Possible Stacheldraht attacks are similar to the attacks of TFN;
namely, ICMP ?¬‚ood, SYN ?¬‚ood, UDP ?¬‚ood, and smurf attacks.
A Stacheldraht attack sets up communication between clients, handlers, and agents using
these ports:
??? 16660 TCP
??? 65000 TCP
Edge(config)#access-list 150 deny tcp any any
eq 31335 log
Denies any TCP traf?¬?c
from any network from
going to any network
through port 31335, and
logs any instance in which
this statement was used
Edge(config)#access-list 150 permit ip any any Allows all other traf?¬?c
through
Edge(config)#interface fastethernet 0/0 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 150 in Takes all access list lines
that are de?¬?ned as being
part of group 150 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#interface fastethernet 0/1 Moves to interface
con?¬?guration mode
Edge(config-if)#ip access-group 150 in Takes all access list lines
that are de?¬?ned as being
part of group 150 and
applies them in an
inbound manner
Edge(config-if)#exit Returns to global
con?¬?guration mode
Edge(config)#
116 Mitigating Dedicated DoS Attacks with ACLs
Refer to Figure 5-12 for the network topology upon which the following con?¬?gurations are
based.
Pages:
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110