From: John Matus (john_matus@hotmail.com)
Date: Sat Jun 18 2005 - 16:41:49 GMT-3
could you make a router virtually invisible on a network?
i've had a few idea on how to do this, in the case that there is port
scanning going on and other foot-printing methods, but i need more input.
here is my idea:
the router would be connected to the network via an ethernet interface only.
the only access i want to have to this router is via telnet.
turn of icmp <i think you can do this, but i don't have a router in front of
me...."no icmp enable", "no service icmp"...??
no ip unreachables
int e0/0
ip access-g 101 in
no cdp enable
access-list 101 permit tcp host 1.2.3.4 any eq telnet
access-list 101 deny ip any any
my thought is that if icmp is off (if you cant turn it off, at least the
access-list will deny it...i think)
then the router wont reply to ping sweeps or any other icmp feature. with
the acl, only telnet trafffic would be permitted in, and anything else that
tried to get though or query the router or a specific port would be silently
discarded because of the "no ip unreachable". <i forget if that is a global
command or an interface command...>
is my thinking correct or am i way off? any suggestion on how to do this
effectively?
TIA
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3