Наши новости могут транслироваться, используя rss.
FAQ
FAQ #20
Защита маршрутизатора Cisco от DoS атак
Резюме статьи http://www.informit.com/articles/article.asp?p=345618
Диагностика: Оценка загрузки CPU
show processes cpu
show processes cpu history
sh int switching
Слежения за счетчиками на ACL
clear access-list counters N
show access-list N
Сброс статистики срабатываний ACL в syslog:
access-list 100 deny icmp any any echo reply log-input
Netflow
interface N
ip route-cache flow или ip route-cache distributed
ip flow-export IP UDP_port
show ip cache flow
Code Red Worms
show ip cache flow | include 0050
Smurf Attacks
show ip cache flow | include 0000
clear ip flow stats
TCP SYN Flood Attacks
access-list 100 tcp permit tcp any any
ip tcp intercept list 100
ip tcp intercept mode
ip tcp intercept watch-timeout
ip tcp intercept finrst-timeout
ip tcp intercept connection-timeout
ip tcp intercept max-incomplete high
ip tcp intercept drop-mode
show tcp intercept statistics
show tcp intercept connections
debug ip tcp intercept
access-list N tcp permit tcp any any
ip tcp intercept list N
ip tcp intercept mode
ip tcp intercept watch-timeout
ip tcp intercept finrst-timeout
ip tcp intercept connection-timeout
ip tcp intercept max-incomplete high
ip tcp intercept drop-mode
show tcp intercept statistics
show tcp intercept connections
debug ip tcp intercept
Пример:
access-list 100 tcp permit tcp any host 192.1.1.1 eq 80
access-list 100 tcp permit tcp any host 192.1.1.2 eq 25
ip tcp intercept list 100
ip tcp intercept mode watch
ip tcp intercept watch-timeout 20
ip tcp intercept connection-timeout 120
ip tcp intercept max-incomplete high 600
ip tcp intercept min-incomplete low 500
ip tcp intercept one-minute high 800
ip tcp intercept one-minute low 600
CBAC (Context-Based Access Control) и DoS атаки Синтаксис:
ip inspect tcp synwait-time
ip inspect tcp finwait-time
ip inspect tcp idle-time
ip inspect udp idle-time
ip inspect dns-timeout
ip inspect max-incomplete high
ip inspect max-incomplete low
ip inspect one-minute high
ip inspect one-minute low
ip inspect tcp max-incomplete host block-time
Пример:
ip inspect tcp synwait-time 20
ip inspect tcp idle-time 60
ip inspect udp idle-time 20
ip inspect max-incomplete high 400
ip inspect max-incomplete low 300
ip inspect one-minute high 600
ip inspect one-minute low 500
ip inspect tcp max-incomplete host 300 block-time 0
Rate Limit:
interface N
no ip unreachables
ip icmp rate-limit unreachable [df] Например: ip icmp rate-limit unreachable 1000
interface N rate-limit [access-group [rate-limit] acl-index] conform-action exceed-action Пример 1:
interface serial0
rate-limit output access-group 100 64000 4000 4000 conform-action transmit exceed-action drop
access-list 100 permit icmp any any echo
access-list 100 permit icmp any any echo-reply
Пример 2:
access-list 100 permit tcp any host eq www established
access-list 101 permit tcp any host eq www
interface serial0
rate-limit output access-group 100 1544000 64000 64000
conform-action transmit exceed-action drop
rate-limit output access-group 101 64000 16000 16000
conform-action transmit exceed-action drop
Мелочи:
no ip directed-broadcast
no service tcp-small-servers
no service udp small-servers
Views
2279 (Unique 1151)
Member Rating :
Not yet rated
FAQ Posted by
Info
Created: Sunday 14 March 2010 - 18:54:10 Last Updated: Sunday 14 March 2010 - 18:54:10
