?
Solved

Block MySpace and IM on Cisco 1700 Series Router

Posted on 2007-03-21
6
Medium Priority
?
492 Views
Last Modified: 2008-01-09
I need to block MySpace and AOL IM on a Cisco 1700 series router/firewall.  I have tried to setup the Access-list but I am still having problems.
0
Comment
Question by:ComNetPlus
  • 3
  • 3
6 Comments
 
LVL 20

Expert Comment

by:RPPreacher
ID: 18763663
Can you post the ACL that you created?
0
 

Author Comment

by:ComNetPlus
ID: 18763727
Since it wasn't working I did not save the temporary access-list and did not save it to the configuration.
Here's where it currently stands.

Standard IP access list 10
    permit 10.10.10.0, wildcard bits 0.0.0.255 (250915 matches) check=27638
0
 
LVL 20

Accepted Solution

by:
RPPreacher earned 375 total points
ID: 18763801
Block port 5190 (AIM)
Block IP ranges 67.134.143.0 - 67.134.143.255

The access-list should look like this

access-list 101 deny tcp any any eq 5190
access-list 101 deny ip any 67.134.143.0 0.0.0.255
access-list 101 permit ip any any
0
The eGuide to Automating Firewall Change Control

Today’s IT environment is constantly changing, which affects security policies and firewall rules. Discover tips to help you embrace this change through process improvement & identify areas where automation & actionable intelligence can enhance both security and business agility.

 

Author Comment

by:ComNetPlus
ID: 18763934
What IP is subnet 67.134.143.0?
When I ping www.myspace.com I receive IP 216.178.38.131.
0
 
LVL 20

Expert Comment

by:RPPreacher
ID: 18763995
I went to arin.net
myspace.com owns 67.134.143.0/24.
0
 

Author Comment

by:ComNetPlus
ID: 18764266
I don't fully understand why, but I had to have both entries to be effective.

access-list 101 deny tcp any any eq 5190
access-list 101 deny ip any 67.134.143.0 0.0.0.255
access-list 101 deny ip  any 216.178.38.0 0.0.0.255
access-list 101 permit ip any any

Anyway it all now works and blocks myspace.

Thanks,
0

Featured Post

SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
The goal of the tutorial is to teach the user how to instant message and make a video call in Skype.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses

601 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question