点击下载
本文文档

当前位置：首页 - 科技 - 知识百科 - 正文

CISCO防御冲击波方法

来源：动视网责编：小采时间：2020-11-09 08:11:55

CISCO防御冲击波方法

CISCO防御冲击波方法:! --- block TFTP access-list 115 deny udp any any eq 69 ! --- block W32.Blaster related protocols access-list 115 deny tcp any any eq 135 access-list 115 deny udp any any eq 135 ! --- block other vulnerable MS protocols access-list 115 deny

推荐度：

点击下载本文 文档为doc格式

导读CISCO防御冲击波方法:! --- block TFTP access-list 115 deny udp any any eq 69 ! --- block W32.Blaster related protocols access-list 115 deny tcp any any eq 135 access-list 115 deny udp any any eq 135 ! --- block other vulnerable MS protocols access-list 115 deny

! --- block TFTP access-list 115 deny udp any any eq 69 ! --- block W32.Blaster related protocols access-list 115 deny tcp any any eq 135 access-list 115 deny udp any any eq 135 ! --- block other vulnerable MS protocols access-list 115 deny

! --- block TFTP

access-list 115 deny udp any any eq 69

! --- block W32.Blaster related protocols

access-list 115 deny tcp any any eq 135

access-list 115 deny udp any any eq 135

! --- block other vulnerable MS protocols

access-list 115 deny udp any any eq 137

access-list 115 deny udp any any eq 138

access-list 115 deny tcp any any eq 139

access-list 115 deny udp any any eq 139

access-list 115 deny tcp any any eq 445

access-list 115 deny tcp any any eq 593

! --- block remote access due to W32.Blaster

access-list 115 deny tcp any any eq 4444

! --- Allow all other traffic -- insert

! --- other existing access-list entries here

access-list 115 permit ip any any

interface

ip access-group 115 in

ip access-group 115 out

另外，阻止非法地址的命令是:

Router(config)# interface

Router(if-config)# no ip unreachables

如果此命令不能禁止，可参考下面这个命令:

Elab(config)# ip icmp rate-limit unreachable

VACL on the CatOS

! --- block TFTP

set security acl ip BLASTER deny udp any any eq 69

! --- block vulnerable MS protocols

! --- Blaster related

set security acl ip BLASTER deny tcp any any eq 135

set security acl ip BLASTER deny udp any any eq 135

! --- Non-blaster related

set security acl ip BLASTER deny tcp any any eq 137

set security acl ip BLASTER deny udp any any eq 137

set security acl ip BLASTER deny tcp any any eq 138

set security acl ip BLASTER deny udp any any eq 138

set security acl ip BLASTER deny tcp any any eq 139

set security acl ip BLASTER deny udp any any eq 139

set security acl ip BLASTER deny tcp any any eq 593

! --- block remote access due to W32.Blaster

set security acl ip BLASTER deny tcp any any eq 4444

! --- Allow all other traffic

! --- insert other existing access-list entries here

set security acl ip BLASTER permit any any

! -- applies both inbound and outbound

commit security acl BLASTER

set security acl map BLASTER

PIX

access-list acl_inside deny udp any any eq 69

access-list acl_inside deny tcp any any eq 135

access-list acl_inside deny udp any any eq 135

access-list acl_inside deny tcp any any eq 137

access-list acl_inside deny udp any any eq 137

access-list acl_inside deny tcp any any eq 138

access-list acl_inside deny udp any any eq 138

access-list acl_inside deny tcp any any eq 139

access-list acl_inside deny udp any any eq 139

access-list acl_inside deny tcp any any eq 445

access-list acl_inside deny tcp any any eq 593

access-list acl_inside deny tcp any any eq 4444

! --- insert previously configured acl statements here,

! --- or permit all other traffic out

access-list acl_inside permit ip any any

access-group acl_inside in interface inside

CISCO防御冲击波方法

推荐度：

点击下载本文 文档为doc格式

标签：方法防御 ---

热门焦点

CISCO防御冲击波方法

CISCO防御冲击波方法

CISCO防御冲击波方法

最新推荐

猜你喜欢

热门推荐