zoukankan      html  css  js  c++  java
  • 配置思科路由阻止sql注入

    Basically, the ASPROX SQL Injection attack appears to be quite commonplace at the moment, but also quite serious.
    To cut it short, there is a 20,000 strong botnet out there trying these attacks against websites which use .asp.
    The tool actually uses google to search for these sites and then attempts to exploit them by inserting an HTML iFrame which downloads a malicious Java Script which then installs a Trojan.

    Carry on reading to find out how to block this on a Cisco router!

    The config is as follows, please bare in mind that you will probably need a reasonably specced router and IOS for this. IP CEF is a pre-requisite. I have tested this on 7200 series, 1700 series and 2600 series so far, leave a comment if you have sucessfully tried this on another router!

    Config:

    The below access list and route-map is used to take any packets that have been tagged with a DSCP value of 1 and route them to a non-existant interface. You will learn how to tag them below!

    access-list 130 permit ip any any dscp 1

    route-map ASPROX_POLICY_ROUTE_BITBUCKET permit 10
    match ip address 130
    set interface Null0

    The below class-map basically tells the router that we want to match when a specific string is seen in a URL. In this case, the string is part of the get request that the attack uses. Note the “\” which are needed before any bracket as a delimiter!

    class-map match-any ASPROX_CLASS
    match protocol http url “*DECLARE%20@S%20VARCHAR\(4000\);SET*”

    The Policy-map below basically tags any packet matching the above class-map with a DSCP value of 1.

    policy-map ASPROX_POL
    class ASPROX_CLASS
    set ip dscp 1

    The rest of the config attaches both the route map and the Service policy to the interface.

    Interface FastEthernet0/0
    ip policy route-map ASPROX_POLICY_ROUTE_BITBUCKET
    service-policy input ASPROX_POL

    To confirm that this is being hit you can do a “show policy-map interface” on the router. You should see the packets incrementing. This of course assumes that you are actually seeing the traffic

  • 相关阅读:
    路由的添加和删除
    extjs中的tabpanle下的combobox提交问题
    Asp.net下from认证统一认证配置
    ASP.NET权限管理系统(FrameWork) 1.0.8 Release
    Web网站架构设计
    手机6120C 玩仙剑dos版
    Extjs 4.07 对类型定义引发的匹配问题
    Supesoft权限管理系统(FrameWork) 1.0.9 Release
    Google静态地图如何显示两点之间路线1(简单路线)
    Chrome不支持showModalDialog模态对话框和无法返回returnValue的问题
  • 原文地址:https://www.cnblogs.com/Safe3/p/1279186.html
Copyright © 2011-2022 走看看