Matthew Lange [EMAIL PROTECTED] writes:
* Implement blackhole routing on the Internet interface, using the Bogon
list[3]
Actually, I would put static bogon lists in the common but bad
advice section, right there with turning off ICMP (sorry, RobT!).
Why? Well, except for certain networks
On Monday 07 May 2007 15:34, Pete Templin wrote:
True, but distribute lists can be more powerful.
I'm curious... in what way distribute lists would be more
flexible than prefix lists (perhaps I've been using prefix lists
far too long). Might you have an example?
Mark.
pgpCvKhHhboKl.pgp
Joel--
You might also consider adding the following:
* Run your configuration through the Router Auditing Tool[1], from CIS.
This tool audits the configuration to the NSA's Router Configuration
Guide[2]
* Implement blackhole routing on the Internet interface, using the Bogon
list[3]
*
On Sunday 06 May 2007 21:43, Mark Tinka wrote:
* recommend the use of IP prefix lists as opposed to
distribute lists; the former are more cumbersome.
s/former/latter
Mark.
pgpChl7X6X9tn.pgp
Description: PGP signature
___
cisco-nsp mailing list
On Sunday 06 May 2007 03:39, Joel M Snyder wrote:
Any and all feedback is welcome!
Very good paper!
On point 12a (page 27), though:
* recommend the use of IP prefix lists as opposed to distribute
lists; the former are more cumbersome.
* I'm personally very wary of route-flap dampening, in
Folks:
I got asked yesterday to write a 45 minute lecture--due Monday!--on how to
increase security of your network with Cisco routers and switches.
I threw some slides together and would welcome any feedback. My slides are due
on Monday, so if you want to dive in and take a look, Sunday
