Use vro technology to prevent malicious Network Attacks

Currently, the vro technology has been very well developed. So I have studied how to use the vro technology to prevent malicious cyberattacks. I would like to share with you here and hope it will be useful to you. In addition to ADSL dial-up Internet access, residential broadband Internet access is also a common Internet access method. If you use residential broadband Internet access, Do you think vro technology is just an Internet tool? Otherwise, you can take advantage of your vro to prevent hacker attacks. Let's take a look at it.

Objective: To restrict external computers from connecting to ports 23 (telnet), 80 (www), and 3128 of the host 192.168.0.1 in the community. Premise: the interface connecting the Router to the internal network is Ethernet0/1. After each command is run, press Enter. Refer to the Cisco Route.

Step 1 Select Run from the Start Menu. In the displayed dialog box, enter "cmd" and press Enter. After the window appears, connect to the vrotelnet at the prompt. The Instruction format is "telnet vrotelnet IP Address ". When the screen requires entering the telnet password ("Login" is displayed on most routers), enter the password and confirm it is correct, and then enter the command enable, on the screen, enable password is required. Tip: These two passwords are generally provided by the router technology manufacturer or dealer. You can call them to query them.

Step 2 enter the command Router # configure termihal to enter the vro configuration mode. You can only set the vro in this mode.

Step 3 enter the configuration mode and enter the command Router (config) # access-list 101 deny tcp any host 192.168.0.1 eq telnet. This command sets the access list ), this command rejects any requests from the host whose IP address is 192.168.0.1 that belong to Port 23 (telnet.

Step 4 enter the Router (config) # aecess-list 101 deny tcp any host 192.168.0.1 eq www command to reject port 80 (www) from any address to the host whose IP address is 192.168.0.1).

Step 5 the last thing to deny is access from any address to the host with the IP address 192.168.0.1 belonging to port 3128, which requires entering the command Router (config) # access list 101 deny tcp any host 192.168.0.1 eq 3128.

Step 6: We have configured the expected access list. However, to allow access from all other IP addresses, we also need to enter the Router (config) # aceess-list 101 permit ip any to allow other access requests.

However, to enable the router technology to execute the access list we have made, we also need to add this list to the Interface Check Program. The specific operations are as follows. Enter the command Router (config) # interface eO/1 to enter interface ethernet 0/1, and then enter the command Router (config-if) # ip access-group 101 out implements the access list on this interface. In this way, any TCP packet to exit the interface must be checked by this access list rule, that is, from anywhere on the host whose IP address is 192.168.0.1, port) all access requests belonging to telnet (23), www (80), and 3128 are rejected. Finally, input the write command to set the write STARTUP configuration.

In this way, your host is much more secure. Although only a few common ports are prohibited, it can shut down a lot of people who are prank. In addition, if you see any port that may be attacked or has a vulnerability, you can use the above method to block the vulnerability.