Re: smurf attacks

From: Zack Damen (zack@supertux.com)
Date: Tue Oct 19 2004 - 13:54:30 GMT-3

• Next message: chilins@seed.net.tw: "Re: Shaping Vs Policing"
• Previous message: Michael Chen-TM: "Auto-summary for EIGRP and RIP v2"
• Maybe in reply to: John Matus: "smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

John,

Try looking more at the command in the access list called log-input, that
will do the smurf blocking and protecting for you.

Regards

Zack

At 09:47 PM 10/19/2004, John Matus wrote:
>so if there was an exam question that asked you to block smurf attacks
>would you do
>
>no ip directed broadcast
>
>and
>
>acl filter for icmp echo and echo-replies?
>
>
>Regards,
>
>John D. Matus
>MCSE, CCNP
>Office: 818-782-2061
>Cell: 818-430-8372
>jmatus@pacbell.net
>----- Original Message ----- From: "Mike Calhoon" <mcalhoon27@earthlink.net>
>To: "'John Matus'" <jmatus@pacbell.net>
>Cc: "'lab'" <ccielab@groupstudy.com>
>Sent: Monday, October 11, 2004 9:41 PM
>Subject: RE: smurf attacks
>
>
>>Here is a link I found a while back...
>>
>>http://www.cisco.com/warp/public/707/22.html
>>
>>Mike
>>
>>
>>-----Original Message-----
>>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>>James
>>Sent: Monday, October 11, 2004 11:13 PM
>>To: John Matus
>>Cc: lab
>>Subject: Re: smurf attacks
>>
>>On Mon, Oct 11, 2004 at 08:02:05PM -0700, John Matus wrote:
>>>how does one stop a smurf attack?
>>
>>no ip directed-broadcast
>>
>>Note that it won't really stop the attack per se, but will prevent your
>>network from being used as amplifier for the attack. smurf is rarely a
>>concern in real world today though since most router vendors disable
>>directed
>>broadcast by default.
>>
>>What's real threat today are big big bot nets and spoofed addr floodings
>>that
>>can easily kill a GigE of internet transit.
>>
>>HTH,
>>-J
>>
>>
>>--
>>James Jun TowardEX Technologies,
>>Inc.
>>Technical Lead Network Design, Consulting, IT
>>Outsourcing
>>james@towardex.com Boston-based Colocation & Bandwidth
>>Services
>>cell: 1(978)-394-2867 web: http://www.towardex.com , noc:
>>www.twdx.net
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>>
>>_______________________________________________________________________
>>Subscription information may be found at:
>>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: chilins@seed.net.tw: "Re: Shaping Vs Policing"
• Previous message: Michael Chen-TM: "Auto-summary for EIGRP and RIP v2"
• Maybe in reply to: John Matus: "smurf attacks"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:49 GMT-3