876 router access-list black hole

Discussion in 'Cisco' started by Stuart Gall, Oct 6, 2010.

  1. Stuart Gall

    Stuart Gall Guest

    Hello,
    I use the 876 router at a number of sites and have a basic firewall
    configured on them with a second firewall behind.

    ISTM that when the access-list on the 876 is set to deny and a
    connection comes in the router replies with TCP RESET or otherwise
    immediately closes the socket.

    My firewall behind blackholes everything that is not allowed, it just
    leaves the connection request hanging.

    So if I run a port scan with nmap (to the firewall) I see all the ports
    that are blocked by the 876 as closed. And all the ports that are
    blocked by the firewall as filtered.
    This is more information than I want to give away. More importantly it
    greatly speeds up the time that a port scan takes for a potential
    attacker.

    Is there a way to configure the 876 to blackhole everything that is
    denied by the access list on the internet side.
     
    Stuart Gall, Oct 6, 2010
    #1
    1. Advertisements

  2. Stuart Gall

    Rob Guest

    On the external interface use:

    no ip unreachable
     
    Rob, Oct 6, 2010
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.