After reading this message it brought to mind the default steps I take whenever a new router is configured for our network. Here's the list of the stuff I do which I got from the hardening cisco routers book. What do you guys think? Should there be anything else? I also try to run ssh on any router that can support it.
GLOBAL CONFIG no service finger no service pad no service udp-small-servers no service tcp-small-servers service password-encryption service tcp-keepalives-in service tcp-keepalives-out no cdp run no ip bootp server no ip http server no ip finger no ip source-route no ip gratuitous-arps END GLOBAL CONFIG Per Interface Config no ip redirects no ip proxy-arp no ip unreachables no ip directed-broadcast no ip mask-reply ip cef END Per Interface Config > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:cisco-nsp- > [EMAIL PROTECTED] On Behalf Of Eric Cables > Sent: Friday, March 21, 2008 2:13 PM > To: cisco-nsp@puck.nether.net > Subject: [c-nsp] Proxy ARP -- To disable, or not to disable.. > > A recent network audit has discovered that Proxy ARP is enabled on > pretty > much every L3 interface in the network. As a Cisco default, this isn't > surprising, since no template configs have it disabled. > > The question is: whether or not I should go back and disable it, or > just > leave it be, since it doesn't appear to be causing any problems. > > Any feedback would be appreciated. > > -- > Eric Cables > _______________________________________________ > cisco-nsp mailing list cisco-nsp@puck.nether.net > https://puck.nether.net/mailman/listinfo/cisco-nsp > archive at http://puck.nether.net/pipermail/cisco-nsp/ _______________________________________________ cisco-nsp mailing list cisco-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/