The Process of Detecting Intrusions
So far, you have read a detailed discussion of the various types of attacks. We have also looked at some specific examples of attacks. Now we will look at the general theory behind how such attacks can be prevented and how network intrusions (that is how most of these attacks are classified) can be detected. This builds our path to the more specific discussion of setting up Cisco's IDS in the next chapter. Two main ways of detecting intrusion are generally used in today's ne..
Building Adjacency Information: ARP and Inverse ARP
The CEF adjacency table entries list an outgoing interface and a Layer 2 and Layer 3 address reachable via that interface. The table also includes the entire data link header that should be used to reach that next-hop (adjacent) device. The CEF adjacency table must be built based on the IP routing table, plus other sources. The IP routing table entries include the outgoing interfaces to use and the next-hop device’s IP address. To complete the adjacency table entry for tha..
The trick behind this load balancing lies in the GLBP group. One router is elected the active virtual gateway (AVG). This router has the highest priority value, or the highest IP address in the group, if there is no highest priority. The AVG answers all ARP requests for the virtual router address. Which MAC address it returns depends on which load-balancing algorithm it is configured to use. In any event, the virtual MAC address supported by one of the routers in the group is..
When LWAPP or CAPWAP tunnels are built from a WLC to one or more LAPs, the WLC can begin offering a variety of additional functions. Think of all the puzzles and shortcomings that were discussed for the traditional WLAN architecture as you read over the following list of WLC activities: ■ Dynamic channel assignment—The WLC chooses and configures the RF channel used by each LAP based on other active access points in the area. ■ Transmit power optimization—The WLC sets..
