Date: Mon, 24 Jun 1996 13:43:56 +0200 (MET DST) From: Ollivier Robert <roberto@keltia.freenix.fr> To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org Subject: Re: I need help on this one - please help me track this guy down! Message-ID: <199606241143.NAA09908@keltia.freenix.fr> In-Reply-To: <10326.835597770@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 23, 96 11:29:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
It seems that Jordan K. Hubbard said: > How do you install such things on a cisco 2500? :-) Seriously, if > there's a way then I can get someone from cisco to help me out, but I > first need to know that it's even a reasonable request. If you use Serial0 for the Internet and A.B.C.0/24 in your internal network, use something like the following: ! ! Refuses loose/strict source routed packets ! no ip source-route ! interface Serial0 ip address A.B.C.254 255.255.255.0 ip access-g 100 in ip access-g 101 out ... ! access list for incoming packets ! should fix most of the new attacks when a spoofed packet ! is trying to come from the outside with a source address ! from our network which is impossible. ! no access-list 100 ! ! Rejects our own addresses C-Class A.B.C.0/24 ! access-list 100 deny ip A.B.C.0 0.0.0.255 any ! ! Rejects EPITA B-Class 163.5.0.0/16 ! access-list 100 deny ip 163.5.0.0 0.0.255.255 any ! ! Rejects special addresses ! access-list 100 deny ip 127.0.0.0 0.255.255.255 any ! ! RFC-1918 IANA reserved A/B/C classes ! A-Class 10.0.0.0/8 ! access-list 100 deny ip 10.0.0.0 0.255.255.255 any ! ! B-Classes 172.16.0.0/12 ! access-list 100 deny ip 172.16.0.0 0.15.255.255 any ! ! C-Classes 192.168.0.0/16 ! access-list 100 deny ip 192.168.0.0 0.0.255.255 any ! ! Accepts the rest ! access-list 100 permit ip any A.B.C.0 0.0.0.255 -- Ollivier ROBERT -=- The daemon is FREE! -=- roberto@keltia.freenix.fr FreeBSD keltia.freenix.fr 2.2-CURRENT #11: Thu Jun 13 11:01:47 MET DST 1996
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606241143.NAA09908>