Eicon Networks S92 Instrukcja Użytkownika Pobierz pdf (Strona 200)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 200

stepsbelow:

1. Writeasimpleprogramthatallowsustosetthenumberofpingattemptsandthe

useofspoofedsourceaddress.Makesurethatthissmallprogramworkswellon

the50compromisedsystems.Ifitisquitecertainthatallthesecompromised

hosts(aswellasourownhost)areWindowsbased,wecansimplyuseSMURF

2K/XPinsteadofwritingourown.

2. Setthesourceaddresstothevictim’sIP.

3. Uploadthisprogramtothe50compromisedsystems.

4. Havethempingeachothersrepeatedly,orhavethempingtheSARlistof

amplifiers.

AgainstSmurfAttack

Ciscosuggeststhefollowingwaystoprotecta networkagainstDoSandSmurf

attacks:

“

Usetheipverify unicast reversepathinterfacecommandontheinputinterf aceonthe

routerattheupstreamendoftheconnection.

FilterallRFC1918addressspaceusingaccesscontrollists.

Applyingressandegressfiltering(seeRFC2267)usingACL.

UseCARtoratelimitICMPpackets.

”

75

Althoughthesesuggestionswerepreparedwith Ciscogearsinmind,otherrouter

vendorsdo offertheirownversionsofthesestrategies.ThepointI am tryingtomake

hereis,suchattacksshouldbestoppedatorbeforetherouter.DoNOTletthemreach

thefirewall.Thefirewallisbusyatinspectingtoomanythingsalready.

AmorestraightforwardapproachistodisallowICMPentirelyattheborderrouter.

Thatmeans,noICMPgoinginandoutofthenetwork.Bydoingthis,devicesbehind

theborderrouterarefrom freefromsuch attack.However,internaluserswillnotbe

abletopingtheoutsideworldanymore(nomorepingforever).Well,therearealways

75

http://www.cisco.com/warp/public/707/newsflash.html

1 2 ... 195 196 197 198 199 200 201 202 203 204 205 ... 208 209

Brak uwag

Eicon Networks S92 Instrukcja Użytkownika Strona 200