Section 10.0: Security Violations

10.1. Denial of Service (DoS)

  1. Classify inbound packets for the worm using NBAR and the class-based marking feature in IOS. This feature looks inside HTTP URLs and matches any of the specified strings.

  2. Using NBAR and class-based marking, classify bad packets by setting the DSCP value 1. Use the unique pattern *cmd.exe* in the URL to mark all packets. cmd.exe is a command shell access on Windows NT.

  3. These attacks can be blocked on the router using three methods:

    Using ACL

    Using Policy-Based Routing

    Using Class-Based Policing

  4. Use the ACL method as required for this task. ACL needs to apply outbound toward the target.

  5. Policy needs to apply inbound on the interface where the worm enters.

  6. See Example 3-40 to mitigate this ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial