For some larger networks, encountered illegal ME60 attack is often the things, it also requires us to be able to resist some attacks, but it is the main and the router performance andconfiguration, this paper introduces some common means of attack and defense methods.
One, to prevent external ICMP redirect deception
1, the attacker will sometimes use ICMP redirect redirect on the router, the informationshould be sent to the correct redirect the target to which the specified device, so as to obtain useful information.
2, no external users to use ICMP to redirect the command: interface serial0 no IP redirects.
Two, to prevent external source route spoofing
1, source routing refers to as the datagram routing using the data link layer information. The technology spans the routing information in network layer, so that the internal network canspecify an illegal datagram routing, so that the original should be sent to the datagram will belegitimate destination are sent to the specified address.
2, the prohibition of the use of source routing command: no IP source-route.
Three, to prevent the theft of the internal IP address
1, the attacker may embezzle the internal IP address illegal access. To solve this problem,can use the spirit of router ARP commands to a fixed IP address is bound to a MAC address.
To prevent the theft of the internal IP address command: ARP fixed IP address and MAC address arpa.
Four, Prevent Smurf, in the source site
1, to prevent Smurf from the source site, the key is to stop all inward echo request. This willprevent the router will point to the network broadcast address broadcast address is mapped to the local area network communication.
2, in the LAN interface mode and enter the following command: no IP directed-broadcast
Five, to close the router without service
The router can provides the path selection, it is a server, and can provide some useful service. Breach of these services router operation may become the enemy attack, for security reasons, the best off these services.
After the above settings, security settings, we can complete a router, it will increase the security of the network, but in some cases also will affect the network performance, such asspeed, this will be specifically to AR2204 see our network environment.