Example 7-6. Configuring IP Source Tracker
Router(config)# ip source-track 10.1.1.1
Router(config)# ip source-track syslog-interval 2
Router(config)# ip source-track export-interval 30
Example 7-7 shows detailed information of the flows per-destination IP address being tracked.
Example 7-7. IP Source Tracker Statistics
Router# show ip source-track 10.1.1.1
Address SrcIF Bytes Pkts Bytes/s Pkts/s
10.1.1.1 PO0/0 119G2553M 5619921 156821
Note that the previously listed output indicates that interface POS 0/0 is the potential upstream attack path
from which the attack is originating. After the next-hop is determined, it is highly recommend to disable ip
source-track on the current router and enable it on the upstream router to track the next preceding hop.
Note
The IP source tracker feature was introduced in Cisco IOS Release 12.0(21)S and was integrated into
Cisco IOS Release 12.3(7)T and later. Use the Feature Navigator tool to check platform support and
corresponding Cisco IOS Software image at www.cisco.com/go/fn.
IP Spoofing Attacks
As discussed earlier, many network attacks rely on an intruder falsifying, forging, or spoofing the source
addresses in IP datagrams. It is very important and best practice to implement antispoofing mechanisms to
prevent spoofing wherever feasible.
Pages:
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367