Filtering Network Traffic
This section explains how to implement ACLs for mitigating the following threats:
IP address spoofing— inbound
IP address spoofing— outbound
DoS TCP SYN attacks— blocking external attacks
DoS TCP SYN attacks— using TCP intercept
DoS smurf attacks
Filtering ICMP messages— inbound
Filtering ICMP messages— outbound
Filtering traceroute
IP Address Spoof Mitigation
One method that attackers frequently use to gain information from a network is to try to appear as a trusted member of the network under attack. This is done by spoofing the source IP address in packets that are destined to the internal network under attack. The attacker simply changes the source IP address in the packet to an address that belongs to the internal ...
Get CCSP Self-Study: Securing Cisco IOS Networks (SECUR) now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.