Prevent fragment attack without break web service

From: nhqky888@ybb.ne.jp
Date: Tue Nov 08 2005 - 01:39:17 GMT-3

• Next message: Godswill Oletu: "Re: Rate-Limit - I just don't get it !!"
• Previous message: Elliott Reyes: "Internetwork expert workbook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

A hacker is doing fragment attack to WEB server 10.10.10.10.
Filtering fragmented packet should be done to prevent this.

Here is the acl,

access-list 100 deny ip any host 10.10.10.10 fragment
access-list 100 permit ip any any

This acl filters any fragmented HTTP packets web users use, I think.

Second acl,

access-list 100 permit tcp any host 10.10.10.10 fragment
access-list 100 deny ip any host 10.10.10.10 fragment
access-list 100 permit ip any any

This acl permit any fragmented HTTP packets web users use,
however, this server will be attacked with TCP fragment.

How can I accomplish this task without breaking Web services?

Ive read Cisco router FW security by Deal,
Deal indicates as lower security risk in it,

access-list 100 deny ip any host 10.10.10.10 fragment
access-list 100 permit tcp any host 10.10.10.10 eq www established
access-list 100 permit ip any any

Plz give any suggestion to me.

Thanks,

KY

• Next message: Godswill Oletu: "Re: Rate-Limit - I just don't get it !!"
• Previous message: Elliott Reyes: "Internetwork expert workbook"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3