|
osdir.com mailing list archive |
|
Subject: Re: access-list from scan - msg#00026List: os.freebsd.ispACL's can be used to stop scans, but it's a manual thing - you need to know where they are coming from, then modify your ACL to block them. A router does not do Intrusion Detection. The ACL's in them are rudimentary. FYI I do not know what kind of connection you're running into the 7200, or what feeds into the Cisco's behind them, but no scan should stop a router - by that I mean the router should be fully capable of handling the speed of the traffic allowed by it's interfaces. If your routers are being DoS'd, make sure you are running current levels of IOS on all of them. It's not uncommon for Cisco to put security fixes in code revisions. -rf At 12:39 PM 1/9/2003 +0300, Andrew Karjagin wrote: Hello! I have a four class C networks behind a Cisco 7206. That networks processed by some smaller cisco routers and FreeBSD servers. Sometimes I have a problem with scanning my networks from other hosts. Some smaller cisco routers stop work. Freebsd servers stop the scanning by portsentry program and it work Ok! Question: Where can I find resources/sites with docs about configuring access-list on Cisco, that can help me to stop the scanning of my networks on main Cisco 7206? Is that possible to stop scan and other attacks on Cisco by using access-list or I have to use another features/progs? Thank you very much for help! __________ www.newmail.ru -- îÏ×ÁÑ ðÏÞÔÁ: ×ÓÅ ÐÏ ÎÏ×ÏÍÕ. To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message Thread at a glance:
Previous Message by Date: click to view message previewaccess-list from scanHello! I have a four class C networks behind a Cisco 7206. That networks processed by some smaller cisco routers and FreeBSD servers. Sometimes I have a problem with scanning my networks from other hosts. Some smaller cisco routers stop work. Freebsd servers stop the scanning by portsentry program and it work Ok! Question: Where can I find resources/sites with docs about configuring access-list on Cisco, that can help me to stop the scanning of my networks on main Cisco 7206? Is that possible to stop scan and other attacks on Cisco by using access-list or I have to use another features/progs? Thank you very much for help! __________ www.newmail.ru -- Новая Почта: все по новому. To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message Next Message by Date: click to view message preview(unknown)subscribe To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message Previous Message by Thread: click to view message previewaccess-list from scanHello! I have a four class C networks behind a Cisco 7206. That networks processed by some smaller cisco routers and FreeBSD servers. Sometimes I have a problem with scanning my networks from other hosts. Some smaller cisco routers stop work. Freebsd servers stop the scanning by portsentry program and it work Ok! Question: Where can I find resources/sites with docs about configuring access-list on Cisco, that can help me to stop the scanning of my networks on main Cisco 7206? Is that possible to stop scan and other attacks on Cisco by using access-list or I have to use another features/progs? Thank you very much for help! __________ www.newmail.ru -- Новая Почта: все по новому. To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message Next Message by Thread: click to view message previewOFF TOPIC Re: access-list from scanRalph Forsythe wrote: > > Check the Cisco support site. > > ACL's can be used to stop scans, but it's a manual thing - you need to know > where they are coming from, then modify your ACL to block them. A router > does not do Intrusion Detection. The ACL's in them are rudimentary. > > FYI I do not know what kind of connection you're running into the 7200, or > what feeds into the Cisco's behind them, but no scan should stop a router - > by that I mean the router should be fully capable of handling the speed of > the traffic allowed by it's interfaces. If your routers are being DoS'd, > make sure you are running current levels of IOS on all of them. It's not > uncommon for Cisco to put security fixes in code revisions. You are quite incorrect, there are many versions of IDS (Intrustion Detection Software) and IOS enhancements available for Cisco products starting at even 800 series routers. http://www.cisco.com/warp/public/732/Tech/security/intrusion/ Look for the IOS version like so: IP Plus/FW/IDS Now let's please stop this thread or move it to a Cisco list. -- Chris o----< ccook@xxxxxxxxxxx >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o To Unsubscribe: send mail to majordomo@xxxxxxxxxxx with "unsubscribe freebsd-isp" in the body of the message Loading Comments...
|
|
