RE: Smurf attack question

From: Pete Yeargin \(pyeargin\) (pyeargin@cisco.com)
Date: Thu Mar 03 2005 - 14:36:24 GMT-3

• Next message: marvin greenlee: "RE: Smurf attack question [bcc][faked-from]"
• Previous message: Tony Schaffran: "RE: Smurf attack question"
• Maybe in reply to: Jongsoo.Kim@Intelsat.com: "Smurf attack question"
• Next in thread: Jongsoo.Kim@Intelsat.com: "RE: Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Tony,

The ping is a directed broadcast, but a router has "no ip directed
broadcast" enabled by default. There isn't a command required to add to
the interface based on this requirement. Other than simply limiting
ICMP inbound traffic on the interface, what other options would you
suggest?
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony Schaffran
Sent: Thursday, March 03, 2005 12:31 PM
To: Jongsoo.Kim@Intelsat.com; ccielab@groupstudy.com
Subject: RE: Smurf attack question

If you understand exactly what a SMURF attack is and how it works, it is
pretty simple how to stop it.

There is no single destination. The ping is to the broadcast address.
All hosts in the subnet will reply.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jongsoo.Kim@Intelsat.com
Sent: Thursday, March 03, 2005 9:06 AM
To: ccielab@groupstudy.com
Subject: Smurf attack question

What will be the best method to protect smurf attack?
Let's say R6 has S0/0 and F0/0.
Smurf attack is coming from S0/0.

The confusion is R6 is smurf amplifier or smurf attack's destination ?
If R6 is onesmurf attack amplifier, then I am guessing "no ip
directed-broadcast" is needed in S0/0.
I have no clue if R6 is a smurf attack's destination. I image there
will be a lot of ICMP packet flood.

Please help me to explain this to me?

Regards
  
Jongsoo

############################################################

Building on 40 Years of Leadership - As a global communications leader
with 40 years of experience, Intelsat helps service providers,
broadcasters, corporations and governments deliver information and
entertainment anywhere in the world, instantly, securely and reliably.

############################################################
This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged information.
Any unauthorized review, use, disclosure or distribution is prohibited.
If you are not the intended recipient, please contact the sender by
reply email and destroy all copies of the original message. Any views
expressed in this message are those of the individual sender, except
where the sender specifically states them to be the views of Intelsat,
Ltd. and its subsidiaries.
############################################################

• Next message: marvin greenlee: "RE: Smurf attack question [bcc][faked-from]"
• Previous message: Tony Schaffran: "RE: Smurf attack question"
• Maybe in reply to: Jongsoo.Kim@Intelsat.com: "Smurf attack question"
• Next in thread: Jongsoo.Kim@Intelsat.com: "RE: Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:39 GMT-3