Protecting Your Cisco Router From Ping Attacks

Skip ad
208 Views

  • Thanks! Share it with your friends!

    You disliked this video. Thanks for the feedback!

admin
Published
Protecting Your Cisco Router From Pings
In a previous article Securing A Cisco Router: The Basics, I mentioned that one of my clients was using a Cisco router connected to the internet and my concern since they were not using a firewall. I showed them how quickly their router was located on the net and the ensuing pokes and prods from various people, applications and bots. In that same article I also shared that I suggested that they use a firewall, but they countered with all sorts of reasons why that was not feasible for them.
In this article I want to share a configuration change that I suggested to them in lieu of a firewall. Of course nothing is a proper substitute than having a real firewall, but sometimes we need to make due with what we have. There are quite a few documents out there explaining how to harden your router. This specific one protects you from ICMP attacks or ping flooding.
My client did not want to block pings all together since they use ping as part of troubleshooting and monitoring. I originally suggested a simple access list to only allow their management stations IP address but soon realized that this wouldn’t work in their environment. For example, they explained that sometimes they ping from home after hours or from their phones which makes the IP address fairly random.
I showed them that they can limit the ping rate that the router will accept and suggested we test it to make sure it works as advertised.
In the video below, I used hrping from www.cfos.de to ping the router excessively. Microsoft pings with a 1 second interval but with hrping, I can go as low as 1 millisecond. The Cisco commands I used are:
access-list 111 permit icmp any any echo
access-list 111 permit icmp any any echo-reply
interface GigabitEthernet0/1
rate-limit input access-group 111 22000 22000 22000 conform-action transmit exceed-action drop
I used Cisco counters, Wireshark and simple observation to see the impact of the configuration and it seemed to work just fine.
As with all configuration changes, I suggested that they monitor the routers memory and CPU load to ensure that this change doesn’t have a negative impact on performance.



Lovemytool Blog: http://www.lovemytool.com/blog/tony-fortunato/
Network Computing Blog: http://www.networkcomputing.com/author-bio.asp?author_id=2332
Garland Technology Blog: http://www.garlandtechnology.com/blog/author/tony-fortunato
Youtube Channel: http://www.youtube.com/user/thetechfirm
NEW: http://www.thetechfirm.tv
Google Plus: http://plus.google.com/+Thetechfirmplus
Network Computing Articles: http://tinyurl.com/h8orh26
Category
Routers and Switches
Be the first to comment