This article lists the main guidelines for the management of tcp / ip services in routers Cisco. These commands are valid for the Cisco 800 Series 1, Cisco 1800 Series 2, Cisco 1900 Series 3, Cisco 2900 Series and most other no service tcp-small-servers – Closes access to some services of tcp, which allow hosts on the network to query Chargen, Echo, Daytime and Discard port. By default, all servers in the tcp service Chargen, Echo, Daytime and Discard active. If you turn them off, then, upon request, to port cisco ios in response sends TCP-packet 'RESET' and refuse to handle incoming data packet. no service udp-small-servers – Closes access to some services udp, which allows the network to query uschlam Chargen, Echo, Daytime and Discard port.
By default, udp in terms of services, Echo, Discard, Chargen, and Daytime activate. all the servers for udp services Chargen, Echo, Daytime and Discard active. If you turn them off, then, upon request, to port cisco ios in response sends UDP-package 'RESET' and refuse to handle the incoming data packet. no service finger – Disables requests for finger-protocol (which is defined in rfc 742) by blocking requests remote users to the network. no ip domain-lookup – Prevents transmission of dns names in the perimeter router to a separate IP-address. no ip source-route – Turn off the source of IP-routing. no ip tcp selective-ack – Turns selective (selective) confirmation of tcp (see rfc 2018) no ip bootp server – Disables BOOTP-service (protocol start bootstrap (Bootstrap Protocol)) to the host.
no mop enable – Disables protocol work mop (Maintenance Operation Protocol – the protocol operations support), in addition, applies to a specific interface. no cdp run – Disables Cisco Dicovery Protocol. no ip rsh-enable – Configure the router so that remote users can not execute rsh commands on the device. no ip rcmd rep-enable – Configure the router so that remote users can not copy files in the router and it with the command rcp. no ip identd – Disable support for identification, it blocks the return of information that identifies the TCP-port. no ip proxy-arp – Disable the proxy service arp (Address Resolution Protocol – Address Resolution Protocol) for specified interface. no ip redirects – Disable sending messages with a redirection command, when the funds Cisco ios software this package in the interface on which it was obtained. Limits the data sent by the router for port scanning. no ip tcp path-mtu-dicovery – Turns the service Path mtu Discovery for all future tcp connection to the router on this interface. The absence of such a ban increases the likelihood of successful attacks, coupled with the blocking service. no ip unreachable – Disables the generation of icmp Unreachable messages for that interface. no ip route-cache – disable caching data autonomous switching and / or fast switching for routing ip. no ip mroute-cache – (enabled by default.) Turn off fast switching group ip, sending packets to the process level. Required for processing access lists and save debug messages. no cdp enable – Disables cdp (Cisco Discovery Protocol) for this interface. no ip directed-broadcast – (enabled by default.) Turns managed multicast ip, which provides the prohibition of using the router as a broadcast amplifier for attacks with the purpose to block the service.