From: John Matus (jmatus@pacbell.net)
Date: Sun Jun 19 2005 - 04:17:49 GMT-3
that is a pretty interesting solution.
is there an "ip" solution that would work also? i was interested in getting
some feedback about my initial idea..:
>>turning off icmp
turning off ip
turning off cdp
no ip unreachables
> int e0/0
> ip access-g 101 in
> no cdp enable
>
> access-list 101 permit tcp host 1.2.3.4 any eq telnet
> access-list 101 deny ip any any
what would a port scanner see in with this type of scenarion?
Regards,
John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Alexander Arsenyev (GU/ETL)" <alexander.arsenyev@ericsson.com>
To: "John Matus" <john_matus@hotmail.com>; <ccielab@groupstudy.com>
Sent: Saturday, June 18, 2005 1:10 PM
Subject: RE: making a router invisible
>I have even better idea:
>
> 1) turn OFF ip routing
> 2) enable X.25 with static routing.
> 3) You may need to also enable CMNS and PAD over CMNS if the only
> interface is Ethernet.
> 4) assign X.121 address to the router itself
> 5) use PAD to access the router. PAD is functionally similar to telnet.
>
> Complete and utter invisibility to IP! :-)
>
> HTH,
> Cheers
> Alex
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> John Matus
> Sent: 18 June 2005 20:42
> To: ccielab@groupstudy.com
> Subject: making a router invisible
>
>
> could you make a router virtually invisible on a network?
>
> i've had a few idea on how to do this, in the case that there is port
> scanning going on and other foot-printing methods, but i need more input.
> here is my idea:
>
> the router would be connected to the network via an ethernet interface
> only.
> the only access i want to have to this router is via telnet.
>
> turn of icmp <i think you can do this, but i don't have a router in front
> of
> me...."no icmp enable", "no service icmp"...??
>
> no ip unreachables
> int e0/0
> ip access-g 101 in
> no cdp enable
>
> access-list 101 permit tcp host 1.2.3.4 any eq telnet
> access-list 101 deny ip any any
>
> my thought is that if icmp is off (if you cant turn it off, at least the
> access-list will deny it...i think)
> then the router wont reply to ping sweeps or any other icmp feature. with
> the acl, only telnet trafffic would be permitted in, and anything else
> that
> tried to get though or query the router or a specific port would be
> silently
> discarded because of the "no ip unreachable". <i forget if that is a
> global
> command or an interface command...>
>
> is my thinking correct or am i way off? any suggestion on how to do this
> effectively?
>
> TIA
>
> _________________________________________________________________
> Express yourself instantly with MSN Messenger! Download today - it's FREE!
> http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:41 GMT-3