When a
machine is infected, the attacker can take complete control over the system and has full
access as if they were a local user. Depending on the version, an attacker will try to exploit
TCP ports 1243, 2773, 6711, 6712, 6713, 6776, 7000, 7215, 16959, 27374, 27573, and
54283.
Refer to Figure 5-12 for the network topology upon which the following con?¬?gurations
are based.
Edge(config-if)#ip access-group 152 in Takes all access list lines
that are de?¬?ned as being
part of group 152 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#interface fastethernet 0/1 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 152 in Takes all access list lines
that are de?¬?ned as being
part of group 152 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
Edge(config)#access-list 153 deny tcp any any
eq 1243 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 1243, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 2773 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 2773, and
logs any instance in which
this statement was used
Mitigating Dedicated DoS Attacks with ACLs 119
Edge(config)#access-list 153 deny tcp any any
range 6711 6713 log
Denies any TCP traf?¬?c
from any network from
going to any network
through ports 6711??“6713,
and logs any instance in
which this statement was
used
Edge(config)#access-list 153 deny tcp any any
eq 6776 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 6776, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 7000 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 7000, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 7215 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 7215, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 16959 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 16959, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 27374 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 27374, and
logs any instance in which
this statement was used
120 Mitigating Dedicated DoS Attacks with ACLs
Edge(config)#access-list 153 deny tcp any any
eq 27573 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 27573, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 deny tcp any any
eq 54283 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 54283, and
logs any instance in which
this statement was used
Edge(config)#access-list 153 permit ip any any Allows all other traf?¬?c
through
Edge(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 153 in Takes all access list lines
that are de?¬?ned as being
part of group 153 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#interface fastethernet 0/1 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 153 in Takes all access list lines
that are de?¬?ned as being
part of group 153 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
Con?¬?guring an SSH Server for Secure Management and Reporting 121
Con?¬?guring an SSH Server for Secure Management and Reporting
You should use SSH instead of Telnet to manage your Cisco routers whenever possible.
Pages:
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113