- FRAGMENT TINY ATTACK/BUFFER OVERFLOW ATTACK:
- SMURF Attack:
Drop and stop ICMP Echo . Also can do CAR
- FRAGGLE Attack:
- RECONNISSANCE/SCAN Attack:
- TCP SYNC DoS Attack :
static or nat in ASA setting , MPF is also in ASA to fix this up in tcp-map .on router, you can use tcp intercept command.
- UDP DOS Attack:
CBAC or ZBF on router.Threat Detection on ASA.
- MiTM Attack in BGP:
Password in BGP Peers,GTSM setting.
- Stealthing FIREWALL:
Stop firewall from responding to PING or TRACE.
- SinK Holes and Black Holes:
static route command play with BGP Routing
- IP Spoofing ATTACK:
uRPF on router. BOGON Address filtering (RFC 3330, RFC 2827 , RFC 1918 , RFC 1700 etc)uRPF on ASA .
- DHCP Starvation Attack:
DHCP Snooping protection and Binding database.
- ARP Poisoning Attack:
Dynamic ARP Inspection (DAI)
- IP MAC Spoofing in Switches:
IPSG with IP or IPSG with IP+MAC setting!