RE: Smurf attack question

From: Zack Damen (zack@supertux.com)
Date: Tue Mar 08 2005 - 14:38:47 GMT-3

• Next message: Larry Roberts: "Re: ISDN & "no cdp enable" command"
• Previous message: Richard Dumoulin: "RE: ISDN & "no cdp enable" command"
• Maybe in reply to: Jongsoo.Kim@Intelsat.com: "Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

take a look at log-input

At 09:36 AM 3/3/2005, Pete Yeargin \(pyeargin\) wrote:
>Tony,
>
>The ping is a directed broadcast, but a router has "no ip directed
>broadcast" enabled by default. There isn't a command required to add to
>the interface based on this requirement. Other than simply limiting
>ICMP inbound traffic on the interface, what other options would you
>suggest?
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Tony Schaffran
>Sent: Thursday, March 03, 2005 12:31 PM
>To: Jongsoo.Kim@Intelsat.com; ccielab@groupstudy.com
>Subject: RE: Smurf attack question
>
>If you understand exactly what a SMURF attack is and how it works, it is
>pretty simple how to stop it.
>
>There is no single destination. The ping is to the broadcast address.
>All hosts in the subnet will reply.
>
>Tony Schaffran
>Network Analyst
>CCIE #11071
>CCNP, CCNA, CCDA,
>NNCDS, NNCSS, CNE, MCSE
>
>www.cconlinelabs.com
>Your #1 choice for online Cisco rack rentals.
>
>
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
>Jongsoo.Kim@Intelsat.com
>Sent: Thursday, March 03, 2005 9:06 AM
>To: ccielab@groupstudy.com
>Subject: Smurf attack question
>
>
>What will be the best method to protect smurf attack?
>Let's say R6 has S0/0 and F0/0.
>Smurf attack is coming from S0/0.
>
>
>The confusion is R6 is smurf amplifier or smurf attack's destination ?
>If R6 is onesmurf attack amplifier, then I am guessing "no ip
>directed-broadcast" is needed in S0/0.
>I have no clue if R6 is a smurf attack's destination. I image there
>will be a lot of ICMP packet flood.
>
>Please help me to explain this to me?
>
>
>Regards
>
>Jongsoo
>
>############################################################
>
>Building on 40 Years of Leadership - As a global communications leader
>with 40 years of experience, Intelsat helps service providers,
>broadcasters, corporations and governments deliver information and
>entertainment anywhere in the world, instantly, securely and reliably.
>
>############################################################
>This email message is for the sole use of the intended
>recipient(s) and may contain confidential and privileged information.
>Any unauthorized review, use, disclosure or distribution is prohibited.
>If you are not the intended recipient, please contact the sender by
>reply email and destroy all copies of the original message. Any views
>expressed in this message are those of the individual sender, except
>where the sender specifically states them to be the views of Intelsat,
>Ltd. and its subsidiaries.
>############################################################
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html

• Next message: Larry Roberts: "Re: ISDN & "no cdp enable" command"
• Previous message: Richard Dumoulin: "RE: ISDN & "no cdp enable" command"
• Maybe in reply to: Jongsoo.Kim@Intelsat.com: "Smurf attack question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 03 2005 - 17:56:43 GMT-3