Configuring Stealth Mode - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual
Secure router
Hide thumbs
Also See for ProCurve Secure Router 7203 dl:
- Configuration manual (1114 pages) ,
- Reference manual (1455 pages) ,
- Product end-of-life disassembly instructions (2 pages)
Table of Contents
Advertisement
ProCurve Secure Router OS Firewall—Protecting the Internal, Trusted Network
does not process traffic that it immediately forwards through the interface on
which the traffic was received. It assumes that the traffic is from a trusted
source.
Router 1
Eth 0/1
Destination:
10.2.2.253 /24
Figure 4-5. Reflexive Traffic
If you want the Secure Router OS firewall to process traffic sent from a
primary subnet to a secondary subnet on the same interface, you must enable
the reflexive-traffic check. When you enable this check, the Secure Router OS
firewall will screen reflexive traffic for attacks.
If your organizations uses ACPs to control access for local networks, you
should enable checks on reflexive traffic, even if the router does not need to
check for attacks. The firewall must be active in order to enforce an ACP on
an interface.
Enter the following command:
ProCurve(config)# ip firewall check reflexive
Configuring Stealth Mode
Attackers can detect the ports that you have closed on a router using port
scanners. The port scanners attempts to initiate a TCP session on all ports.
Typically, the router would reply with an RST packet when a port is closed. In
this way, the hacker can map out closed ports and, inversely, open ports.
The ProCurve Secure Router can conceal closed ports from port scanners by
refusing to send RST packets. You enable this function with this global
configuration mode command:
ProCurve(config)# ip firewall stealth
Stealth mode is disabled by default.
Hub
10.2.2.253
10.1.1.1 /24
Default gateway:
10.1.1.254
Configuring Attack Checking
Router 2
Eth 0/1
10.1.1.254 /24
10.2.2.254 /24
4-17
Advertisement
Chapters
Table of Contents
Troubleshooting
