Current location - Plastic Surgery and Aesthetics Network - Plastic surgery and medical aesthetics - If there is ip hiding, how to crack it?
If there is ip hiding, how to crack it?
1. Use extended access lists

Extended access list is an effective tool to prevent denial of service attacks. It can be used to detect the types of denial of service attacks and prevent them. The Show IP access-list command can display the matching packages of each extended access list, and users can determine the type of DoS attack according to the package type. If there are a large number of requests to establish TCP connections in the network, it means that the network has been attacked by SYN Flood. At this time, users can change the configuration of the access list to prevent DoS attacks.

Use quality of service

Using QoS features, such as weighted fair queue (WFQ), committed access rate (CAR), general traffic shaping (GTS) and customized queue (CQ), can effectively prevent DoS attacks. It should be noted that different QoS policies have different effects on different DoS attacks. For example, WFQ is more effective against Ping Flood attack than preventing SYN Flood attack, because Ping Flood usually appears as a separate transmission queue in WFQ, while each packet in SYN Flood attack appears as a separate data stream. In addition, people can use CAR to limit the speed of Internet control message protocol traffic to prevent Smurf attacks, and can also use CAR to limit the traffic speed of SYN packets to prevent SYN Flood attacks. Using QoS to prevent DoS attacks requires users to understand the principles of QoS and DoS attacks in order to take corresponding preventive measures against different types of DoS attacks.

3. Reverse forwarding using a single address

Reverse forwarding (RPF) is an input function of the router, which is used to check each packet received by the router interface. If the router receives a packet with the source IP address10.10.10.1,but the CEF(Cisco Fast Forwarding) routing table does not provide any routing information of the IP address, the router will discard the packet, so reverse forwarding can prevent Smurf attacks and other attacks based on IP address camouflage. To use RPF function, the router needs to be set to CEF switching mode, and the interface with RPF function enabled cannot be configured as CEF switching. RPF is superior to access list in preventing IP address spoofing. First, it can dynamically accept changes in dynamic and static routing tables. The second RPF requires less operation and maintenance; Thirdly, as an anti-fraud tool, RPF has much less impact on the performance of the router itself than using access lists.

4. use TCP interception

After IOS 1 1.3, Cisco introduced TCP interception function, which can effectively prevent SYN Flood from attacking internal hosts. Before the TCP connection request reaches the target host, TCP interception prevents this attack by interception and verification. TCP interception can work in interception and monitoring mode. In intercept mode, the router intercepts the incoming TCP synchronization request and establishes a connection with the client on behalf of the server. If the connection is successful, it establishes a connection between the client and the server and transparently merges the two connections. During the whole connection process, the router will always intercept and send packets. For illegal connection requests, the router provides stricter timeout limit for half-open to prevent its own resources from being exhausted by SYN attacks. In monitoring mode, the router passively observes the connection requests flowing through the router, and if the connection exceeds the configured setup time, the router will close the connection. There are two steps to turn on TCP interception function on Cisco router: one is to configure the extended access list and determine the IP address to be protected; The second is to turn on TCP interception. The purpose of configuring access list is to define the source address and destination address that TCP needs to intercept and protect the internal target host or network. When configuring, users usually need to set the source address to any and specify a specific target network or host. If no access list is configured, the router will allow all requests to pass.

5. Use content-based access control

Content-based Access Control (CBAC) is an extension of Cisco's traditional access list, which intelligently filters TCP and UDP packets according to the session information of the application layer to prevent DoS attacks. CBAC determines the duration of a session and when to delete a semi-connection by setting timeout limits and session thresholds. For TCP, a semi-connection refers to a session that has not completed the three-stage handshake process. For UDP, semi-connection means that the router cannot detect the session that returns traffic.

Related articles
  • How did Pangu the glory of the king transform? The glory of the king Pangu Morphological Transformation Strategy
  • Love rat's Classic Copywriting (55 sentences in Daquan)
  • Is Suzhou ultrasonic scalpel effective for lacrimal groove?
  • Wuhan Zhongyang Eye Hospital | How to get to the Department of Ophthalmology of Wuhan Zhongyang Chinese Medicine Hospital?
  • Siyu Sima's work experience
  • Which hospital in Guilin has better circumcision? how much is it?
  • The baby will be hospitalized for three days. Is it necessary to bring a breast pump?
  • How far is yichang east railway station from Huting District?
  • The story of an arrow on the string
  • What effect does photon rejuvenation have?

    • copyright 2024 Plastic Surgery and Aesthetics Network All rights reserved