From: Salau, Yemi (yemi.salau@siemens.com)
Date: Thu Sep 06 2007 - 06:44:49 ART
I'm thinking what if you've got nat between the internet and your POD
network. That means the packet source header will not contain the
internet address, that is if you have a nat outside source translation
or something at your internet boundary router/firewall. Ofcourse, this
might not be the case in this workbook, but for their solution to work,
something must have changed the source header address information of
those packets to be intercepted as they come into your network.... And
I'm still guessing NAT
Many Thanks
Yemi Salau
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
tunde omotosho
Sent: Thursday, September 06, 2007 9:47 AM
To: ccielab@groupstudy.com
Subject: TCP Intercept (Preventing Denial-of-Service Attacks)
Mates,
in configuring TCP intercept.
From the DOC CD The following configuration defines extended IP
access list 101, causing the software to intercept packets for all TCP
servers on the 192.168.1.0/24 subnet:
ip tcp intercept list 101
!access-list 101 permit tcp any 192.168.1.0 0.0.0.255
I noticed further that the source must always be any since the source
of the attck is not known.
I saw a solution in a workbook where a subnet within the ip domain of
the workbook is used as the source in the access-list, even when the
question said attack from the internet.
Please correct me if i am wrong or the workbook is right?
---------------------------------
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.
This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART