Categories
Welcome Center
Education & Development
Cyber Security
Virtualization
General
Certification Preparation
Project Management
Posts
Groups
Training Resources
Infosec
IT & Security Bootcamps
Practice Exams
Security Awareness Training
About Us
Home
Certification Preparation
Cisco
CCNA & CCENT
Preventing FTP Access with ACL
mercanedees
Can anyone please help - came across this question . .
How would you prevent FTP access to a host using only port numbers?
Would you have to code the following for both port numbers 20 and 21 or would just one of the FTP port numbers suffice?
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq 20
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq 21
access-list 101 permit ip any any
interface serial 0
ip access-group 101 in
Hope this makes sense - Many thanks
Find more posts tagged with
Comments
mbeaven
I believe it's only necessary to block port 21 the control port since it's needed to establish the session. I don't have a router in front of me right now but I thought blocking port 21 is the same as putting eq ftp and shows that way in the config. I'm sure if I'm wrong someone will let me know about it.
mercanedees
Thank you mbeaven for the reply
wildfire
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq ftp
this command blocks both port 20 and 21. However be carefull as people can use fpt through http passive mode which will use port 80 http for ftp access.
wildfire
forgot to say theres also secure ftp
access-list 110 deny tcp any any eq 115
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
