Date: Fri, 10 Jan 2003 00:29:30 -0600 From: Chris Cook <ccook@tcworks.net> To: Ralph Forsythe <rf-list@centerone.com> Cc: Andrew Karjagin <Andrew.Karjagin@newmail.ru>, freebsd-isp@FreeBSD.ORG Subject: OFF TOPIC Re: access-list from scan Message-ID: <3E1E684A.85704C56@tcworks.net> References: <5.1.0.14.2.20030109190409.0126adb0@mail.centerone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Ralph Forsythe wrote: > > Check the Cisco support site. > > ACL's can be used to stop scans, but it's a manual thing - you need to know > where they are coming from, then modify your ACL to block them. A router > does not do Intrusion Detection. The ACL's in them are rudimentary. > > FYI I do not know what kind of connection you're running into the 7200, or > what feeds into the Cisco's behind them, but no scan should stop a router - > by that I mean the router should be fully capable of handling the speed of > the traffic allowed by it's interfaces. If your routers are being DoS'd, > make sure you are running current levels of IOS on all of them. It's not > uncommon for Cisco to put security fixes in code revisions. You are quite incorrect, there are many versions of IDS (Intrustion Detection Software) and IOS enhancements available for Cisco products starting at even 800 series routers. http://www.cisco.com/warp/public/732/Tech/security/intrusion/ Look for the IOS version like so: IP Plus/FW/IDS Now let's please stop this thread or move it to a Cisco list. -- Chris o----< ccook@tcworks.net >------------------------------------o |Chris Cook - Admin |TCWORKS.NET - http://www.tcworks.net | |The Computer Works ISP |FreeBSD - http://www.freebsd.org | o-------------------------------------------------------------o To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E1E684A.85704C56>