Does the following work for you? class-map type stack match-all ICMP-CAPTURE match field ip protocol eq 0x01 next icmp
class-map type access-control match-all ATTACK-MITIGATION match field ip fragment-offset eq 1480 policy-map type access-control FPM-ATTACK-MITIGATION class ATTACK-MITIGATION drop policy-map type access-control FPM-ICMP-CAPTURE class ICMP-CAPTURE service-policy FPM-ATTACK-MITIGATION int gig 0/1 service-policy type access-control input FPM-ICMP-CAPTURE With regards Kings On Mon, Jan 10, 2011 at 9:41 AM, kamran shakil <[email protected]>wrote: > QUESTION: > ========== > From Ethereal/Wireshark i have the following Output: > > DSCP (0X00, ECN: 0X00) > TOTAL LENGTH: 48 > IDENTIFICATION : 0X4B01 (19201) > FLAGS: 0X00 > FRAG OFFSET: 1480 > TTL: 62 > PROTOCOL: ICMP > HEADER CHECKSUM: 0XEEEB > > > > Considering above packet capture as an attack , need to mitigate it using > FPM , > > > In the router: > ------------------------------------------------- > load protocol flash:icmp.phdf > > load protocol flash:ip.phdf > > load protocol flash:tcp.phdf > > load protocol flash:udp.phdf > > class-map type stack match-all ICMP-CAPTURE > match field ip protocol eq 0x01 next icmp > > class-map type access-control match-all ATTACK-MITIGATION > match field ip fragment-offset ???? <what should i use here> > > policy-map type access-control FPM-ATTACK-MITIGATION > class ATTACK-MITIGATION > drop > > policy-map type access-control FPM-ICMP-CAPTURE > class ICMP-CAPTURE > service-policy FPM-ATTACK-MITIGATION > > int gig 0/1 > service-policy type access-control input FPM-ICMP-CAPTURE > > > > [Above is not working , could anyone find the issue !!! plus what value > shall i use in fragment offset ???]p > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
