RE: TCP Intercept (Preventing Denial-of-Service Attacks)

From: Guyler, Rik (rguyler@shp-dayton.org)
Date: Thu Sep 06 2007 - 15:50:00 ART

• Next message: Darby Weaver: "RE: I suck"
• Previous message: uyota oyearone: "CCIE Position available in Toronto,Canada."
• Maybe in reply to: tunde omotosho: "TCP Intercept (Preventing Denial-of-Service Attacks)"
• Next in thread: Chris Riling: "Re: TCP Intercept (Preventing Denial-of-Service Attacks)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Or maybe again the source addresses are known. It may not be right or wrong
in either case so it will depend on what the requirements are. If it says
block anybody then use "any", if it says block this subnet then use that
subnet. If it doesn't state either then use "any".

Rik

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Salau, Yemi
Sent: Thursday, September 06, 2007 5:45 AM
To: tunde omotosho; ccielab@groupstudy.com
Subject: RE: TCP Intercept (Preventing Denial-of-Service Attacks)

I'm thinking what if you've got nat between the internet and your POD
network. That means the packet source header will not contain the internet
address, that is if you have a nat outside source translation or something
at your internet boundary router/firewall. Ofcourse, this might not be the
case in this workbook, but for their solution to work, something must have
changed the source header address information of those packets to be
intercepted as they come into your network.... And I'm still guessing NAT

Many Thanks
 
Yemi Salau

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
tunde omotosho
Sent: Thursday, September 06, 2007 9:47 AM
To: ccielab@groupstudy.com
Subject: TCP Intercept (Preventing Denial-of-Service Attacks)

Mates,
                 in configuring TCP intercept.
   
  From the DOC CD The following configuration defines extended IP access
list 101, causing the software to intercept packets for all TCP servers on
the 192.168.1.0/24 subnet:

ip tcp intercept list 101

!access-list 101 permit tcp any 192.168.1.0 0.0.0.255

I noticed further that the source must always be any since the source of
the attck is not known.

I saw a solution in a workbook where a subnet within the ip domain of the
workbook is used as the source in the access-list, even when the question
said attack from the internet.

Please correct me if i am wrong or the workbook is right?
   

       
---------------------------------
Looking for a deal? Find great prices on flights and hotels with Yahoo!
FareChase.

• Next message: Darby Weaver: "RE: I suck"
• Previous message: uyota oyearone: "CCIE Position available in Toronto,Canada."
• Maybe in reply to: tunde omotosho: "TCP Intercept (Preventing Denial-of-Service Attacks)"
• Next in thread: Chris Riling: "Re: TCP Intercept (Preventing Denial-of-Service Attacks)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:09 ART