Building network automation solutions

9 module online course

Start now!

2 comments:

  1. Sadly it doesn´t help against http://www.thc.org/thc-ipv6/
    HP and other vendors haven´t any working solution for that on, either.
  2. Chris,
    For sake of time, I was unable to cover all details.

    Using 'deny ip any any undetermined-transport' (where applicable) will actually prevent the fragmented attack.

    Using the ra-guard in the latest software release, you can combine this with an ACL to allow only a specific prefix to be advertized, also blocking the flooding attack.

    :-)
Add comment
Sidebar