Archive for the 'Access-Lists' Category

Static NAT overloaded???

Wednesday, July 27th, 2011

So we have already looked at all 3 possible NAT configurations, however there is one more trick that is always useful to know. How to overload a Static NAT. Let’s assume the following for this example We have 2 public IP addresses ( & The IP address on the outside interface has been configured [...]

Configuring PAT on Cisco Routers (NAT Overload)

Wednesday, July 20th, 2011

PAT (Port Address Translation) is by far the most common implementation of NAT, and if you have an ADSL router at home there is a 100% chance you are using it. PAT or otherwise known as NAT overload, allows you to translate IP addresses in a many-to-one method. In my previous post on Configuring Dynamic [...]

Configuring Dynamic NAT on Cisco Routers

Friday, July 15th, 2011

In my last post Configuring Static NAT on Cisco Routers we saw how you can translate 1 IP address into another single IP address. This tutorial will cover how to translate many IP addresses into many IP addresses, otherwise referred to as many-to-many translation. Dynamic NAT allows us to translate many IP addresses into a [...]

Configuring Basic ISDN with Interesting Traffic

Tuesday, August 25th, 2009

When configuring ISDN with interesting traffic, it’s important to first understand how Cisco defines ‘interesting’ and what this means in terms of the connection been formed. Interesting traffic is traffic that we define in the form of an access-list that is allowed to cause the ISDN to dial. This does NOT mean it is the [...]

DoS TCP SYN Attack Mitigation

Friday, August 21st, 2009

TCP SYN flooding is often used in conjunction with IP spoofing. The main aim of a TCP SYN flood is to send a TCP SYN packet to a host inside your network from a spoofed IP address. The TCP SYN ACK is then sent to a machine that is not expecting one, or a machine [...]

Mitigating SubSeven attacks

Thursday, August 20th, 2009

SubSeven – aka: Sub7 and Sub7Server is a backdoor program, in the form of a Trojan, used mostly for causing trouble on computer networks. It can be used for simple attacks such as hiding the mouse cursor and opening applications, but it can also be used for more serious attacks including retrieving all your personal [...]

Mitigating Smurf DoS Attacks

Tuesday, August 18th, 2009

Before looking at how to mitigate a Smurf attack, let’s first understand what it is and why it’s such a problem.   A Smurf works on a weakness of IP and ICMP by sending an ICMP packet to the broadcast address of a network. For example, I could send an ICMP (Ping packet) to every [...]

IP Address Spoofing Mitigation with Access Control Lists (ACL)

Monday, August 17th, 2009

IP spoofing is the act of camouflaging your IP address to make it look like you are someone else. Although IP spoofing is not an attack by itself, it is the starting point of many of the most common attacks found on today’s networks.   Most, but not all, of the spoofing attacks that take [...]

Restricting access to VTY (Virtual Terminal Lines)

Friday, August 14th, 2009

One of the first and most important things to configure on any Cisco device after allowing telnet or SSH, is to restrict who is allowed to access the device. Of course having a password on the lines is the first step but if telnet is the method of communication, all passwords will be sent over [...]

Introduction to ACLs (Access Control List)

Thursday, August 13th, 2009

Before looking into the configuration of ACL (Access Control Lists), it’s important to get some of the concepts and understanding of how they work and what they are used for. Firstly, most people believe that ACL’s are used purely for denying or allowing traffic, although this is certainly one of the functions of a ACL [...]