Most firewalls should block ICMP requests to them, so how do you know that your router or server has layer-2 connectivity to one? It’s pretty elementary, actually, but I’ve found that not a lot of people know this trick. If you ping the firewall, it will receive the ICMP packet and drop it per...
Monthly Archives: September 2007
Filtering Outbound Traffic
I’ve seen a thousand firewalls in my time, and nearly all of them are poorly configured. The biggest culprit? No outbound filtering. I guess a lot of people think that firewalls are there to protect the network from the Internet, but that’s only part of it. The firewall is to protect every segment from...
HSRP Interface Tracking
Remember the article on router-on-a-stick? And the one on HSRP? Let’s add to that example network, shall we? Let’s make those routers into edge routers so they connect your internal network to the Internet with some size circuit. Let’s just say they each terminate DS3s to different providers. Here’s our network now (I’m experimenting...
SNMP v3 is Easy!
I finally got around to looking into SNMP v3 and was shocked at how easy it actually is. When I first looked up info on it so many moons ago, I saw table after tables of views and privilege levels and thought I would have to put in a billion hours getting it customized....
Ideas That Seems Good At the Time
When I started in IT, I tried to get my gear as standardized as possible to impress everyone. I worked at it and worked at it until I realized that there were a handful of things that sound good but just won’t work. If you’re just getting started in the field, you may not...
Setting Up SSH on IOS Devices
By default, most Cisco IOS devices come configured to be accessed via telnet. This is probably fine for your house, but I really cringe when I run across corporate networks that use telnet to access the devices. Telnet is old and out-dated and can be very dangerous. It’s in plain-text, which means that anyone...
Recent Comments