Router(Config)# no access-list 106 Router(Config)# access-list 106 permit tcp any 192.168.0.0 0.0.0.255 established Router(Config)# access-list 106 deny ip any any log Router(Config)# interface eth 0/2 Router(Config-if)# description “external Ethernet” Router(Config-if)# ip address 192.168.1.254 255.255.255.0 Router(Config-if)# ip access-group 106 in
Router(Config)# ip tcp intercept list 107 Router(Config)# access-list 107 permit tcp any 192.168.0.0 0.0.0.255 Router(Config)# access-list 107 deny ip any any log Router(Config)# interface eth0 Router(Config)# ip access-group 107 in
! outbound ICMP Control Router(Config)# access-list 110 deny icmp any any echo log Router(Config)# access-list 110 deny icmp any any redirect log Router(Config)# access-list 110 deny icmp any any mask-request log Router(Config)# access-list 110 permit icmp any any ! Inbound ICMP Control Router(Config)# access-list 111 permit icmp any any echo Router(Config)# access-list 111 permit icmp any any Parameter-problem Router(Config)# access-list 111 permit icmp any any packet-too-big Router(Config)# access-list 111 permit icmp any any source-quench Router(Config)# access-list 111 deny icmp any any log
rate-limit output access-group 2020 128000 8000 9000 conform-action transmit exceed-action drop access-list 2020 permit icmp any any echo-reply
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesTcpipParameters]
"TcpMaxSendFree"=
echo "set noexec_user_stack=1" >> /etc/system echo "set noexec_user_stack_log=1" >> /etc/system
access-list 101 deny 53 any any access-list 101 deny 55 any any access-list 101 deny 77 any any access-list 101 permit ip any any
interface eth 0 ip access-group 101 in
- The end -
网络安全资料列表
原文始发于微信公众号(计算机与网络安全):网络安全应急响应:拒绝服务类攻击抑制
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论