Ok so here is the story. I have a project where i have to simulate a DoS attack. Here is the network:
I have two clients that communicates through the network with the file server. The attacker comes up and starts pinging the server using large packets (65.000 bytes) at a very small interval (0.1secs). Its a simple DoS attack. Now, one way to solve this attack is by applying ACLs to the Cisco 2500 IP router_0. This ACL should filter the entire traffic that comes on the incoming port and drop all ICMP traffic. The ideal situation would be if i can implement an ACL which could allow me to filter just ICMP traffic that is larger than a value defined by me, because i dont want all ICMP traffic to be dropped (for future troubleshoot situations). I tried to implement the ACL but it doesn't work. The router drops every packet that flows through the network, leaving the network dead. Here is how i did it:
In Edit Attributes of the router, go to IP->IP Routing Parameters -> Extended ACL Configuration. In the List Configuration Table i selected Deny under Action tab and ICMP under protocol Tab. and left Any everywhere else. Then i went to the interface that connects to the cloud (IF1) at IP Routing Parameters -> Interface Information (7 rows) -> IF1 ->Packet Filter - > selected the ACL confugured earlier. Once applied, there is no more traffic that runs through the network.
Im not sure if i configured it good or not but it doesnt work. Can anybody please help with a solution? Thank you very very much!!!
More Like This
About Splash Community
The Riverbed Splash community is a network of users and a set of tools for connecting, sharing, and collaborating. Whether you're here to troubleshoot a technical problem,
get best practices on your Riverbed product deployment, or want to learn how to leverage Riverbed's developer tools, you'll find it here in our community.