一个可以对防范冲击波病毒有很大作用的ACL
最近奥运临近很多公司都对网络安全性要求很高,往往要求在路由接入设备上做一些ACL访问控制,例如我们可以在路由上限制冲击波病毒所涉及到的端口。下面我们分别以华为和海蜘蛛得路由为例讨论下怎么在路由通过ACL来限制冲击波1.华为ACL设置
acl name deny_virus advanced match-order auto
rule 0 deny udp destination-port eq tftp
rule 1 deny udp destination-port eq 135
rule 2 deny tcp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny tcp destination-port eq 137
rule 5 deny udp destination-port eq netbios-dgm
rule 6 deny tcp destination-port eq 138
rule 7 deny udp destination-port eq netbios-ssn
rule 8 deny tcp destination-port eq 139
rule 9 deny tcp destination-port eq 445
rule 10 deny tcp destination-port eq 4444
rule 11 deny tcp destination-port eq 4445
rule 12 deny tcp destination-port eq 15000
rule 13 permit ip
2.海蜘蛛路由ACL设置
设置海蜘蛛路由上得ACL转发规则,首先丢弃135-139端口
http://img701.photo.wangyou.com/2008/08/07/1844806/20080807120417_0_2.jpg
拒绝445,4444,4445,15000端口
http://img701.photo.wangyou.com/2008/08/07/1844806/20080807120417_1_2.jpg
保存应用规则
http://img701.photo.wangyou.com/2008/08/07/1844806/20080807120417_2_2.jpg
页:
[1]