From: Chris Lewis \(chrlewis\) (chrlewis@cisco.com)
Date: Tue Jul 26 2005 - 16:34:27 GMT-3
A massive topic, please look at the following links, there are lots of
templates from the team at cymru.com (start with the Bogon reference
page and work on from there) and the nanog list
(http://www.nanog.org/ispsecurity.html) is a great resource for real
world practice.
Chris
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
P.Willemsen
Sent: Tuesday, July 26, 2005 2:03 PM
To: ccielab@groupstudy.com
Subject: DOS attacks/ Spoofing attacks
Hi,
Could somebody give me a recommendation for configuration DOS/Spoofing
attacks for routers.
interface fast 0/1
ip address 137.1.2.13 255.255.255.252
no ip directed-broadcast
ip access-group list 185 in
!
access-list 185 permit tcp host 137.1.2.13 host 137.1.2.14 eq bgp
access-list 185 permit tcp host 137.1.2.13 eq bgp host 137.1.2.14
access-list 185 deny tcp any any eq bgp log-input
access-list 185 permit icmp any any
access-list 185 deny ip host 137.1.2.14 host 137.1.2.14
access-list 185 deny ip 137.1.0.0 0 0.0.255.255 any
access-list 185 deny ip 137.1.0.0 0.0.255.255
access-list 185 permit ip any 137.1.0.0 0.0.255.255
access-list 185 deny ip any any log-input
Cheers,
Piet
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3