Step 2. The router creates a special Cisco Express Forwarding (CEF) entry for the destination address being
tracked.
Step 3. The CPU collects all the necessary data in the context of the traffic flow for each tracked IP address
in an easy-to-use format and periodically exports this data.
Step 4. The periodically exported data can be viewed by using the show ip source-track
command to display detailed information for each input interface, including detailed statistics of the
traffic destined to each IP address. To display a summary of the flow information, use the show ip
source-track summary command.
Step 5. Detailed statistics provide a breakdown of the traffic to each tracked IP address. This information
allows you to determine which upstream router to analyze next and makes a hop-by-hop traceback
to the attacker possible.
Step 6. These steps are repeated on each upstream router until the source of the attack is identified.
Step 7. Apply appropriate mitigation techniques to stop or minimize the attack.
Configuring IP Source Tracker
Example 7-6 shows how to enable IP source tracking on a router to collect traffic flow statistics to host address
10.1.1.1 for two minutes, create an internal system log entry, and export packet and flow information for
viewing to the route processor every 30 seconds.
Pages:
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366