zoukankan      html  css  js  c++  java
  • 配置思科路由阻止sql注入

    Basically, the ASPROX SQL Injection attack appears to be quite commonplace at the moment, but also quite serious.
    To cut it short, there is a 20,000 strong botnet out there trying these attacks against websites which use .asp.
    The tool actually uses google to search for these sites and then attempts to exploit them by inserting an HTML iFrame which downloads a malicious Java Script which then installs a Trojan.

    Carry on reading to find out how to block this on a Cisco router!

    The config is as follows, please bare in mind that you will probably need a reasonably specced router and IOS for this. IP CEF is a pre-requisite. I have tested this on 7200 series, 1700 series and 2600 series so far, leave a comment if you have sucessfully tried this on another router!

    Config:

    The below access list and route-map is used to take any packets that have been tagged with a DSCP value of 1 and route them to a non-existant interface. You will learn how to tag them below!

    access-list 130 permit ip any any dscp 1

    route-map ASPROX_POLICY_ROUTE_BITBUCKET permit 10
    match ip address 130
    set interface Null0

    The below class-map basically tells the router that we want to match when a specific string is seen in a URL. In this case, the string is part of the get request that the attack uses. Note the “\” which are needed before any bracket as a delimiter!

    class-map match-any ASPROX_CLASS
    match protocol http url “*DECLARE%20@S%20VARCHAR\(4000\);SET*”

    The Policy-map below basically tags any packet matching the above class-map with a DSCP value of 1.

    policy-map ASPROX_POL
    class ASPROX_CLASS
    set ip dscp 1

    The rest of the config attaches both the route map and the Service policy to the interface.

    Interface FastEthernet0/0
    ip policy route-map ASPROX_POLICY_ROUTE_BITBUCKET
    service-policy input ASPROX_POL

    To confirm that this is being hit you can do a “show policy-map interface” on the router. You should see the packets incrementing. This of course assumes that you are actually seeing the traffic

  • 相关阅读:
    ASP获取客户端硬件信息(CPU、硬盘、主板、mac地址等)
    Java(多态)动手动脑
    每周进度条(第二周)
    Java(异常处理)动手动脑
    软件工程概论课后作业1
    mysqlmmm官方安装指南翻译
    Mysql 字符集的修改步骤
    Amoeba搞定mysql主从读写分离
    邮件系统postfix安装和设置
    mysqlmmm实现mysql高可用
  • 原文地址:https://www.cnblogs.com/Safe3/p/1279186.html
Copyright © 2011-2022 走看看