Zte ZXR10 8900 Series - Configuring URPF

To Next Page

To Previous Page

ZXR108900SeriesUserManual(BasicCongurationVolume)

IPaddressmayalsobeusedtowageanattackaslongasitis

unreachable.

Module2AnothernetworkmodelisshowninFigure38.

FIGURE38SOURCEADDRESSSNOOPING2

Theattackermayforgeasourceaddressthatistheaddressof

anotherlegalnetworkandexistsinglobalroutingtable.Forex-

ample,attackermayforgeasourceaddresssothattheattacked

willthinkthattheattackcomesfromforgedsourceaddressbut

infactsourceaddressiscompletelyinnocent.Inaddition,some-

timesnetworkadministratorwillclosealldataowscomingfrom

thatsourceaddressandthisinreturnmakesDOSattackofthe

attackersuccessfullybecometrue.

AmorecomplexscenarioisthatTCPSYNoodingattackwillcause

TCPSYN-ACKdatapackettobesenttomanyhostscompletely

independentoftheattackandsuchhostswillbecomevictims.As

aresult,attackermayspoofoneormoresystemsatthesame

time.

Similarly,UDPandICMPmaybeusedtoimplementoodingat-

tacks.

Alltheseattackswillseverelylowerthesystemperformanceor

evencausesystemtocrash.URPFisatechnologytoguardagainst

suchattacks.

ConfiguringURPF

TherearethreetypesofURPF:StrictURPF(SRPF),LooseURPF

(lRPF)andURPFthatignoresthedefaultroute(lnRPF).

TocongureURPF ,performthefollowingsteps.

Step

CommandFunction

ZXR10(config-if)#ipverify{strict|loose|

loose-ingoring-default-route}

ThisenablestheURPFcheck

functiononaninterface

ZXR10(config-if)#urpflog{on|off}

Thisenablesordisablesthe

URPFlogfunction

158CondentialandProprietaryInformationofZTECORPORATION

Other manuals for Zte ZXR10 8900 Series