Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
Cisco
CCST & CCNA (Entry-level & Associate)
Preventing FTP Access with ACL
mercanedees
Can anyone please help - came across this question . .
How would you prevent FTP access to a host using only port numbers?
Would you have to code the following for both port numbers 20 and 21 or would just one of the FTP port numbers suffice?
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq 20
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq 21
access-list 101 permit ip any any
interface serial 0
ip access-group 101 in
Hope this makes sense - Many thanks
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
mbeaven
I believe it's only necessary to block port 21 the control port since it's needed to establish the session. I don't have a router in front of me right now but I thought blocking port 21 is the same as putting eq ftp and shows that way in the config. I'm sure if I'm wrong someone will let me know about it.
mercanedees
Thank you mbeaven for the reply
wildfire
access-list 101 deny tcp 172.16.00 0.0.255.255 any eq ftp
this command blocks both port 20 and 21. However be carefull as people can use fpt through http passive mode which will use port 80 http for ftp access.
wildfire
forgot to say theres also secure ftp
access-list 110 deny tcp any any eq 115
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
