Security risk with the access list

Fida jlassi · ‎08-21-2015

Is there a security risk if we put an IP address in the access list which is not a part of the network, in a cisco router?

Jon Marshall · ‎08-21-2015

The question is too general ie. it depends on where the acl is, whether is it inbound or outbound etc.

People often use "any" with internal acls but obviously with internet facing devices you need to be a lot more careful.

Difficult to answer with more details.

Jon

Fida jlassi · ‎08-21-2015

I will explain more I found the following access list, in a cisco router 2811

access-list 23 permit 10.10.10.0 0.0.0.7

access-list 23 permit 192.168.140.0 0.0.0.255

access-list 23 permit 192.168.141.0 0.0.0.255

access-list 23 permit 192.168.142.0 0.0.0.255

access-list 23 permit 192.168.143.0 0.0.0.255

access-list 23 permit 192.168.144.0 0.0.0.255

access-list 23 permit 192.168.145.0 0.0.0.255

access-list 23 permit 138.222.0.0 0.0.255.255

access-list 23 permit 10.49.0.0 0.0.255.255

Ip address marked in bold in the command bellow are not part of our network? what is the risk ? is there a security risk?

Moh Mogh · ‎08-23-2015

Hi,

Actually it depends on the use case of the ACL. Maybe it's just a list of IPs referenced in a route-map, or SNMP access, or vty access, or applied to interfaces, etc.

In the last case for example, if someone unauthorized, gets a device connected to your network where these subnets are routed, and assigns an IP to the device in these ranges, then he could gain access to something...

Regards,
Mohammad