Re: IP Fragment AttacK

From: Paul Adams (ccie.paul@gmail.com)
Date: Mon Dec 08 2008 - 10:41:37 ARST

• Next message: A.G. Ananth Sarma (GMail): "Re: got it!"
• Previous message: Scott Morris: "RE: Weird Errors"
• Maybe in reply to: Paul Adams: "IP Fragment AttacK"
• Next in thread: Michael Dorion: "Re: IP Fragment AttacK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Hi,
>
> I need your opinion if the answer is the best option as per question
> requirement
>
>
> R4 (fa0/0)=================BB2
>
> R4
> int fa 0/0
> ip add 192.168.100.4
>
>
> BB2
> int e 0/0
> ip address 192.168.100.12
>
>
> IP Fragment Attack
> configure an ACL on R4 to prevent fragment attach from BB2 to Web-Server (
> 172.20.16.1 )
>
>
> (R4)
> ip acl extended fra
> deny ip any host 172.20.16.1 fragment
> permit ip any any
>
> int fa 0/0
> ip access-group fra in

Blogs and organic groups at http://www.ccie.net

• Next message: A.G. Ananth Sarma (GMail): "Re: got it!"
• Previous message: Scott Morris: "RE: Weird Errors"
• Maybe in reply to: Paul Adams: "IP Fragment AttacK"
• Next in thread: Michael Dorion: "Re: IP Fragment AttacK"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jan 01 2009 - 12:53:08 ARST