hai ,
I have started a project for blocking all layer 4 ports
except the working ports for the internet browsing using access
control list on the cisco 1600router.
the concept is i want to permit the needed ports for the internet ,so
automatically all other ports will be blocked.
anybody interested join with me and share the ideas.....
In article <1171516735.957652.321080@p10g2000cwp.googlegroups.com>,
> I have started a project for blocking all layer 4 ports
>except the working ports for the internet browsing using access
>control list on the cisco 1600router.
>the concept is i want to permit the needed ports for the internet ,so
>automatically all other ports will be blocked.
>anybody interested join with me and share the ideas.....
Unless you define "internet browsing" very narrowly, what you
are proposing does not work.
The HTTP protocol used by "internet browsing" can run on any
TCP port. Port 80 is the default and most common port, but people
put their web servers on a wide variety of ports, including,
not uncommonly, 8080, 8888, 8800, and just about any other port
you could name.
If you know exactly which ports you will support, and if you intend
to simply not support browsing to servers on unusual ports, then
what you are asking for is a relatively trivial ip extended access-list
on a 1600 router -- the sort of access list that is done as an
introductory exercise, not as a "project".
By the way, keep in mind that in order to do "internet browsing",
that you will need to permit access to -some- DNS server.
On 14 Feb 2007 21:18:56 -0800, vinguy51@gmail.com wrote:
>hai ,
>
> I have started a project for blocking all layer 4 ports
>except the working ports for the internet browsing using access
>control list on the cisco 1600router.
>
>the concept is i want to permit the needed ports for the internet ,so
>automatically all other ports will be blocked.
>
>
>anybody interested join with me and share the ideas.....
If you are talking about doing this on a border router, I would suggest
that you concentrate on the interface connected to the outside and block
the ports that are most commonly used in attacks. You should use a
firewall to control outgoing ports and filter the incoming ports that are
allowed through the router. Routers are not meant to be used as firewalls
and adding huge ACL lists to them tends to decrease performance
considerably, especially on lower-end routers like the 1600.