Friday, 8 April 2011

Network Attacks and Mitigation

I am sure this will be beneficial to all the people who are planning to appear in CCIE SEC main attacks and mitigation cramm sheet.


Resolve with ACL using fragment keyword or usefragment inside or fragment outside in ASA command

  • SMURF Attack:

Drop and stop ICMP Echo . Also can do CAR

  • FRAGGLE Attack:

Drop and stop UDP echo. Also can do CAR


no ip unreachables under router interface or threat-detection in ASA

  • TCP SYNC DoS Attack :

static or nat in ASA setting , MPF is also in ASA to fix this up in tcp-map .on router, you can use tcp intercept command.

  • UDP DOS Attack:

CBAC or ZBF on router.Threat Detection on ASA.

  • MiTM Attack in BGP:

Password in BGP Peers,GTSM setting.

  • Stealthing FIREWALL:

Stop firewall from responding to PING or TRACE.

  • SinK Holes and Black Holes:

static route command play with BGP Routing

  • IP Spoofing ATTACK:

uRPF on router. BOGON Address filtering (RFC 3330, RFC 2827 , RFC 1918 , RFC 1700 etc)uRPF on ASA .

  • DHCP Starvation Attack:

DHCP Snooping protection and Binding database.

  • ARP Poisoning Attack:

Dynamic ARP Inspection (DAI)

  • IP MAC Spoofing in Switches:

IPSG with IP or IPSG with IP+MAC setting!

No comments:

Post a Comment