0.0.0/8, 10.0.0.0/8,
127.0.0.0/8, 169.254.0.0/16, 172.16.0.0/12, 192.168.0.0/16, 224.0.0.0/4, or 240.0.0.0/4.
RFC 3704 is the update to RFC 2827.
Mitigating TRIN00
TRIN00 is a SYN DDoS attack. The attack method is a UDP ?¬‚ood.
The TRIN00 attack sets up communications between clients, handlers, and agents using
these ports:
??? 1524 TCP
??? 27665 TCP
??? 27444 UCP
??? 31335 UCP
The mitigation tactic for the TRIN00 attack is to block both interfaces in the inbound
direction. The goal is to prevent infected outside systems from sending messages to an
internal network and to prevent any infected internal systems from sending messages out of
an internal network to the vulnerable ports.
Refer to Figure 5-12 for the network topology upon which the following con?¬?gurations are
based.
Edge(config)#access-list 150 deny tcp any any
eq 1524 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 1524, and
logs any instance in which
this statement was used
Edge(config)#access-list 150 deny tcp any any
eq 27444 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 27444, and
logs any instance in which
this statement was used
Edge(config)#access-list 150 deny tcp any any
eq 27665 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 27665, and
logs any instance in which
this statement was used
Mitigating Dedicated DoS Attacks with ACLs 115
Mitigating Stacheldraht
Stacheldraht is a DDoS tool that appeared in 1999 and combines features of TRIN00 and
Tribe Flood Network (TFN).
Pages:
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109