When shunning, why should the shun length be kept short?

You are the administrator at Certkiller Inc. and you working on shunning attacks to the network. When shunning, why should the shun length be kept short?

You are the administrator at Certkiller Inc. and you working on shunning attacks to the network. When shunning, why should the shun length be kept short?

A.
You should keep it short to eliminate blocking traffic from an invalid address that was spoofed previously.

B.
You should keep it short to prevent unwanted traffic from being routed.

C.
You should keep it short to prevent TCP resets from occurring.

D.
You should keep it short to eliminate blocking traffic from a valid address that was spoofed previously.

Explanation:

To mitigate the risks of shunning, you should generally use it only on TCP traffic, which is much more difficult to successfully spoof than UDP. Use it only in cases where the threat is real and the chance that the attack is a false positive is very low. Also consider setting the shun length very short. This setup will block the user long enough to allow the administrator to decide what permanent action (if any) he/she wants to take against that IP address. However, in the interior of a network, many more options exist. With effectively deployed RFC 2827 filtering, spoofed traffic should be very limited. Also, because customers are not generally on the internal network, you can take a more restrictive stance against internally originated attack attempts. Another reason for this is that internal networks do not often have the same level of stateful filtering that edge connections possess. As such, IDS needs to be more heavily relied upon than in the external environment.
Reference: Safe white papers; 8
SAFE: Extending the Security Blueprint to Small, Midsize, and Remote-User Networks



Leave a Reply 0

Your email address will not be published. Required fields are marked *