CompTIA
Exam Vouchers
Save money on CompTIA exams
| Question of the day
Sign up to receive
interactive practice questions
for MCSE, CompTIA
Cisco and other exams
| TestKing
Get MCSE, MCSD, CCNA, CCNP,A+, N+ and many more | * ExamSheets *
Guide for Success!
Actual Questions & Answers
MCSE, MCSD, A+ ,CCNA, CCNP
Oracle 8i, Oracle 9i Online practice tests
Certification sites Online university Online college Online education Distance learning Software forum Server administration forum Programming resources
|
|  |
Pages (2): [1] 2 »
Cobby
Senior Member
Registered: Oct 2001
Location: Las Vegas
Country: United States
State:
Certifications: MCSE, CCNP, CCDA, NACC Fiber installer, Solaris 7 Admin
Working on: BS, CCIE Lab!!!
Total Posts: 107
|
|
 Null int?
Does anyone pipe out ICMP to a null int as opposed to creating just a specific access list to block scans?
Just wondering what is the most preferred method.
__________________
Best Regards
Systems Administrator
Jay
CCNP, CCDA, MCSE
IEEE #41463614
Well informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value.
- Editorial in the Boston Post (1865)
Report this post to a moderator
|
|
 04-09-02 06:10 AM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
I can't think of any time where I've used null interfaces to filter traffic instead of an ACL. An ACL is more granular and it's easier for me to do all my filtering in one place rather than send some traffic to null and filter the rest of the stuff I can't catch by rerouting it.
I think you'd have to be pushing a whole lot of packets to ever find an advantage using a null interface, but I've never taken the time to accurately measure.
MadChef
Report this post to a moderator
|
|
|
04-09-02 10:41 AM
|
|
Cobby
Senior Member
Registered: Oct 2001
Location: Las Vegas
Country: United States
State:
Certifications: MCSE, CCNP, CCDA, NACC Fiber installer, Solaris 7 Admin
Working on: BS, CCIE Lab!!!
Total Posts: 107
|
|
|
Error messages
I was told that using a null int for ICMP could leave the individual with no echo response. <icmp protocol denied>
Therefore someone scans your network and echo's go to the big bit bucket in the sky.
That's the theory anyhow I have not yet tested it out.
__________________
Best Regards
Systems Administrator
Jay
CCNP, CCDA, MCSE
IEEE #41463614
Well informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value.
- Editorial in the Boston Post (1865)
Report this post to a moderator
|
|
|
04-09-02 03:04 PM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
Re: Error messages
quote:
Originally posted by Cobby
Therefore someone scans your network and echo's go to the big bit bucket in the sky.
That's the theory anyhow I have not yet tested it out.
Wouldn't you achieve the same result by not permitting icmp to leave your network?
Seems a lot easier than matching all icmp and setting the next hop as /dev/null.
MC
Report this post to a moderator
|
|
|
04-09-02 05:35 PM
|
|
Cobby
Senior Member
Registered: Oct 2001
Location: Las Vegas
Country: United States
State:
Certifications: MCSE, CCNP, CCDA, NACC Fiber installer, Solaris 7 Admin
Working on: BS, CCIE Lab!!!
Total Posts: 107
|
|
|
Good Point
Actually I was advised to do just that.
When I tried it our proprietary trading software bonked saying the trade server was offline.
Sorry I did not point that out earlier.
__________________
Best Regards
Systems Administrator
Jay
CCNP, CCDA, MCSE
IEEE #41463614
Well informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value.
- Editorial in the Boston Post (1865)
Report this post to a moderator
|
|
|
04-09-02 05:57 PM
|
|
doctorcisco
Senior Member
Registered: Dec 2000
Location: Chicago Burbs
Country: USA
State: IL
Certifications:
Working on: Everything there is
Total Posts: 370
|
|
|
Re: Re: Error messages
quote:
Originally posted by MadChef
Wouldn't you achieve the same result by not permitting icmp to leave your network?
Seems a lot easier than matching all icmp and setting the next hop as /dev/null.
MC
Just an off-the-wall question: If you kill off ICMP with an inbound access list, wouldn't the sender get back an "administratively denied" ICMP message? And if you routed the stuff to Null0, he'd get back nothing? I've never done what the original poster is talking about, but this occurs to me as a possible advantage ...
doc
__________________
Silicon ... just fancy sand.
Report this post to a moderator
|
|
|
04-09-02 10:41 PM
|
|
Cobby
Senior Member
Registered: Oct 2001
Location: Las Vegas
Country: United States
State:
Certifications: MCSE, CCNP, CCDA, NACC Fiber installer, Solaris 7 Admin
Working on: BS, CCIE Lab!!!
Total Posts: 107
|
|
|
Hey Doc
Yea!
That's the benefit of sending ICMP to null0.
The person scanning your network gets no response.
But I have only heard this in theory and have never tried it.
So I was seeking someone who had and could share their results.
I will implement this on a test router this weekend at work and post the config/acl and result.
I work for a trading company that is unoccupied on the weekend and could make good use of this security implementation.
__________________
Best Regards
Systems Administrator
Jay
CCNP, CCDA, MCSE
IEEE #41463614
Well informed people know it is impossible to transmit the voice over wires and that were it possible to do so, the thing would be of no practical value.
- Editorial in the Boston Post (1865)
Report this post to a moderator
|
|
|
04-10-02 01:44 AM
|
|
kbani
Member
Registered: Dec 2001
Location:
Country: United States
State:
Certifications: MCDBA,MCSE, MCP+I, CCNA, CCDA, CCDP,CCNP, CCA, CNE
Working on: CCIE
Total Posts: 39
|
|
|
|
04-10-02 02:39 AM
|
|
MadChef
A Huge Fake
Registered: Sep 2000
Location:
Country: USA
State:
Certifications:
Working on: A Sex Farm
Total Posts: 1426
|
|
|
Re: Re: Re: Error messages
quote:
Originally posted by doctorcisco
Just an off-the-wall question: If you kill off ICMP with an inbound access list, wouldn't the sender get back an "administratively denied" ICMP message?
Yes. And if you denied outbound like I said in my post, they wouldn't. 
MC
Report this post to a moderator
|
|
|
04-10-02 10:55 AM
|
|
Yeti-GBR1
A Complete Twit
Registered: Oct 2000
Location: Yeti Town, Yetiville, UK
Country: UK
State:
Certifications: Too many to list.
Working on: Getting a real life outside IT.
Total Posts: 1105
|
|
|
|
04-10-02 11:00 AM
|
|
|
Cisco exam notes
Forum Rules:
Who Can Read The Forum? Any registered user or guest.
Who Can Post New Topics? Any registered user.
Who Can Post Replies? Any registered user.
Changes: Messages can be edited by their author.
Posts: HTML code is OFF. Smilies are ON. vB code is ON. [IMG] code is ON. |
|
ExamNotes forum archive
|
