视频1 视频21 视频41 视频61 视频文章1 视频文章21 视频文章41 视频文章61 推荐1 推荐3 推荐5 推荐7 推荐9 推荐11 推荐13 推荐15 推荐17 推荐19 推荐21 推荐23 推荐25 推荐27 推荐29 推荐31 推荐33 推荐35 推荐37 推荐39 推荐41 推荐43 推荐45 推荐47 推荐49 关键词1 关键词101 关键词201 关键词301 关键词401 关键词501 关键词601 关键词701 关键词801 关键词901 关键词1001 关键词1101 关键词1201 关键词1301 关键词1401 关键词1501 关键词1601 关键词1701 关键词1801 关键词1901 视频扩展1 视频扩展6 视频扩展11 视频扩展16 文章1 文章201 文章401 文章601 文章801 文章1001 资讯1 资讯501 资讯1001 资讯1501 标签1 标签501 标签1001 关键词1 关键词501 关键词1001 关键词1501 专题2001
CISCO防御冲击波方法
2020-11-09 08:11:55 责编:小采
文档
点击下载本文 文档为doc格式

! --- block TFTP access-list 115 deny udp any any eq 69 ! --- block W32.Blaster related protocols access-list 115 deny tcp any any eq 135 access-list 115 deny udp any any eq 135 ! --- block other vulnerable MS protocols access-list 115 deny

! --- block TFTP

access-list 115 deny udp any any eq 69

! --- block W32.Blaster related protocols

access-list 115 deny tcp any any eq 135

access-list 115 deny udp any any eq 135

! --- block other vulnerable MS protocols

access-list 115 deny udp any any eq 137

access-list 115 deny udp any any eq 138

access-list 115 deny tcp any any eq 139

access-list 115 deny udp any any eq 139

access-list 115 deny tcp any any eq 445

access-list 115 deny tcp any any eq 593

! --- block remote access due to W32.Blaster

access-list 115 deny tcp any any eq 4444

! --- Allow all other traffic -- insert

! --- other existing access-list entries here

access-list 115 permit ip any any

interface

ip access-group 115 in

ip access-group 115 out

另外,阻止非法地址的命令是:

Router(config)# interface

Router(if-config)# no ip unreachables

如果此命令不能禁止,可参考下面这个命令:

Elab(config)# ip icmp rate-limit unreachable

VACL on the CatOS

! --- block TFTP

set security acl ip BLASTER deny udp any any eq 69

! --- block vulnerable MS protocols

! --- Blaster related

set security acl ip BLASTER deny tcp any any eq 135

set security acl ip BLASTER deny udp any any eq 135

! --- Non-blaster related

set security acl ip BLASTER deny tcp any any eq 137

set security acl ip BLASTER deny udp any any eq 137

set security acl ip BLASTER deny tcp any any eq 138

set security acl ip BLASTER deny udp any any eq 138

set security acl ip BLASTER deny tcp any any eq 139

set security acl ip BLASTER deny udp any any eq 139

set security acl ip BLASTER deny tcp any any eq 593

! --- block remote access due to W32.Blaster

set security acl ip BLASTER deny tcp any any eq 4444

! --- Allow all other traffic

! --- insert other existing access-list entries here

set security acl ip BLASTER permit any any

! -- applies both inbound and outbound

commit security acl BLASTER

set security acl map BLASTER

PIX

access-list acl_inside deny udp any any eq 69

access-list acl_inside deny tcp any any eq 135

access-list acl_inside deny udp any any eq 135

access-list acl_inside deny tcp any any eq 137

access-list acl_inside deny udp any any eq 137

access-list acl_inside deny tcp any any eq 138

access-list acl_inside deny udp any any eq 138

access-list acl_inside deny tcp any any eq 139

access-list acl_inside deny udp any any eq 139

access-list acl_inside deny tcp any any eq 445

access-list acl_inside deny tcp any any eq 593

access-list acl_inside deny tcp any any eq 4444

! --- insert previously configured acl statements here,

! --- or permit all other traffic out

access-list acl_inside permit ip any any

access-group acl_inside in interface inside

下载本文
显示全文
专题
动视 51dongshi.net 版权所有
Copyright © 2019-2025