What Happens As Your Router Boots Up

What Happens As Your Router Boots Up

1. The “Power-On Self-Test” checks the Router Hardware.
This includes the CPU (Central Processor Unit), memory, and interfaces.
2. The “Bootstrap Program”, which is stored in ROM, runs itself
3. The “Bootfield” is read to find out the proper Operating System source.
4. The “Operating System Image” is loaded into RAM. (Random Access Memory)
5. The “Configuration File” saved in NVRAM is loaded into the RAM.
The Configuration File is then executed one line at a time.
6. If no “Configuration File” is found in NVRAM,
the Cisco IOS will offer you the chance to use the “Initial Configuration Dialog”.
This is a set of Questions for you to answer to do a basic configuration.
Since in our theoretical New Router there is no NVRAM configuration
This “Setup Dialog” will be one of the first things we see.

Stop DDOS attacks on a cisco router

ISPs have other options available that depend on routing changes, such as black hole filtering. Black hole filtering works by forwarding malicious traffic to an imaginary interface known as Null0 – similar to /dev/null on Unix machines. Since it’s not a valid interface, traffic routed to Null0 is essentially dropped. Moreover, this technique minimizes performance impact – a useful feature during the DDoS investigation so the rest of the network remains stable under the heavy load.

Here’s the simplest form of a black hole route:

Router(config)# int null0
Router(config-if)# no ip unreachable
Router(config)# ip route 1.1.1.1 255.255.255.0 null0

This statement sends all traffic arriving on this router to the null0 interface — in effect, discarding it and sending it to the black hole.

You could also redistribute this route into your dynamic routing protocol and have it sent to all other routers on your network. Then, all routers would send traffic to your router, and your router would drop that traffic.

Using ISP back hole you could limit some bad traffic, imagine that the target IP for the DDOS is 1.2.3.4 and my AS is 1234. The transit provider is 1000 and he blackhole community is tagged with 666.

On a cisco router I may use the following to blackhole the traffic before the
traffic enter my network.

router bgp 1234
bgp router-id 1.2.3.4
redistribute static route-map static-to-bgp
..
..
!
route-map static-to-bgp permit 5
match tag 666
set community 1000:666 additive
!