Classification ACLs
Another accepted blazon of ACL is the classification, additionally frequently accepted as assuming ACL. It is initially
composed with all admittance statements for the assorted protocols, ports, flags, and so on that could be beatific to any
of these three destinations: an basement device, a accessible server in the adequate zone, or any added device
in the network. In some cases, a allocation ACL can additionally accept any antecedent and the destination IP address
using the keyword any in the ACL. This blazon of ACL is advantageous in classifying and allocation a denial-of-service
(DoS) advance and anecdotic the blazon of cartage and its source. Logging can be acclimated to advance a account of source
addresses that bout the agreement admittance statements. A aftermost band allowing ip any any is appropriate to admittance all
other cartage flow.
Example 2-8 shows a sample ACL that characterizes a doubtable DoS attack. The aboriginal band checks for possible
ICMP Smurf attacks. The additional band checks for any array of TCP SYN attack. The third, fourth, and fifth lines
check for any array of fragment attack. Finally, the aftermost four curve analysis for accepted agreement types. This ACL is a
very basal all-encompassing archetype and can be configured for around any protocol, ports, flags, and so on in a
classification ACL.
Example 2-8. Archetype of DoS Assuming ACL
access-list 101 admittance icmp any any eq echo
access-list 101 admittance tcp any any syn
access-list 101 admittance tcp any any fragment
access-list 101 admittance udp any any fragment
access-list 101 admittance ip any any fragment
access-list 101 admittance tcp any any
access-list 101 admittance udp any any
access-list 101 admittance icmp any any
access-list 101 admittance ip any any
After applying this ACL on the doubtable admission interface, access the appearance access-list command repeatedly
and analysis for the band that shows the accomplished hit counts, advertence the accessible account of the attack. Continue to
tune this ACL to added attenuated bottomward the blazon of cartage until a afterpiece bout is found. This is a actual useful
technique to apparatus beneath a DoS attack, decidedly back you are borderline what blazon of DoS advance is
underway.