Scenario Defining Cisco IOS Commands to View DoS Attacks in Real Time

Figure 7-3 displays a typical two-router topology with an external connection to the Internet via R1.

Figure 7-3 Two-Router Network Attacked by External Intruder

Intruder

Intruder

Internet Connection

Internet Connection

131.108.100.5/24 Host A

Ethernet 0/0 131.108.100.1/24

Ethernet 0/1 131.108.101.1/24

131.108.100.5/24 Host A

Ethernet 0/1 131.108.101.1/24

131.108.255.0/24-

ICMP/TCP/UDP attack! Administrator is not sure?

Ethernet 0/0 131.108.100.1/24

131.108.200.5/24 Host B

131.108.255.0/24-

ICMP/TCP/UDP attack! Administrator is not sure?

131.108.200.5/24 Host B

Ethernet 0/0 131.108.200.1/24

Ethernet 0/0 131.108.200.1/24

In this scenario, a Cisco IOS router is subjected to ICMP, TCP, or UDP IP packets. The network administrator is not sure of what type but notices the log file that is buffered to Router R2 has just increased from 1 MB to 2.5 MB in less than 5 seconds. What can be done to characterize the traffic and detect the type of denial-of-service attack?

0 0

Post a comment