You cannot see this page without javascript.

진주성 블로그 방문하기

보안 route access-list

2017.10.30 23:05

구피천사 조회 수:591

route access-list

 

Ingress Filtering

Engress Filtering

Watch Mode

Intercept Mode

 

  • 라우터 사용모드
User EXEC 모드
Privileged EXEC 모드
Global Configuration 모드
Other Configuration 모드

 

  • password 설정
Router> enable
Router# configure terminal
Router(config)# enable password XXXXX # 평문 저장
Router(config)# enable secret XXXXX   # 암호화 저장
Router(config)# 
Router(config)# ^Z
Router#

 

  • ACL 설정
Router> enable
Router# configure terminal
Router(config)# no access-list 5   # 5번 삭제
Router(config)# access-list 5 permit host 192.168.1.2
Router(config)# access-list 5 permit host 192.168.1.3
Router(config)# access-list 5 deny any
Router(config)# ^Z
Router# sh access-list 5   # 5번 확인
Standard IP access list 5
      permit 192.168.1.2
      permit 192.168.1.2
      deny any
Router#

 

  • 211.1.1.0/24 대역사용할때
Land Attack 차단
access-list 101 deny ip 211.1.1.0 0.0.0.255 any

 

ip access-group access-lister-number { in|out}

%% access-list access-list-number { permit | deny } protocol source source-wildcard [port] destination destination-wildcard [port] [ established] [log]

 

Ingress Filtering
access-list 101 deny ip host 0.0.0.0 any

 

Egress Filtering 
interface x/y
ip access-group 110 out
access-list 110 permit ip 211.1.1.0 0.0.0.255 any
access-list 110 permit ip 211.1.2.0 0.0.0.255 any
access-list 110. deny ip any any

 

  • Null 라우팅 설정
interface Null0
no ip unreachables
ip route 211.1.1.0 0.0.0.255 Null0

 

  • Buffered Logging 설정
logging on
logging buffered 16000 debugging
service timestamp log date msec local show-timezone

 

  • snmp access-list 설정
no access-list 20
access-list 20 permit host 192.168.x.x
access-list 20 deny any
snmp-server community public ro 20

 

 

 

  • Unicast RPF

>enable

#conf t

(config) # interface FastEthernet 0/0

(config-if) # ip verify unicast reverse-path

(config-if) # end

번호 제목 날짜 조회 수
44 BCP 2017.11.01 589
43 암호학 2017.11.01 816
42 개인정보 2017.11.01 75
41 VPN 2017.11.01 5141
40 보안관제 file 2017.11.01 4767
39 IPv4, IPv6 2017.11.01 108
38 HTTP Header 2017.11.01 112
37 아파치 웹서버 보안설정 file 2017.11.01 3419
36 ICMP 2017.11.01 1051
35 Dos 공격유형 및 차단 2017.11.03 721
34 ftp 보안 취약점및 대책 2017.11.05 541
33 디지털 포렌직 조사의 일반원칙 2017.11.07 92
32 악성코드의 종류 2017.11.07 383
31 쉘쇼크(Shellshock) 2017.11.07 120
30 접근통제 참조모델 2017.11.07 143
29 IoT 보안 2017.11.08 87
28 정보통신망법 2017.11.09 97
27 국제공통 평가 기준 표준 (CC:Common Criteria) 2017.11.09 250
26 전자서명법 - 공인인증서 2017.11.09 104
25 개인정보 보호법 2017.11.09 97
진주성 블로그 방문하기
CLOSE