O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 10.0: Security Violations

10.1. DoS Attack

  1. A web server (R7 in this case) was attacked on the network.

  2. The nature of the attack could not be characterized.

  3. Analyze the forensic evidence sniffer captures collected at the time of the attack, as shown previously in Figures 6-5a through 6-5d.

  4. The attack was targeted to the web server on port 80.

  5. Notice a unique pattern in all the GET requests—the use of cmd.exe to penetrate /browse through it. cmd.exe is the command shell access in Windows.

  6. As mentioned, the attack is from a random source IP. You cannot configure any ACL on Layer 3 or Layer 4 information provided in sniffer captures, as per the restriction.

  7. Mitigate this attack by classifying inbound packets on entry points on R7 (VLAN-6 and ATM ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required