way, keep in mind that in order to do "internet browsing",
    that you will need to permit access to -some- DNS server.

  3. Re: blocking layer 4 ports using accesslists

    On 14 Feb 2007 21:18:56 -0800, vinguy51@gmail.com wrote:

    >hai ,
    >
    > I have started a project for blocking all layer 4 ports
    >except the working ports for the internet browsing using access
    >control list on the cisco 1600router.
    >
    >the concept is i want to permit the needed ports for the internet ,so
    >automatically all other ports will be blocked.
    >
    >
    >anybody interested join with me and share the ideas.....


    If you are talking about doing this on a border router, I would suggest
    that you concentrate on the interface connected to the outside and block
    the ports that are most commonly used in attacks. You should use a
    firewall to control outgoing ports and filter the incoming ports that are
    allowed through the router. Routers are not meant to be used as firewalls
    and adding huge ACL lists to them tends to decrease performance
    considerably, especially on lower-end routers like the 1600.

+ Reply to Thread