From owner-freebsd-isp Thu Jan 9 18:15:48 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C32A37B50D for ; Thu, 9 Jan 2003 18:15:46 -0800 (PST) Received: from blue.centerone.com (blue.centerone.com [204.133.183.111]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9131B43E4A for ; Thu, 9 Jan 2003 18:15:45 -0800 (PST) (envelope-from rf-list@centerone.com) Received: from DELIVERANCE-XP.centerone.com (ppp-168-253-9-193.den1.ip.ricochet.net [168.253.9.193]) by blue.centerone.com (8.9.3/8.9.3) with ESMTP id TAA26480; Thu, 9 Jan 2003 19:30:56 -0700 Message-Id: <5.1.0.14.2.20030109190409.0126adb0@mail.centerone.com> X-Sender: rf-list@mail.centerone.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Thu, 09 Jan 2003 19:07:13 -0700 To: Andrew Karjagin , freebsd-isp@FreeBSD.ORG From: Ralph Forsythe Subject: Re: access-list from scan In-Reply-To: <20030109093941.13735.qmail@flock1.newmail.ru> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: quoted-printable Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Check the Cisco support site. ACL's can be used to stop scans, but it's a manual thing - you need to know= =20 where they are coming from, then modify your ACL to block them. A router=20 does not do Intrusion Detection. The ACL's in them are rudimentary. FYI I do not know what kind of connection you're running into the 7200, or= =20 what feeds into the Cisco's behind them, but no scan should stop a router -= =20 by that I mean the router should be fully capable of handling the speed of= =20 the traffic allowed by it's interfaces. If your routers are being DoS'd,=20 make sure you are running current levels of IOS on all of them. It's not=20 uncommon for Cisco to put security fixes in code revisions. -rf At 12:39 PM 1/9/2003 +0300, Andrew Karjagin wrote: >Hello! >I have a four class C networks behind a Cisco 7206. That networks=20 >processed by some smaller cisco routers and FreeBSD servers. Sometimes I=20 >have a problem with scanning my networks from other hosts. Some smaller=20 >cisco routers stop work. Freebsd servers stop the scanning by portsentry=20 >program and it work Ok! >Question: Where can I find resources/sites with docs about configuring=20 >access-list on Cisco, that can help me to stop the scanning of my networks= =20 >on main Cisco 7206? Is that possible to stop scan and other attacks on=20 >Cisco by using access-list or I have to use another features/progs? >Thank you very much for help! > >__________ >www.newmail.ru -- =EE=CF=D7=C1=D1 =F0=CF=DE=D4=C1: =D7=D3=C5 =D0=CF =CE=CF= =D7=CF=CD=D5. > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message