A source-based remote triggered black hole (RTBH) filtering technique can also be used as a SYN flood
mitigation tool. This feature provides real-time defense against DDoS attacks by using a combination of IP
routing features. To learn more about this technique, refer to the following white paper:
www.cisco.com/warp/public/732/Tech/security/docs/blackhole.pdf.
IP Source Tracker
Source tracking is the process of tracing packet streams from the victim back to the point of origin to find the
source of the attack through the network path. Although an ACL is a common tool and can be leveraged to trace
back attacks, it has a potential performance impact when applied in a production network environment. IP
source tracker provides an easier, more scalable alternative to ACLs for tracking DoS attacks, and it generates
all the required information to trace the ingress point of an attack into the network with minimal performance
penalty.
How IP Source Tracker Works
The following steps illustrate how IP source tracker works for tracking DoS attacks.
Step 1. After a host is identified as under attack, enable the IP source tracker feature concurrently to track
multiple destination IP addresses on the router by using the ip source-track command from the
global configuration mode.
Pages:
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365