OOTP - bootp is enabled by default, and i ‘are not using it, you should defintel ‘Hisableit. Router(config)# no ip bootp server «isn iscnvery Prvoml (CDP ata nabled by default, and we highly recomme: that you disable this service on the router ~The ip classless command nabled on the Cisco routers by default it sion 12.0 and higher. Disable ip classless i ir network does not have a subne _frange of IP addresses. If you are subnetting »ck of IP address allocated to you by th \merican Registry for (ARIN), you should ensure that ip classless i nabled. Router(config)no cdp run Router(config-if}#no cdp enable Router(config)#ino ip classless = Domain Name System (DNS) lookup i abled by detauit on Cho routers, and you re not implementing DNS lookup on you twork, itis highly advisable to disable [festire gobety by using the no ip domain Router(config)#no ip domain-lookup | lookup command: f - The finger command is enabled ult and can be used to see what users “4 logged on to the network device. The finger ommand has been documented in RFC 742, nd you should globally disable the finger command on networkdevices: Router(config)#no ip finger By default, the ip maskroph -ommand is disabled on all Cisco routers. Th 'ask replies respond to Internet Contol lessage Protocol (ICMP) mask requests ending out ICMP mask replies, and. thes 1ask replies. contai information. ICMP echo requests from a spoofed sourc eres to a cfrected broadcast that cause al 1s 10 respond to the ping echo request reating alot of trafficonthe network. Router(config)#interface.. Router(config-if}ino ip mask-reply Router(config)tinterface.. Router(config-if}#no ip directed- broadcast iP Source Routing - IP source routing all the sender of an IP packet to control the rout that packet will take to reach the destinat ndpoint. By default, IP source routing i jabled on the routers and should only b nabledif your network needscallforit. Router(config)#no ip source-route used 19 map our the network topology, a hey should be disabled on all interface. (I iP Unreacheble setae inreachable should be disabled on all “Interfaces connected to insecure networks.) Router(config)interface.. Router(config-if}#no ip unreachable