LAYER 3

1. IP Security/Attacks

Assessing handling of IP spoofing

Assessing handling of IP fragmentation and fragment overlapping

Assessing IPID sequences and zombie scan host vulnerability

Assessing handling of oversized and incorrect checksum raw IP packets

Assessing NAT/PAT operations and DMZ implementation

Assessing the response to protocol type scans

Assessing handling IP options and vulnerability to strict and loose source routingbased attacks

Assessing broadcast/directed broadcast traffic filtering/ smurf protection Mapping Layer 3 access lists

2. ICMP Security/Attacks

Assessing redirection attacks via ICMP types 5, 9, and 10

Assessing ICMP queries ( netmask , time)

Assessing handling oversized and incorrect checksum ICMP packets and ICMP source quench flooding effects

Assessing ICMP filtering settings and capabilities

Performing ICMP-based fuzzy OS fingerprinting

3. IGMP Security/Attacks

Assessing handling oversized, fragmented , and incorrect checksum IGMP packets

Assessing DOCSIS security compliance of the IGMP implementation

4. Tunneling Protocols Security/Attacks

Assessing security and stability of Layer 3 tunneling protocols (IPIP, GRE) implementation. Tunnel sniffing and insertion attacks

5. Routing Protocols Security/Attacks

Assessing authentication security and route injection/traffic redirection for RIP

Assessing authentication security and route injection/traffic redirection for IGRP and EIGRP

Assessing authentication security and route injection/traffic redirection for OSPF

Assessing authentication security and route injection/traffic redirection for iBGP and eBGP

Assessing routing information leakage/passive ports implementation

Assessing route distribution lists implementation and function

6. Resilience/Fall-back Protocols Security/Attacks

Assessing authentication security and traffic redirection for HSRP and VRRP

7. Security Protocols Implementation and Attacks

Mapping IPSec implementations

Assessing IPSec traffic forwarding

Assessing IPSec concentrator function

Assessing IPSec ciphers and compression support (hardware/software)

Assessing IPSec modes and authenticator types

Assessing security of other Layer 3 security protocols (for example, VTUN)



Hacking Exposed Cisco Networks
Hacking Exposed Cisco Networks: Cisco Security Secrets & Solutions
ISBN: 0072259175
EAN: 2147483647
Year: 2005
Pages: 117

Similar book on Amazon

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net