From: Eugene Ward (eward15@juno.com)
Date: Sat Jun 18 2005 - 22:24:26 GMT-3
Just touched down in LV myself!
Eugene Ward
---------- Forwarded Message ----------
no ip routing
Must be a slow day for questions...
Everybody must be headed to Networkers!
LIVE AT NETWORKERS AND HAVING A BLAST!
Christopher M. Heffner, CCIE 8211, CCSI 98760
Strategic Network Solutions, Inc.
VP of Internetworking Technologies
www.certified-labs.com
"Complete CCIE R&S and Security Online Rack Rentals"
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
John Matus
Sent: Saturday, June 18, 2005 3:42 PM
To: ccielab@groupstudy.com
Subject: making a router invisible
could you make a router virtually invisible on a network?
i've had a few idea on how to do this, in the case that there is port
scanning going on and other foot-printing methods, but i need more
input.
here is my idea:
the router would be connected to the network via an ethernet interface
only.
the only access i want to have to this router is via telnet.
turn of icmp <i think you can do this, but i don't have a router in
front of
me...."no icmp enable", "no service icmp"...??
no ip unreachables
int e0/0
ip access-g 101 in
no cdp enable
access-list 101 permit tcp host 1.2.3.4 any eq telnet
access-list 101 deny ip any any
my thought is that if icmp is off (if you cant turn it off, at least
the
access-list will deny it...i think)
then the router wont reply to ping sweeps or any other icmp feature.
with
the acl, only telnet trafffic would be permitted in, and anything else
that
tried to get though or query the router or a specific port would be
silently
discarded because of the "no ip unreachable". <i forget if that is a
global
command or an interface command...>
is my thinking correct or am i way off? any suggestion on how to do
this
effectively?
TIA
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3