HostedDB - Dedicated UNIX Servers
index_197
   UNCLASSIFIED Testing and Security Validation Version 1.0g  UNCLASSIFIED 197   6.3.2.   Attack Tests Attack testing can provide some assessment of the router’s robustness, i.e., how the router will perform under the stress of an attack.    WARNING: RUNNING ATTACK SCRIPTS AGAINST AN OPERATIONAL ROUTER MAY DEGRADE ROUTER PERFORMANCE, OR EVEN CAUSE THE ROUTER TO CRASH !    If the filters are improperly configured, or not applied to the interface, some of these attacks will have the same effect as a “real” attack from a malicious source.    DO NOT perform attack testing against an operational router without first considering the possible consequences and having a recovery plan.  If possible, perform testing in a lab or testbed environment rather than the operational environment.  If you do perform testing on the operational network, make sure that all attack testing is coordinated with those responsible for the network and choose a test time when the network usage is likely to be low. Connecting to an outside network exposes the internal network and the perimeter router to many potential risks.  One of the most important security concerns is access to the router itself. Physical security of the router should provide protection from close-in access.  On the network, remote access must be limited using authenticated logins or, if possible, remote logins should be disabled.  To test the remote availability, telnet to the router.  The router should either refuse the request or prompt for a password. For a more detailed discussion of Cisco router access security and remote administration, consult Section 4.1, and the Cisco whitepaper “Improving Security on Cisco Routers” [1].   Once access to the router has been secured, the network is still at risk of attack.   Some of the most common attacks on the internet are denial of service (DoS) attacks.   DoS attacks are typically based on high-bandwidth packet floods or other repetitive packet streams.  The easy availability and effectiveness of DoS scripts on the internet make these attacks a favorite among hackers, particularly those without the skill to create their own tools.  For a general overview of DoS, visit the CERT site: http://www.cert.org/tech_tips/denial_of_service.html.  For more information on the effects of DoS attacks, including recent developments and links to specific DoS advisories, visit: http://www.cert.org/summaries/.     One very popular DoS attack is the ‘smurf’ attack.  This attack has at least two victims – a target system and one or more reflector systems.  The attacker sends a continuous stream of ICMP echo requests (‘pings’) to the broadcast address of a reflector subnet.  The source address in these packets is falsified to be the address of the ultimate target.  Each packet generates a response from all hosts on the reflector subnet, flooding the target and wasting bandwidth for both victims. The reflector networks receiving these echo requests can prevent the attack by using the no ip directed-broadcast command (see Section 4.2).  For a detailed discussion of the smurf attack, read Craig Huegen’s paper [9]