To block dictionary attack on Cisco routing and switching devices we can use login block- for command.
By using this command we can block for ‘x’ seconds after failed ‘y’ logins are tried within ‘z’ seconds.
The following example shows how block login access for 100 seconds after 4 failed login attempts within 20 seconds:
login block-for 100 attempts 4 within 20
During this block period all types of login attempts( Telnet, SSH, and HTTP) are denied.
But it is possible to exclude IP address for this blocking.
Ex: Exclude 192.168.1.0 Network (C Class)
login quiet-mode access-class 10
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
Tuesday, April 28, 2009
Block Dictionary Attack on Cisco
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment