Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Block Ports

Dear Friends,

can anybody let me know how to block ports on any Operating System...? Rightnow i wanted to block certain ports on my systems within our LAN. any port Blocking Software can be of help to me or should t be done at the router Level.? If at the Router level pl. let me know the config part of it.

say i want to block http,ftp,telnet and some standard ports.

Also pl. let me know the commant for blocking the finger port on my router.

Rgds

Kalyan

4 REPLIES
New Member

Re: Block Ports

Hi

You can confgure access lists in the router.. try that out

Bronze

Re: Block Ports

I believe, a firewall is what you need.

You can also perform filtering funtions on a router

but this will require some amount of CPU resources.

But if you have enough CPU resources on your router,

you can configure the access-lists (or ACLs).

There are steps and rules to consider in using ACLs,

and the following link should help:

http://www.cisco.com/en/US/products/sw/secursw/ps1018/products_tech_note09186a00800a5b9a.shtml

To define specific protocols and ports, you'll be needing

Extended ACLs. A typical example looks like:

interface Ethernet0

ip address ******

ip access-group 100 in

access-list 100 permit tcp 10.0.0.0 0.255.255.255 172.16.0.0 0.0.255.255 eq www

access-list 100 permit tcp 10.0.0.0 0.255.255.255 172.16.0.0 0.0.255.255 eq smtp

Lastly, "finger" uses port number 79 both for TCP and UDP.

Goodluck.

New Member

Re: Block Ports

Thanks Ganesh For the response. I treid filtering through Access list only but I faced the below Problem. Pl. let me know how to overcome thi?

We have 3 subnets in our office, Configured as secondary Interfaces on the Router. Our Servers are spread across these 3 subnets. Say if I block a port on server sitting in Subnet A through access list, and run a port scan from any node on subnet A , The port is not blocked as ROuter will not come into picture for communication between systems on the same subnet. where as if i scan a server in Subnet B it shows port blocked as i must go through the router to access the secondary subnet and it gets filtered by the access list.

Request a solution for this problem.

Silver

Re: Block Ports

On Windows 2000 for blocking ports, you can use the inbuild TCP/IP filtering.

Open the TCP/IP Properties of Local Area Connection, go to Advanced > Options > TCP/IP filtering. Here u can allow or deny the ports u need.

And if u need to disable finger services on the router, use the command

no ip finger.

Anup

230
Views
0
Helpful
4
Replies
CreatePlease to create content