I am sure this will be beneficial to all the people who are planning to appear in CCIE SEC main attacks and mitigation cramm sheet.
- FRAGMENT TINY ATTACK/BUFFER OVERFLOW ATTACK:
Resolve with ACL using fragment keyword or usefragment inside or fragment outside in ASA command
- SMURF Attack:
Drop and stop ICMP Echo . Also can do CAR
- FRAGGLE Attack:
Drop and stop UDP echo. Also can do CAR
- RECONNISSANCE/SCAN Attack:
no ip unreachables under router interface or threat-detection in ASA
- TCP SYNC DoS Attack :
static or nat in ASA setting , MPF is also in ASA to fix this up in tcp-map .on router, you can use tcp intercept command.
- UDP DOS Attack:
CBAC or ZBF on router.Threat Detection on ASA.
- MiTM Attack in BGP:
Password in BGP Peers,GTSM setting.
- Stealthing FIREWALL:
Stop firewall from responding to PING or TRACE.
- SinK Holes and Black Holes:
static route command play with BGP Routing
- IP Spoofing ATTACK:
uRPF on router. BOGON Address filtering (RFC 3330, RFC 2827 , RFC 1918 , RFC 1700 etc)uRPF on ASA .
- DHCP Starvation Attack:
DHCP Snooping protection and Binding database.
- ARP Poisoning Attack:
Dynamic ARP Inspection (DAI)
- IP MAC Spoofing in Switches:
IPSG with IP or IPSG with IP+MAC setting!
No comments:
Post a Comment