Router#sh run Building configuration... Current configuration : 10969 bytes ! ! ! ! version 12.4 no service pad service timestamps debug datetime msec localtime show-timezone service timestamps log datetime msec localtime show-timezone service password-encryption service sequence-numbers ! hostname Router ! boot-start-marker boot-end-marker ! logging buffered 4096 logging console critical ! aaa new-model ! ! aaa authentication login xxxxx local aaa authorization exec default local ! ! aaa session-id common memory-size iomem 25 clock timezone UTC 18 30 clock summer-time utc recurring 1 Sun Apr 2:00 last Sun Oct 2:00 no ip subnet-zero no ip source-route no ip gratuitous-arps ip tcp window-size 750000 ! ! ip cef ! ! no ip bootp server ip domain name xxxxx ip name-server xxxxx ip name-server xxxxx ip name-server xxxxx ip name-server xxxxx ! multilink bundle-name authenticated ! ! voice-card 0 no dspfarm ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! class-map match-any vpn-policy-van match protocol ipsec match access-group name vpn-vancouver class-map match-any p2p match access-group name p2p-share match protocol kazaa2 match protocol fasttrack match protocol gnutella match protocol napster match protocol vdolive class-map match-all internet-traffic match access-group name int-traffic class-map match-all icmp-rate-limit match access-group name icmp-rate-limit ! ! policy-map int-input-policy class internet-traffic set ip dscp default class vpn-policy-van set ip dscp ef class class-default set ip dscp default policy-map vpn-output-policy class icmp-rate-limit bandwidth 8 class p2p drop class vpn-policy-van set ip dscp ef bandwidth 2992 shape peak 3968000 class class-default shape peak 3968000 fair-queue random-detect set ip dscp default ! ! ! ! ! ! ! interface Null0 no ip unreachables ! interface Multilink1 bandwidth 3968 ip address xxxxx 255.255.255.252 ip access-group secure-inbound in ip verify unicast reverse-path no ip redirects no ip proxy-arp ip accounting output-packets ip route-cache flow load-interval 30 no cdp enable ppp multilink ppp multilink group 1 ppp multilink fragment disable max-reserved-bandwidth 95 service-policy input int-input-policy service-policy output vpn-output-policy ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address xxxxx 255.255.255.192 no ip redirects no ip proxy-arp ip route-cache flow load-interval 30 duplex full speed 100 no cdp enable service-policy output vpn-output-policy ! interface Serial0/0/0 bandwidth 1984 no ip address ip access-group secure-inbound in ip verify unicast reverse-path no ip redirects no ip proxy-arp ip accounting output-packets encapsulation ppp ip route-cache flow load-interval 30 no cdp enable ppp multilink ppp multilink group 1 max-reserved-bandwidth 95 ! interface Serial0/1/0 bandwidth 1984 no ip address ip access-group secure-inbound in ip verify unicast reverse-path no ip redirects no ip proxy-arp ip accounting output-packets encapsulation ppp ip route-cache flow load-interval 30 no cdp enable ppp multilink ppp multilink group 1 max-reserved-bandwidth 95 ! ip route 0.0.0.0 0.0.0.0 xxxxx ip route 0.0.0.0 0.0.0.0 Null0 255 ip route 10.0.0.0 255.0.0.0 Null0 ip route 172.16.0.0 255.240.0.0 Null0 ip route 192.168.0.0 255.255.0.0 Null0 ! ! no ip http server no ip http secure-server ip nat pool pivopool xxxxx xxxxx netmask 255.255.255.192 ip nat inside source list 20 pool pivopool overload ! ip access-list extended icmp-rate-limit permit icmp any any echo-reply ip access-list extended int-traffic permit ip host xxxxx any permit ip any host xxxxx ip access-list extended p2p-share permit tcp any any eq 6699 ip access-list extended secure-inbound remark * denying TRINOO DDOS systems deny tcp any any eq 27665 deny tcp any any eq 31335 deny tcp any any eq 27444 remark * Stacheldraht DDOS system deny tcp any any eq 16660 deny tcp any any eq 65000 remark * TrinityV3 system deny tcp any any eq 33270 deny tcp any any eq 39168 remark * Subseven DDOS system and variants deny tcp any any range 6711 6712 deny tcp any any eq 6776 deny tcp any any eq 6669 deny tcp any any eq 2222 deny tcp any any eq 7000 deny ip host 0.0.0.0 any deny ip 1.0.0.0 0.255.255.255 any deny ip 2.0.0.0 0.255.255.255 any deny ip 5.0.0.0 0.255.255.255 any deny ip 7.0.0.0 0.255.255.255 any deny ip 10.0.0.0 0.255.255.255 any deny ip 23.0.0.0 0.255.255.255 any deny ip 27.0.0.0 0.255.255.255 any deny ip 31.0.0.0 0.255.255.255 any deny ip 36.0.0.0 0.255.255.255 any deny ip 37.0.0.0 0.255.255.255 any deny ip 39.0.0.0 0.255.255.255 any deny ip 41.0.0.0 0.255.255.255 any deny ip 42.0.0.0 0.255.255.255 any deny ip 49.0.0.0 0.255.255.255 any deny ip 50.0.0.0 0.255.255.255 any deny ip 73.0.0.0 0.255.255.255 any deny ip 74.0.0.0 0.255.255.255 any deny ip 75.0.0.0 0.255.255.255 any deny ip 76.0.0.0 0.255.255.255 any deny ip 77.0.0.0 0.255.255.255 any deny ip 78.0.0.0 0.255.255.255 any deny ip 79.0.0.0 0.255.255.255 any deny ip 89.0.0.0 0.255.255.255 any deny ip 90.0.0.0 0.255.255.255 any deny ip 91.0.0.0 0.255.255.255 any deny ip 92.0.0.0 0.255.255.255 any deny ip 93.0.0.0 0.255.255.255 any deny ip 94.0.0.0 0.255.255.255 any deny ip 95.0.0.0 0.255.255.255 any deny ip 96.0.0.0 0.255.255.255 any deny ip 97.0.0.0 0.255.255.255 any deny ip 98.0.0.0 0.255.255.255 any deny ip 99.0.0.0 0.255.255.255 any deny ip 100.0.0.0 0.255.255.255 any deny ip 101.0.0.0 0.255.255.255 any deny ip 102.0.0.0 0.255.255.255 any deny ip 103.0.0.0 0.255.255.255 any deny ip 104.0.0.0 0.255.255.255 any deny ip 105.0.0.0 0.255.255.255 any deny ip 106.0.0.0 0.255.255.255 any deny ip 107.0.0.0 0.255.255.255 any deny ip 108.0.0.0 0.255.255.255 any deny ip 109.0.0.0 0.255.255.255 any deny ip 110.0.0.0 0.255.255.255 any deny ip 111.0.0.0 0.255.255.255 any deny ip 112.0.0.0 0.255.255.255 any deny ip 113.0.0.0 0.255.255.255 any deny ip 114.0.0.0 0.255.255.255 any deny ip 115.0.0.0 0.255.255.255 any deny ip 116.0.0.0 0.255.255.255 any deny ip 117.0.0.0 0.255.255.255 any deny ip 118.0.0.0 0.255.255.255 any deny ip 119.0.0.0 0.255.255.255 any deny ip 120.0.0.0 0.255.255.255 any deny ip 121.0.0.0 0.255.255.255 any deny ip 122.0.0.0 0.255.255.255 any deny ip 123.0.0.0 0.255.255.255 any deny ip 124.0.0.0 0.255.255.255 any deny ip 125.0.0.0 0.255.255.255 any deny ip 126.0.0.0 0.255.255.255 any deny ip 127.0.0.0 0.255.255.255 any deny ip 169.254.0.0 0.0.255.255 any deny ip 172.16.0.0 0.15.255.255 any deny ip 173.0.0.0 0.255.255.255 any deny ip 174.0.0.0 0.255.255.255 any deny ip 175.0.0.0 0.255.255.255 any deny ip 176.0.0.0 0.255.255.255 any deny ip 177.0.0.0 0.255.255.255 any deny ip 178.0.0.0 0.255.255.255 any deny ip 179.0.0.0 0.255.255.255 any deny ip 180.0.0.0 0.255.255.255 any deny ip 181.0.0.0 0.255.255.255 any deny ip 182.0.0.0 0.255.255.255 any deny ip 183.0.0.0 0.255.255.255 any deny ip 184.0.0.0 0.255.255.255 any deny ip 185.0.0.0 0.255.255.255 any deny ip 186.0.0.0 0.255.255.255 any deny ip 187.0.0.0 0.255.255.255 any deny ip 189.0.0.0 0.255.255.255 any deny ip 190.0.0.0 0.255.255.255 any deny ip 192.0.2.0 0.0.0.255 any deny ip 192.168.0.0 0.0.255.255 any deny ip 197.0.0.0 0.255.255.255 any deny ip 223.0.0.0 0.255.255.255 any deny ip 224.0.0.0 31.255.255.255 any deny ip host 255.255.255.255 any remark Land attack protection deny ip host xxxxx host xxxxx deny ip any host xxxxx deny ip host xxxxx any deny ip xxxxx 0.0.0.63 any remark Smurf attack protection deny ip any host 204.50.4.255 deny tcp any any eq 135 deny tcp any any eq 139 deny tcp any any eq 445 remark permit established connections to mitigate syn attacks permit tcp any any established remark permit icmp types permit icmp any any echo permit icmp any any echo-reply permit icmp any any time-exceeded permit icmp any any parameter-problem permit icmp any any packet-too-big permit icmp any any fragments permit icmp any any source-quench permit icmp any any administratively-prohibited deny icmp any any remark * permit rest permit ip any any log ip access-list extended vpn-vancouver permit ip host xxxx host xxxxx permit ip host xxxxx host xxxxx ! access-list 20 permit xxxxx 0.0.0.255 access-list 101 permit ip host xxxxx host xxxxx access-list 101 permit ip host xxxxx host xxxxx access-list 103 permit ip host xxxxx host xxxxx access-list 198 permit icmp any any echo-reply access-list 199 permit tcp xxxxx 0.0.0.255 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.255 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.255 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.255 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.15 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.63 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.255 any eq telnet access-list 199 permit tcp host xxxxx any eq telnet access-list 199 permit tcp xxxxx 0.0.0.128 any eq telnet access-list 199 permit tcp xxxxx 0.0.0.127 any eq telnet snmp-server community xxxxx RO snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart snmp-server enable traps tty snmp-server enable traps isdn call-information snmp-server enable traps config snmp-server enable traps entity snmp-server enable traps frame-relay multilink bundle-mismatch snmp-server enable traps frame-relay snmp-server enable traps frame-relay subif snmp-server enable traps rtr snmp-server host xxxxx xxxxx no cdp run ! ! ! ! ! ! control-plane ! ! ! ! ! ! ! ! ! ! line con 0 exec-timeout 5 0 password 7 xxxxx login authentication xxxxx transport output none line aux 0 no exec transport input all line vty 0 4 access-class 199 in exec-timeout 15 15 password 7 xxxxx login authentication xxxxx transport input telnet transport output none ! scheduler allocate 20000 1000 ! end Router#