hiya,

> What do you suggest
> me to do, I mean , How can I check the integrity of my router and how can
> secure it more. Any leads to where I can find any information or direct
> help will be deeply appreciated.     

try adding logging statements to the access-lists & send the logs back to
a syslog server somewhere within your network. & make sure you're 
accounting access-violations. examples of cisco config...

interface Ethernet0
 ip address 192.168.1.1 255.255.255.0
 ip access-group 102 in
 ip access-group 103 out
 no ip directed-broadcast
 ip accounting access-violations

interface Serial0
 ip address 172.16.1.1 255.255.255.0
 ip access-group 101 in
 no ip directed-broadcast
 ip accounting access-violations

logging trap debugging
logging facility local3
logging 192.168.50.3

access-list 101 deny   ip 172.16.0.0 0.0.255.255 any log
access-list 101 deny   ip any host 172.16.1.1 log
etc...

that way you'll see info like the following for those access-lists you log:
Mar  4 12:42:31 foo.example.com 5118: %SEC-6-IPACCESSLOGP: list 101 denied udp 
172.16.3.2(1680) -> 
172.16.1.1(1680), 1 packet

for more info on securing cisco routers see:
http://www.cisco.com/univercd/cc/td/doc/cisintwk/ics/cs003.htm
http://www.phrack.com/search.phtml?view&article=p55-10

hope this helps,
pauline

Pauline van Winsen, Senior Technical Consultant      [EMAIL PROTECTED]
eServ Pty Ltd                 http://www.eserv.com.au/people/pauline.html      
"One important point often overlooked is that colours should be selected
so that they will not clash with your own personal colouring. After all,
you will be living in the house & each room must provide a suitable
background for you."
                Home decorating - Introduction, Woman's World, circa 1964.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to