876 router access-list black hole

Hello, I use the 876 router at a number of sites and have a basic firewall configured on them with a second firewall behind.

ISTM that when the access-list on the 876 is set to deny and a connection comes in the router replies with TCP RESET or otherwise immediately closes the socket.

My firewall behind blackholes everything that is not allowed, it just leaves the connection request hanging.

So if I run a port scan with nmap (to the firewall) I see all the ports that are blocked by the 876 as closed. And all the ports that are blocked by the firewall as filtered. This is more information than I want to give away. More importantly it greatly speeds up the time that a port scan takes for a potential attacker.

Is there a way to configure the 876 to blackhole everything that is denied by the access list on the internet side.

Reply to
Stuart Gall
Loading thread data ...

On the external interface use:

no ip unreachable

Reply to

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.