Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 24 Jun 1996 13:43:56 +0200 (MET DST)
From:      Ollivier Robert <roberto@keltia.freenix.fr>
To:        jkh@time.cdrom.com (Jordan K. Hubbard)
Cc:        guido@gvr.win.tue.nl, hackers@FreeBSD.org, security@FreeBSD.org, ache@FreeBSD.org
Subject:   Re: I need help on this one - please help me track this guy down!
Message-ID:  <199606241143.NAA09908@keltia.freenix.fr>
In-Reply-To: <10326.835597770@time.cdrom.com> from "Jordan K. Hubbard" at "Jun 23, 96 11:29:30 pm"
next in thread | previous in thread | raw e-mail | index | archive | help 
It seems that Jordan K. Hubbard said:
> How do you install such things on a cisco 2500? :-) Seriously, if
> there's a way then I can get someone from cisco to help me out, but I
> first need to know that it's even a reasonable request.

If you  use Serial0 for  the  Internet and  A.B.C.0/24 in your internal
network, use something like the following:

!
! Refuses loose/strict source routed packets
!
no ip source-route
!
interface Serial0
ip address A.B.C.254 255.255.255.0
ip access-g 100 in
ip access-g 101 out

... 

! access list for incoming packets
! should fix most of the new attacks when a spoofed packet
! is trying to come from the outside with a source address
! from our network which is impossible.
!
no access-list 100
!
! Rejects our own addresses C-Class A.B.C.0/24
!
access-list 100 deny ip  A.B.C.0 0.0.0.255 any
!
! Rejects EPITA B-Class 163.5.0.0/16
!
access-list 100 deny ip  163.5.0.0 0.0.255.255 any
!
! Rejects special addresses
!
access-list 100 deny ip  127.0.0.0 0.255.255.255 any
!
! RFC-1918 IANA reserved A/B/C classes
! A-Class 10.0.0.0/8
!
access-list 100 deny ip  10.0.0.0 0.255.255.255 any
!
! B-Classes 172.16.0.0/12
!
access-list 100 deny ip  172.16.0.0 0.15.255.255 any
!
! C-Classes 192.168.0.0/16
!
access-list 100 deny ip  192.168.0.0 0.0.255.255 any
!
! Accepts the rest
!
access-list 100 permit ip any A.B.C.0 0.0.0.255

-- 
Ollivier ROBERT    -=- The daemon is FREE! -=-    roberto@keltia.freenix.fr
FreeBSD keltia.freenix.fr 2.2-CURRENT #11: Thu Jun 13 11:01:47 MET DST 1996

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199606241143.NAA09908>