址数据包流出。比如:在对外接口上,设置如下策略,拒绝10.0.0.00、192.168.0. 0、172.16.0.0等私网地址数据包的进入。Router(config)# access-list 100 deny ip 192.168.10.0 0.0.0.255 any logRouter(config)# access-list 100 deny ip 127.0.0.0 0.255.255.255 any logRouter(config)# access-list 100 deny ip 10.0.0.0 0.255.255.255 any logRouter(config)# access-list 100 deny ip 0.0.0.0 0.255.255.255 any logRouter(config)# access-list 100 deny ip 172.16.0.0 0.15.255.255 any logRouter(config)# access-list 100 deny ip 192.168.0.0 0.0.255.255 any logRouter(config)# access-list 100 deny ip 192.0.2.0 0.0.0.255 any log
A、防范源路由攻击(Source Routing Attacks)
B、防范IP地址欺骗式攻击(IP Address Spoofing Attacks)
C、防范Ping of Death
D、防范特洛伊木马攻击(Trojan horse)