! 用于控制Nachi蠕虫的扫描
access-list 110 deny icmp any any echo
! 用于控制Blaster蠕虫的传播
access-list 110 deny tcp any any eq 4444
access-list 110 deny udp any any eq 69
!用于控制Blaster蠕虫的扫描和攻击
access-list 110 deny tcp any any eq 135
access-list 110 deny udp any any eq 135
access-list 110 deny tcp any any eq 139
access-list 110 deny udp any any eq 139
access-list 110 deny tcp any any eq 445
access-list 110 deny udp any any eq 445
access-list 110 deny tcp any any eq 593
access-list 110 deny udp any any eq 593
!用于控制 Slammer 蠕虫的传播
access-list 110 deny udp any any eq 1434
access-list 110 permit ip any any
! 防止外来的攻击
interface s0
ip access-group 110 in
ip access-group 110 out
! 防止广播流量进入,防范Smurf类型的攻击
no ip directed-broadcast