SETTING UP ACLs TO MONITOR PORT SCANNING

1. Detect that the attacker is attempting to scan you

   There are tools to do this out there, we're going to use a simple
   version that will trigger on sensitive ports

   Reminder of interface configs on your routers:

   FastEthernet0/0  -> INSIDE 
   FastEthernet0/1  -> OUTSIDE  

a. Connect to your router

	# ssh tldadmin@192.168.10X.1 
	** Note: remember to use your group number instead of X, and your password is tldadmin!

   You should get the prompt:

	TLDX-RTR>

b. Go into enable mode (type "enable" at the prompt):

	TLDX-RTR> enable
	** Note: the enable password is tldadmin!

   You should now get the prompt:

	TLDX-RTR#

c. Enter configuration mode:

	TLDX-RTR# configure terminal
	
   You should see:	
	
	Enter configuration commands, one per line.  End with CNTL/Z.
	TLDX-RTR(config)#

   We are now in configuration mode.  Let's define an access list with
   a few "sensitive" ports -- you can just copy and paste these lines
   at the "TLDX-RTR(config)#" prompt.  DON'T FORGET THE LAST LINE!

	access-list 100 permit tcp any any eq 22 syn log
	access-list 100 permit tcp any any eq 23 syn log
	access-list 100 permit tcp any any eq 25 syn log
	access-list 100 permit tcp any any eq 110 syn log
	access-list 100 permit tcp any any eq 143 syn log
	access-list 100 permit ip any any

	TLDX-RTR(config)#

	Now, we end configuration mode by pressing "CTRL-Z" (control key + 'z')

	TLDX-RTR(config)# ^Z
	TLDX-RTR#

d. We now have an ACL, but, it's not active.  We need to apply it to
   an interface.  We'll use the external interface (FE 0/1 = Outside):

	TLDX-RTR# configure terminal
	
	TLDX-RTR(config)# interface FastEthernet 0/1

	TLDX-RTR(config-if)# ip access-group 100 in

   Now press CTRL-Z to exit:

	TLDX-RTR(config-if)# ^Z

   Now, we save the config:

	TLDX-RTR# write

e. We will see how this will help in the upcoming attacks