Section 10.0: Security Violations

10.1. DoS Attack

  1. A web server (R7 in this case) was attacked on the network.

  2. The nature of the attack could not be characterized.

  3. Analyze the forensic evidence sniffer captures collected at the time of the attack, as shown previously in Figures 6-5a through 6-5d.

  4. The attack was targeted to the web server on port 80.

  5. Notice a unique pattern in all the GET requests—the use of cmd.exe to penetrate /browse through it. cmd.exe is the command shell access in Windows.

  6. As mentioned, the attack is from a random source IP. You cannot configure any ACL on Layer 3 or Layer 4 information provided in sniffer captures, as per the restriction.

  7. Mitigate this attack by classifying inbound packets on entry points on R7 (VLAN-6 and ATM ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial