Home > Articles > Cisco Certification > CCIE > CCIE Security Practice Labs

CCIE Security Practice Labs

Section 10.0: Security Violations

10.1: Denial of Service—DoS

  1. Configure CAR (rate-limit) on R3 to prevent ICMP flooding:

  2. interface Serial1/0.1 point-to-point
     ip address 10.50.13.2 255.255.255.240
    rate-limit input access-group 110 560000 256000 384000 conform-action continue exceed-action drop
    !
    interface Serial1/0.3 point-to-point
     ip address 10.50.13.18 255.255.255.240
    rate-limit input access-group 110 560000 256000 384000 conform-action continue exceed-action drop
     !
    access-list 110 permit icmp any any

10.2: IP Spoofing

  1. Configure Unicast RPF IP spoofing protection on PIX for inside and outside interfaces:

  2. pix# show ip verify
    ip verify reverse-path interface outside
    ip verify reverse-path interface inside