RE: Smurf attack question [bcc][faked-from]

From: marvin greenlee (marvin@ccbootcamp.com)
Date: Thu Mar 03 2005 - 14:40:26 GMT-3

• Next message: Jongsoo.Kim@Intelsat.com: "RE: Smurf attack question"
• Previous message: Pete Yeargin \(pyeargin\): "RE: Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Cisco - Characterizing and Tracing Packet Floods Using Cisco Routers -
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.
shtml

Cisco - Using CAR During DOS Attacks -
http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_tech_note091
86a00800fb50a.shtml

Marvin Greenlee, CCIE#12237, CCSI# 30483
Network Learning Inc
marvin@ccbootcamp.com
www.ccbootcamp.com (Cisco Training)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Thursday, March 03, 2005 9:31 AM
To: Jongsoo.Kim@Intelsat.com; ccielab@groupstudy.com
Subject: RE: Smurf attack question [bcc][faked-from]
Importance: Low

If you understand exactly what a SMURF attack is and how it works, it is
pretty simple how to stop it.

There is no single destination. The ping is to the broadcast address. All
hosts in the subnet will reply.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
 
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jongsoo.Kim@Intelsat.com
Sent: Thursday, March 03, 2005 9:06 AM
To: ccielab@groupstudy.com
Subject: Smurf attack question

What will be the best method to protect smurf attack?
Let's say R6 has S0/0 and F0/0.
Smurf attack is coming from S0/0.

The confusion is R6 is smurf amplifier or smurf attack's destination ?
If R6 is onesmurf attack amplifier, then I am guessing "no ip
directed-broadcast" is needed in S0/0.
I have no clue if R6 is a smurf attack's destination. I image there will be
a lot of ICMP packet flood.

Please help me to explain this to me?

Regards
  
Jongsoo

############################################################

Building on 40 Years of Leadership - As a global communications leader with
40 years of experience, Intelsat helps service providers,
broadcasters, corporations and governments deliver information and
entertainment anywhere in the world, instantly, securely and reliably.

############################################################
This email message is for the sole use of the intended
recipient(s) and may contain confidential and privileged
information. Any unauthorized review, use, disclosure or
distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and
destroy all copies of the original message. Any views
expressed in this message are those of the individual
sender, except where the sender specifically states them
to be the views of Intelsat, Ltd. and its subsidiaries.
############################################################

• Next message: Jongsoo.Kim@Intelsat.com: "RE: Smurf attack question"
• Previous message: Pete Yeargin \(pyeargin\): "RE: Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:39 GMT-3