HostedDB - Dedicated UNIX Servers
index_65
UNCLASSIFIED Implementing Security on Cisco Routers  Version 1.0g  UNCLASSIFIED 65   Ethernet0/1      14.2.9.250     YES NVRAM  up           up Ethernet0/2      unassigned     YES unset  down         down Ethernet0/3      unassigned     YES unset  down         down Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# interface eth 0/0 Central(config-if)# no ip proxy-arp Central(config-if)# exit Central(config)# interface eth 0/1 Central(config-if)# no ip proxy-arp Central(config-if)# exit Central(config)# interface eth 0/2 Central(config-if)# no ip proxy-arp Central(config-if)# exit Central(config)# interface eth 0/3 Central(config-if)# no ip proxy-arp Central(config-if)# end Central#                           IP Directed Broadcast and Subnet-zero Support Directed broadcasts permit a host on one LAN segment to initiate a physical broadcast on a different LAN segment.  This technique was used in some old denial- of-service attacks, and the default Cisco IOS configuration is to reject directed broadcasts.  Explicitly disable directed broadcasts on each interface using the interface configuration command  no ip directed-broadcast . IP subnets with an address of 0 are illegal and strongly discouraged in the IP standard.  For example, a network with an address of 14.2.0.0/24 has a subnet address of 0 in the third octet.  The default Cisco IOS configuration is to reject subnet-zero packets.  Explicitly prohibit such packets using the no ip subnet-zero command. IP Classless Routing By default, a Cisco router will make an attempt to route almost any IP packet.  If a packet arrives addressed to a subnet of a network that has no default network route, then IOS will, with IP classless routing, forward the packet along the best available route to a supernet of the addressed subnet.  This feature is often not needed.  On routers where IP classless routing is not needed, disable it as shown below. Central# config t Enter configuration commands, one per line.  End with CNTL/Z. Central(config)# no ip classless Central(config)# exit IP Unreachables, Redirects, Mask Replies The Internet Control Message Protocol (ICMP) supports IP traffic by relaying information about paths, routes, and network conditions.  Cisco routers automatically