Continue to
tune this ACL to further narrow down the type of traffic until a closer match is found. This is a very useful
technique to implement under a DoS attack, particularly when you are unsure what type of DoS attack is
underway.
Debugging Traffic Using ACLs
ACLs can be used to debug traffic on a router. Running debugs on a router is resource consuming and could
potentially use almost all system resources, such as memory and processing power. Excessive debugging under
high load conditions may cause unexpected interruptions or in some cases cause the device to crash. Therefore,
debugging commands need to be used with extreme caution. Before enabling debugging, inspect the CPU load
by using the show processes cpu command and verify that sufficient CPU is available before running the
debugs.
One way of reducing the impact of the debug command on a device is to use an ACL to selectively define the
traffic criteria that needs to be examined. This concept does not do any packet filtering; it is used only for
controlled monitoring. Example 2-9 shows a configuration that enables debugging only for packets between the
hosts 10.1.1.1 and 192.168.1.1 using the debug ip packet [detail]
command.
Pages:
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109