RE: Protecting your router.

From: Wiley, Rob (
Date: 07/24/02

From: "Wiley, Rob" <>
To: "' '" <>
Date: Wed, 24 Jul 2002 12:44:12 -0400

Here's an option ...Serial/FrameRelay -to-Ethernet bridge.

Tierra (sp?) Networks makes a box that terminates HDLC/FrameRelay/PPP
connections and converts the frames to ethernet. Works similar to an inverse
multiplexer (I/MUX).

---ISP----{Serial frame}--[TierraBox]---{Ethernet frame}--[Router].

You could place an inline ethernet tap before the router and plug a IDS
there. That way you are seeing packets before your ingress filters kick in.

This works for Multlink (MPP/FrameRelay for example)connections as well.

 Rob Wiley
 Rob Wiley
 Sr.Data Communications Engineer

-----Original Message-----
Sent: 7/24/2002 10:40 AM
Subject: RE: Protecting your router.


  In my opinion, something on your net will always have to be exposed.
Generally, that's the router. Some people will say to not worry about
routers, only worry about your hosts, but I disagree. Security deals
Confidentiality, Integrity, but also Availability. If a hacker can
down your router, then you are a sinking ship (I would assume) as your
is no longer available to your customers. While the attacks may be
negligible, you need to decide: Do I want to know who's knocking on my
proverbial (network) door? (then you need to figure out what you're
to do about it, but that's another email).

Here are a couple of suggestions:

Assuming Cisco, there is a FWIOS that contains LIMITED IDS
Looks for about 59 known IDS signatures. Not what I would recommend for
your hosts, but it's a start. is
great write-up for hardening (again assuming a vendor type) a cisco
there was also another by Brett K. and Variable out on the Phrack web
that I couldn't find my stored URL.

Now, would I redesign my entire configuration to have full service IDS
my border router? Probably not, but the above will provide due
on your part that you have a reasonable position of security for that

My $.02, you asked, I gave! :-)

Dustin Howard, CISSP
Manager, Network Engineering & Operations

Original Message:
From: Chris
Date: Mon, 22 Jul 2002 19:40:42 -0700
Subject: Protecting your router.

I was just curious on how others with IDS setup on their network protect
their routers. My setup is similar to this:

T1 > Router > Firewall Appliance > IDS Appliance.

Not quite sure on any products (haven't seen any) that will take a line
right off the CSU/DSU and perform pass-through with it and still filter
traffic. If I am being to vague just ask what I mean! Thanks in

Thank You,

Chris D.
Network Security
Mendo Link, LLC

"An Ounce Of Prevention Is Worth A Pound Of Cure."
Om Namo Narayanaya

mail2web - Check your email from the web at .