Refer to Figure 5-12 for the network topology upon which the following con?¬?gurations are
based.
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
Edge(config)#ip tcp intercept list 104 Enables TCP intercept.
Router IOS will intercept
packets for all TCP servers
based on information
provided by ACL 104.
Edge(config)#access-list 104 permit tcp any
10.2.1.0 0.0.0.255
Permits packets with any
source address to travel to
the 10.2.1.0 network
Edge(config)#access-list 104 deny ip any any
log
Denies all other packets
from entering the router,
and logs any instance in
which this statement was
used
Edge(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 104 in Takes all access list lines
that are de?¬?ned as being
part of group 104 and
applies them in an
inbound manner
Using ACLs to Filter Network Traf?¬?c to Mitigate Threats 109
DoS Smurf Attacks
Smurf attacks consist of large numbers of ICMP packets sent to a router subnet broadcast
address using a spoofed source IP address from that same subnet. Some routers may be
con?¬?gured to forward these broadcasts to other routers in the protected network, and this
process causes performance degradation.
Pages:
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103