CCIE Security Practice Labs

Section 10.0: Security Violations

10.1. DoS Attack

Configure policy routing on R3 to black-hole ICMP echo packets destined for R2:

hostname r3
!
ip local policy route-map null
!
access-list 110 deny   icmp host 179.7.2.3 host 179.7.2.2 echo-reply
access-list 110 permit icmp host 179.7.2.3 host 179.7.2.2
route-map null permit 10
 match ip address 110
 set interface Null0

Apply the policy in global mode, as packets originated in R3 hit the local policy map.

Verify ping from R3 to R2 and vice versa:

! Ping from R2 to R3 Fails.
r3#ping 179.7.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 179.7.2.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
r3#

! Ping from R2 to R3 Success.
r2#ping 179.7.2.3 Type escape sequence ...

Get CCIE Security Practice Labs now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Section 10.0: Security Violations

10.1. DoS Attack

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly