From owner-freebsd-hackers  Mon Jun 24 05:46:02 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id FAA18350
          for hackers-outgoing; Mon, 24 Jun 1996 05:46:02 -0700 (PDT)
Received: from mexico.brainstorm.eu.org (root@mexico.brainstorm.eu.org [193.56.58.253])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id FAA18344;
          Mon, 24 Jun 1996 05:45:57 -0700 (PDT)
Received: from brasil.brainstorm.eu.org (brasil.brainstorm.eu.org [193.56.58.33]) by mexico.brainstorm.eu.org (8.7.5/8.7.3) with ESMTP id OAA06092; Mon, 24 Jun 1996 14:45:53 +0200
Received: (from uucp@localhost) by brasil.brainstorm.eu.org (8.6.12/8.6.12) with UUCP id OAA14741; Mon, 24 Jun 1996 14:45:38 +0200
Received: (from roberto@localhost) by keltia.freenix.fr (8.8.Alpha.5/keltia-uucp-2.8) id NAA09908; Mon, 24 Jun 1996 13:43:56 +0200 (MET DST)
From: Ollivier Robert <roberto@keltia.freenix.fr>
Message-Id: <199606241143.NAA09908@keltia.freenix.fr>
Subject: Re: I need help on this one - please help me track this guy down!
To: jkh@time.cdrom.com (Jordan K. Hubbard)
Date: Mon, 24 Jun 1996 13:43:56 +0200 (MET DST)
Cc: guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org,
        ache@FreeBSD.org
In-Reply-To: <10326.835597770@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 23, 96 11:29:30 pm"
X-Operating-System: FreeBSD 2.2-CURRENT ctm#2111
X-Mailer: ELM [version 2.4ME+ PL22 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-hackers@FreeBSD.org
X-Loop: FreeBSD.org
Precedence: bulk

It seems that Jordan K. Hubbard said:
> How do you install such things on a cisco 2500? :-) Seriously, if
> there's a way then I can get someone from cisco to help me out, but I
> first need to know that it's even a reasonable request.

If you  use Serial0 for  the  Internet and  A.B.C.0/24 in your internal
network, use something like the following:

!
! Refuses loose/strict source routed packets
!
no ip source-route
!
interface Serial0
ip address A.B.C.254 255.255.255.0
ip access-g 100 in
ip access-g 101 out

... 

! access list for incoming packets
! should fix most of the new attacks when a spoofed packet
! is trying to come from the outside with a source address
! from our network which is impossible.
!
no access-list 100
!
! Rejects our own addresses C-Class A.B.C.0/24
!
access-list 100 deny ip  A.B.C.0 0.0.0.255 any
!
! Rejects EPITA B-Class 163.5.0.0/16
!
access-list 100 deny ip  163.5.0.0 0.0.255.255 any
!
! Rejects special addresses
!
access-list 100 deny ip  127.0.0.0 0.255.255.255 any
!
! RFC-1918 IANA reserved A/B/C classes
! A-Class 10.0.0.0/8
!
access-list 100 deny ip  10.0.0.0 0.255.255.255 any
!
! B-Classes 172.16.0.0/12
!
access-list 100 deny ip  172.16.0.0 0.15.255.255 any
!
! C-Classes 192.168.0.0/16
!
access-list 100 deny ip  192.168.0.0 0.0.255.255 any
!
! Accepts the rest
!
access-list 100 permit ip any A.B.C.0 0.0.0.255

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #11: Thu Jun 13 11:01:47 MET DST 1996