IP Fragment AttacK

From: Paul Adams (ccie.paul@gmail.com)
Date: Mon Dec 08 2008 - 06:57:09 ARST

• Next message: Pavel Bykov: "Re: Eigrp nsf route-hold"
• Previous message: Arunas Baltrunas: "Re: OT: JUNOS on OLIVE vmware or qemu"
• Next in thread: Paul Adams: "Re: IP Fragment AttacK"
• Maybe reply: Paul Adams: "Re: IP Fragment AttacK"
• Maybe reply: Michael Dorion: "Re: IP Fragment AttacK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I need your opinion if the answer is the best option as per question
requirement

R4 (fa0/0)=================BB2

R4
int fa 0/0
ip add 192.168.100.4

BB2
int e 0/0
ip address 192.168.100.12

IP Fragment Attack
configure an ACL on R4 to prevent fragment attach from BB2 to Web-Server (
172.20.16.1 )

(R4)
ip acl extended fra
deny ip any host 172.20.16.1 fragment
permit ip any any

int fa 0/0
ip access-group fra in

Blogs and organic groups at http://www.ccie.net

• Next message: Pavel Bykov: "Re: Eigrp nsf route-hold"
• Previous message: Arunas Baltrunas: "Re: OT: JUNOS on OLIVE vmware or qemu"
• Next in thread: Paul Adams: "Re: IP Fragment AttacK"
• Maybe reply: Paul Adams: "Re: IP Fragment AttacK"
• Maybe reply: Michael Dorion: "Re: IP Fragment AttacK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST