Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ACL and routing

Status
Not open for further replies.
hectormz

hectormz

MIS
Jun 26, 2003
27
0
0
US
Hi all,

In one of our routers 192.168.X.X (a 1700 with IOS 12.0(7)T)that's connecting in one serial subinterface with another cisco 10.40.X.X(a 2600 with IOS 12.0(2)XD1) i recently add the following ACL:

access-list deny tcp any any eq 69
access-list deny udp any any eq 69
access-list deny tcp any any eq 3127
access-list deny tcp any any eq 3198
access-list permit ip any any

The idea was to block Blaster's propagation (port 69) and MyDoom's trojan listening; but from my 1700 i could'n see the 2600, in the sh frame pvc everything seemed OK, but the people on the other side we unable to connect to one of out servers. Removing the recently added ACL was the solution...i don't know why this happened, any ideas?

Regards,




 
Sort by date Sort by votes
If your users are trying to tftp somewhere, this ACL blocks it. If they are using some other app that targets 3198 and 3127, this blocks it as well. Find out from your users what apps they are using and ports they are targetting along with the destiantion IP and allow this connectivity. Block everything else going to those ports.

HTH,
Robert
 
Upvote 0 Downvote
Thanks for the reply,

The app they're using is Mapics/AS400, and as far as i know the connect using port 23. Even if there was another app using the ports we blocked the fact that there was no response from router to router is what draws my attention, Do the routers communicate between the using port 69, 3127 or 3198? I didn't think so, but no i have a doubt

The 2600 router connects with a DS0 line and the 1700 is in a Frame-Relay link.

Thanks again for the reply,
Regards
-Hector
 
Upvote 0 Downvote
Can you post your configs? Also let me know which router the users reside on.

robert
 
Upvote 0 Downvote
You have have had a problem with the application of the access-list.

I'm not sure what seeing your configuration will do at this point. can you see the other router without the access-list?

One more thing, your stopping 3127 and 3198, won't do you much good, as the Novarg Virus uses 3127 THROUGH 3198

Shutting down all of those port in between may not be feasable, update all of the virus software def files and re-approach the router from an existing traffic perspective, versus attempting to block traffic coming into your network.....
 
Upvote 0 Downvote
Yes, i can see the other router without the ACL.

The users are on the 2600 router 10.40.x.x with the DS0 link.

Thanks for the correction Syty, our antivirus are updated, there's no problem over there.

I'm trying to block those ports cause in the side of the router 2600 there are some of our workstations used by another enterprise, without AV cause they're old equipment. We don't know the exact use they give to those machines, and I don't want them to be an open door to our network.

I'm trying to block all unnecesarie ports to reduce the risk of future attacks.

Regards,
-Hector
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Pankaj88
  • Locked
  • Question
BGP Routing Clarification
Replies
0
Views
55
Pankaj88
Pankaj88
Lccarter
  • Locked
  • Question
Cisco CUCM Provisioning and Order Management System
Replies
1
Views
69
Lccarter
Lccarter
Mogles49
  • Locked
  • Question
Firewall ACL question
Replies
1
Views
52
burtsbees
burtsbees
mikey789
  • Locked
  • Question
Can 4000-M Routing VLANs ?
Replies
0
Views
40
mikey789
mikey789
acabezas2014
  • Locked
  • Question
Create ACL for ip range
Replies
2
Views
57
acabezas2014
acabezas2014

Part and Inventory Search

Sponsor

Back
Top