Home > Others

Solve the Problem of Cisco router ACL spoofing attacks

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Before giving you a detailed introduction to the Cisco router ACL, first let everyone know about the ACL, and then give a full introduction to the mask to block the scam attack. Wildcard-mask wildcard mask in the Cisco router ACL Access Control List ).

Brief: The wildcard mask (or anti-mask) used in the router is used together with the source or target address to identify the matched address range. The Cisco router ACL wildcard mask tells the router to check the number of bits in the IP address to determine a match. This address mask allows us to use only two 32-bit numbers to determine I... hotspot: Ctrix, HP, EMC, CIW, Oracle, Comptia, IBM, Certification, Exams, Questions, Bootcamp, Braindumps-TestInside

The wildcard mask (or anti-mask) used in the router is used together with the source or target address to identify the matched address range. The wildcard mask tells the router to check the number of bits in the IP address to determine the matching. This address mask allows us to use only two 32-bit numbers to determine the IP address range. If the mask is not used, we must add each IP address to a separate access list statement.

This will cause a lot of extra input and a lot of extra processing processes on the router. In the access list, set one of the wildcard masks to 1, indicating that the corresponding bit in the IP address can be 1 and 0. This bit is also called an "irrelevant" bit. If the mask bit is set to 0, the corresponding bit in the IP address must be exactly matched. The following describes the mask of the Cisco router ACL. For example, if the anti-mask is 0.0.0.0, 192.168.0.1 represents an IP address of 192.168.0.1.

The anti-mask values are 0 and must be matched. If the anti-mask is 192.168.0.1 with 255.255.255.255, all IP addresses are in the range. All anti-masks are 1 and do not need to be matched.) If the anti-mask is 0.0.255, 192.168.0.1 represents 192.168.0.1-255. The range of anti-mask 255.255.255.0 is converted to the binary format of 255.255.255..255.255..111111, that is, the first 16 bits need to be matched, and only the last eight BITs do not need to be matched.) The wildcard mask detector can be downloaded at http://www.boson.com/freeutilities.html.

The order in which the Cisco router ACL is executed: from top down, if a packet encounters a matching statement, it will stop executing the subsequent statement. When writing the ACL, you must follow the principle of writing the statements with the most accurate match. Only in this way can you ensure that useless ACL statements do not appear. When using a vro to connect to the internet and ACL, We Need To Block inbound traffic from internal IP addresses to block spoofing attacks. That is

Deny10.0.0.00.00000000255
Deny172.16.0.00.15.255.255
Deny192.168.0.00.0.0000255
Deny127.0.0.00.00000000255

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
acl cisco how to solve canon printer problem types of ddos attacks wifi router authentication problem what is definition of spoofing how to solve authentication problem in wifi connection continued rise of ddos attacks

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More