Sample CISCO Border Router Config

• Previous message (by thread): Sample CISCO Border Router Config
• Next message (by thread): [philou at safe-host.net: Re: Network for Sale]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 21 Feb 2001 09:15:53 EST, "Kenneth D. Paquette" <ken at btv.ibm.com>  said:

> NANOG or one of the firewall lists, but figured I would start here 
> first.  I believe is a link into the SANS institute, but can't find it

http://www.sans.org/dosstep/index.htm might be what you wanted?

It's not a complete list of what to do, but it's a start.  I believe Phil
Benchoff (one of my co-workers) did the Cisco stuff for that.  Note that
Phil is actually more fascist than that - not only do we do egress filtering
on *every* interface on *every* router, we also do *ingress* filtering as well.
If we see a packet coming in from the outside world with a source address
in one of our 2 /16s, it gets nuked.  This of course relies on the fact that
we're basically a leaf site with no transit traffic, and there "should not be"
a path from an on-campus host off campus and back to another on-campus host.

-- 
				Valdis Kletnieks
				Operating Systems Analyst
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20010221/0c69760a/attachment.sig>

• Previous message (by thread): Sample CISCO Border Router Config
• Next message (by thread): [philou at safe-host.net: Re: Network for Sale]
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]