Re: smurf attacks

From: John Matus (jmatus@pacbell.net)
Date: Wed Oct 20 2004 - 01:47:30 GMT-3

• Next message: Mike Flanagan: "Re: Seeing Quad 0's in show frame relay map command"
• Previous message: John Matus: "Re: regex question for bgp"
• Maybe in reply to: John Matus: "smurf attacks"
• Next in thread: Zack Damen: "Re: smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

so if there was an exam question that asked you to block smurf attacks would
you do

no ip directed broadcast

and

acl filter for icmp echo and echo-replies?

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Mike Calhoon" <mcalhoon27@earthlink.net>
To: "'John Matus'" <jmatus@pacbell.net>
Cc: "'lab'" <ccielab@groupstudy.com>
Sent: Monday, October 11, 2004 9:41 PM
Subject: RE: smurf attacks

> Here is a link I found a while back...
>
> http://www.cisco.com/warp/public/707/22.html
>
> Mike
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> James
> Sent: Monday, October 11, 2004 11:13 PM
> To: John Matus
> Cc: lab
> Subject: Re: smurf attacks
>
> On Mon, Oct 11, 2004 at 08:02:05PM -0700, John Matus wrote:
>> how does one stop a smurf attack?
>
> no ip directed-broadcast
>
> Note that it won't really stop the attack per se, but will prevent your
> network from being used as amplifier for the attack. smurf is rarely a
> concern in real world today though since most router vendors disable
> directed
> broadcast by default.
>
> What's real threat today are big big bot nets and spoofed addr floodings
> that
> can easily kill a GigE of internet transit.
>
> HTH,
> -J
>
>
> --
> James Jun TowardEX
> Technologies,
> Inc.
> Technical Lead Network Design, Consulting, IT
> Outsourcing
> james@towardex.com Boston-based Colocation & Bandwidth
> Services
> cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
> www.twdx.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mike Flanagan: "Re: Seeing Quad 0's in show frame relay map command"
• Previous message: John Matus: "Re: regex question for bgp"
• Maybe in reply to: John Matus: "smurf attacks"
• Next in thread: Zack Damen: "Re: smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:47 GMT-3