Đang chuẩn bị liên kết để tải về tài liệu:
CCSP CSI Exam Certification Guide phần 4

Layer 3 Switch Layer 3 switch cung cấp một số chức năng mô-đun mạng Campus có kích thước trung bình, bao gồm những điều sau đây:Định tuyến và chuyển đổi của sản xuất và quản lý dịch vụ giao thông lớp phân phối chẳng hạn như định tuyến, | 90 Chapter 6 Classifying Rudimentary Network Attacks deployed on the edge router of the network to filter inbound TCP connections but allow connections that are a part of existing connections to originate from the inside of the network. To work around this obstacle the attacker may try a TCP ACK scan a scan in which the ACK bit in the TCP header is set to pass packets through the router s ACLs. When the packets reach their targets the proper response as defined in RFC 793 by a host to an unsolicited TCP ACK packet is either to send a TCP RST packet back to the originator if a service is running on the port in question or to not respond at all if there is no service associated with the port being targeted. Once an attacker has enumerated the hosts on a network the attacker can move on identify the operating system of the target host as well as enumerating the services available in order to try to compromise that host on one of those services. Network reconnaissance cannot be entirely prevented. Blocking ICMP echo and echo-reply scans at the edge router stops ping sweeps but does so at the expense of important diagnostic capabilities. Protecting against network reconnaissance involves a more complex combination of remedies such as ICMP filtering eliminating service banners on hosts and reducing the number of available service on hosts. These techniques are discussed in more detail in Chapter 8. Denial of Service Attacks DoS attacks are not aimed at gaining access to a network or the information on a network but rather at making a service or a network unavailable to legitimate users. DoS attacks fall into two general categories Nondistributed denial of service These attacks are directed against a specific service such as Telnet FTP or some other service. Distributed denial of service DDoS These attacks are directed at a specific host or network with the aim of preventing access to the target by consuming all of the bandwidth to the target. Nondistributed Denial of .