Bugtraq mailing list archives
land protection for cisco
From: stefan () NS BIS BG (Stefan Stefanov)
Date: Fri, 21 Nov 1997 17:01:28 +0200
hi. Here is a simple protection against the land stuff for the cisco's. It's a extended ip access list that should be put on all the intefaces on the box. Extended IP Access list 105 deny tcp host 111.111.111.111 host 111.111.111.111 permit ip any any where 111.111.111.111 is the interface's ip address. This should be put as an input access-group. Or if you don't get it here's what to type on your cisco's console. rtr#config terminal rtr(config)#access-list 105 deny tcp 111.111.111.111 0.0.0.0 111.111.111.111 0.0.0.0 rtr(config)#access-list 105 permit ip any any rtr(config)#interface ethernet 0 rtr(config)#ip access-group 105 in rtr(config)#exit rtr(config)#interface serial 0 rtr(config)#ip access-group 105 in and so on for the rest of the interfaces... Replace 105 with a free extended access-list number. I have tested it on our cisco 2511 and it works just ok. Best regards, Stefan Stefanov. WWW: http://www.bis.bg/~stefan E-mail: stefan () bis bg
Current thread:
- Re: [seg-l] Passwords en Cisco (fwd) Arjan Vos (Nov 01)
- <Possible follow-ups>
- Re: [seg-l] Passwords en Cisco (fwd) We got Food - Fuel - Ice-cold Beer - and X.509 certificates (Nov 03)
