OOTP - bootp is enabled by default, and i
‘are not using it, you should defintel
‘Hisableit.
Router(config)# no ip bootp server
«isn iscnvery Prvoml (CDP ata
nabled by default, and we highly recomme:
that you disable this service on the router
~The ip classless command
nabled on the Cisco routers by default it
sion 12.0 and higher. Disable ip classless i
ir network does not have a subne
_frange of IP addresses. If you are subnetting
»ck of IP address allocated to you by th
\merican Registry for
(ARIN), you should ensure that ip classless i
nabled.
Router(config)no cdp run
Router(config-if}#no cdp enable
Router(config)#ino ip classless
= Domain Name System (DNS) lookup i
abled by detauit on Cho routers, and you
re not implementing DNS lookup on you
twork, itis highly advisable to disable
[festire gobety by using the no ip domain
Router(config)#no ip domain-lookup
| lookup command:
f - The finger command is enabled
ult and can be used to see what users “4
logged on to the network device. The finger
ommand has been documented in RFC 742,
nd you should globally disable the finger
command on networkdevices:
Router(config)#no ip finger
By default, the ip maskroph
-ommand is disabled on all Cisco routers. Th
'ask replies respond to Internet Contol
lessage Protocol (ICMP) mask requests
ending out ICMP mask replies, and. thes
1ask replies. contai
information.
ICMP echo requests from a spoofed sourc
eres to a cfrected broadcast that cause al
1s 10 respond to the ping echo request
reating alot of trafficonthe network.
Router(config)#interface..
Router(config-if}ino ip mask-reply
Router(config)tinterface..
Router(config-if}#no ip directed-
broadcast
iP Source Routing - IP source routing all
the sender of an IP packet to control the rout
that packet will take to reach the destinat
ndpoint. By default, IP source routing i
jabled on the routers and should only b
nabledif your network needscallforit.
Router(config)#no ip source-route
used 19 map our the network topology, a
hey should be disabled on all interface. (I
iP Unreacheble setae
inreachable should be disabled on all
“Interfaces connected to insecure networks.)
Router(config)interface..
Router(config-if}#no ip unreachable