For a good list of what to block inbound on your serial interfaces, see Rob Thomas' excellent Secure IOS Config page: http://www.cymru.com/~robt/Docs/Articles/secure-ios-template.html
See access-list 2010 specifically. Lots of other great tips and tweaks in there as well. Only things to be sure to add to this list of RFC1918 & unallocated IP space are your own internal IP's (which should never appear inbound at your edge interfaces...) , and of course the all important PERMIT IP ANY ANY at the end of the list if you don't want to take your net down. ;-) also see the SANS site for the top 20 (or whatever) ports to block with Cisco routers. Layered defense is a beautiful thing. Take advantage of ACL's. HTH, Joe >>> Jon Vandiveer <[EMAIL PROTECTED]> 11/29/01 10:57AM >>> Securing Cisco Routers http://www.cisco.com/warp/public/707/21.html http://www.cisco.com/warp/public/707/3.html http://www.cisco.com/warp/public/707/4.html You should block RFC 1918 addresses at your perimeter routers. I used to have a list of the reserved addresses, but cannot find them right now. Multicast and broadcast should be blocked, unless needed for some reason. Jon Date: Wed, 28 Nov 2001 19:10:59 +0530 From: Mohan Sundar <[EMAIL PROTECTED]> Subject: How to block Spoofing ?? Hi All, I have seen many IP addreess tried to establish connection with my network, I came to know this from my firewall log but these are not really from Original hosts. I feel somebody is spoofing the IP and attacking my network.. hence I would like to block this spoofing, Is anybody know how to block this spoofing? and IS there any special software available to identify spoofing? I feel the spoofing option provided by checkpoint is not effective.. Since it can block pockets which arrives to external NIC with Private IP/LocalNet IP addresses only... Any input regarding Spoofing is appreciated.. Thanks & regards, MOHi Jon Vandiveer [EMAIL PROTECTED] "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759. rm -rf /bin/laden =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html =============================================== =============================================== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ===============================================
