Code Red Example
i. Marking traffic
Router(config)#class−map match−any http−hacks
Router(config−cmap)#match protocol http url "*default.ida*"
Router(config−cmap)#match protocol http url "*cmd.exe*"
Router(config−cmap)#match protocol http url "*root.exe*"
Router(config)#policy−map mark−inbound−http−hacks
Router(config−pmap)#class http−hacks
Router(config−pmap−c)#set ip dscp 1
Router(config)#interface serial 0/0
Router(config−if)#service−policy input mark−inbound−http−hacks
ii. ACL to drop traffic
Router(config)#access−list 105 deny ip any any dscp 1
Router(config)#access−list 105 permit ip any any
Router(config)#interface ethernet 0/1
Router(config−if)#ip access−group 105 out
iii. PBR to drop traffic
Router(config)#access−list 106 permit ip any any dscp 1
Router(config)#route−map null_policy_route 10
Router(config−route−map)#match ip address 106
Router(config−route−map)#set interface Null0
Router(config)#interface serial 0/0
Router(config−if)#ip policy route−map null_policy_route
iv. Class-Based Policing to drop traffic
Router(config)#policy−map drop−inbound−http−hacks
Router(config−pmap)#class http−hacks
Router(config−pmap−c)#police 1000000 31250 31250
conform−action drop exceed−action drop violate−action drop
Router(config)#interface serial 0/0
Router(config−if)#service−policy input drop−inbound−http−hacks
No comments:
Post a Comment