Description
This article is from the Firewalls
FAQ, by Matt Curtin cmcurtin@interhack.net and Marcus J. Ranum
mjr@nfr.com with numerous contributions by others.
27 Explanations (filtering rules for a Cisco)
* Drop all source-routed packets. Source routing can be used for address
spoofing.
* Drop directed broadcasts, which are used in smurf attacks.
* If an incoming packet claims to be from a local net, loopback network,
or private network, drop it.
* All packets which are part of already established TCP-connections can
pass through without further checking.
* All connections to low port numbers are blocked except SMTP and DNS.
* Block all services that listen for TCP connections on high port
numbers. X-windows (port 6000+), OpenWindows (port 2000+) are a few
candidates. NFS (port 2049) runs usually over UDP, but it can be run
over TCP, so you should block it.
* Incoming connections from port 20 into high port numbers are supposed
to be FTP data connections.
* Access-list 2 limits access to router itself (telnet & SNMP)
* All UDP traffic is blocked to protect RPC services
Continue to:
Share and Enjoy
Bookmark this story so others can enjoy it:
Tags
security, Internet, firewalls, ssl, port, protection, application layer, proxy server, packet screening, filtering rules, viruses, terms
