Blocking tcp port 4751 and 2745 using ACL on Cisco IOS

utawakevou · ‎03-30-2004

We are currently being hit by the beagel worm and we are doing scan to determine individual clients who are infected. This beagle worm use tcp port 4751 and 2745.

We use Etherreal to scan our Network and found out that some of our clients uses this port and the thing that tells us that it is not a valid request, was that it use that port numbers to communicate with invalid address on our network like 129.x.x.x etc.

I want to block this TCP ports in and out of the serial or fastethernet port of my routers.

Need help on setting up ACL for that

mesuti · ‎03-31-2004

from what I understood, I would apply these access-lists, assuming that fa0/0 is interface directly connected with your network, so ACL 100 will match any packet with tcp 4751 and 2745 with source address your "valid" address range to any destination, and ACL 101 will match any packet with tcp 4751 and 2745, and will allow any packet from internet (except packets with port 4751 and 2745) with destination your address range.

access-list 100 deny tcp any any eq 4751

access-list 100 deny tcp any any eq 2745

access-list 100 permit ip any

access-list 101 deny tcp any any eq 4751

access-list 101 deny tcp any any eq 2745

access-list 101 permit ip any

internet fa0/0

ip access-group 100 in

ip access-group 101 out

hope it helps

utawakevou · ‎04-04-2004

Thanks for your reply. This looks interesting. OK, I want to block the TCP port 4751 and 2745 whether it is to a valid or invalid address

Currently we are not using that TCP port numbers for any valid connectivity