nanog mailing list archives
Re: Sample CISCO Border Router Config
From: Valdis.Kletnieks () vt edu
Date: Wed, 21 Feb 2001 10:35:46 -0500
On Wed, 21 Feb 2001 09:15:53 EST, "Kenneth D. Paquette" <ken () btv ibm com> said:
NANOG or one of the firewall lists, but figured I would start here first. I believe is a link into the SANS institute, but can't find it
http://www.sans.org/dosstep/index.htm might be what you wanted? It's not a complete list of what to do, but it's a start. I believe Phil Benchoff (one of my co-workers) did the Cisco stuff for that. Note that Phil is actually more fascist than that - not only do we do egress filtering on *every* interface on *every* router, we also do *ingress* filtering as well. If we see a packet coming in from the outside world with a source address in one of our 2 /16s, it gets nuked. This of course relies on the fact that we're basically a leaf site with no transit traffic, and there "should not be" a path from an on-campus host off campus and back to another on-campus host. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Attachment:
_bin
Description:
Current thread:
- Sample CISCO Border Router Config Kenneth D. Paquette (Feb 24)
- Re: Sample CISCO Border Router Config Valdis . Kletnieks (Feb 24)
- <Possible follow-ups>
- RE: Sample CISCO Border Router Config Mark Borchers (Feb 24)
- RE: Sample CISCO Border Router Config Steve Smith (Feb 24)