QUESTION: ========== >From Ethereal/Wireshark i have the following Output:
DSCP (0X00, ECN: 0X00) TOTAL LENGTH: 48 IDENTIFICATION : 0X4B01 (19201) FLAGS: 0X00 FRAG OFFSET: 1480 TTL: 62 PROTOCOL: ICMP HEADER CHECKSUM: 0XEEEB Considering above packet capture as an attack , need to mitigate it using FPM , In the router: ------------------------------------------------- load protocol flash:icmp.phdf load protocol flash:ip.phdf load protocol flash:tcp.phdf load protocol flash:udp.phdf class-map type stack match-all ICMP-CAPTURE match field ip protocol eq 0x01 next icmp class-map type access-control match-all ATTACK-MITIGATION match field ip fragment-offset ???? <what should i use here> policy-map type access-control FPM-ATTACK-MITIGATION class ATTACK-MITIGATION drop policy-map type access-control FPM-ICMP-CAPTURE class ICMP-CAPTURE service-policy FPM-ATTACK-MITIGATION int gig 0/1 service-policy type access-control input FPM-ICMP-CAPTURE [Above is not working , could anyone find the issue !!! plus what value shall i use in fragment offset ???]p
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
