It is all about the packet. After a packet is on the network wire, someone or something
somewhere has to either deliver or drop the packet.
In the context of an intrusion or attack, the question is who will drop the packet and where will the packet be
dropped?
Mitigation Techniques at Layer 3
This section highlights some of the most common mitigation techniques available on Cisco platforms and
commonly applied on specific Layer 3 devices, such as routers or Layer 3 switches.
Traffic Characterization
The first and most essential step in the attack mitigation process is gathering relevant information about the
characteristics of an attack to determine the type of attack and to devise a relevant threat-mitigation strategy
based on attack vectors.
The Cisco IOS Access Control List (ACL) is the most commonly adopted technique to classify the packets into
various attack streams, and it is valuable for characterizing both known and unknown attacks and for tracing
packet streams back to their point of origin.
Other features such as debugging, logging, and IP accounting can also be used. However, with recent versions
of Cisco IOS Software, access lists and access list logging are predominant in characterization and tracing
network attacks.
Pages:
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356