RE: smurf attack

From: Security Candidate (doubleccie@yahoo.com)
Date: Tue May 10 2005 - 00:40:24 GMT-3

• Next message: Cisco Expert: "RE: smurf attack"
• Previous message: mani poopal: "RE: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Cisco Expert: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

small correction here , the RPF does not stop packets of source not in the routing table
 
what it does is it verifies that the source is in the routing table from the same interface it should come from , so lets say you have default route to serial 0 , it means any packet with unknown source should be received from serial 0 ..not any other interface
 
hope this help

yahoo.com> wrote:
Hi Tony,

I think the "ip verify unicast reverse-path" command stops packets from sources of ip address not in the routing table. ie: without verifiable source address. But this major network is in the routing table of the router, so how this command stops the smurf attack

thanks

Mani

Tony Schaffran wrote:
Here is the best way to stop a smurf attack.

ip verify unicast reverse-path

The access list was used to filter spoofed IP packets before this command
was introduced.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:52 PM
To: 'Tony Schaffran'; 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack

Disregard my last.

I was thinking of another attack.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:48 PM
To: 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack

You need to understand what a SMURF attack is before you can know how to
stop it.

Google it.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of mani
poopal
Sent: Monday, May 09, 2005 6:27 PM
To: ccielab@groupstudy.com
Subject: smurf attack

Hi Group,

If your network(150.15.0.0/16) is subjected to smurf attack how do you
prevent it. Is it attck by inturder stealing your own ip address. Is the
following config is enough to stop the smurf attack.

access-list 101 deny ip 150.15.0.0 0.0.255.255 any
access-list 101 permit ip any any

int s 0
ip access-group 101 in

thanks

Mani

B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM

• Next message: Cisco Expert: "RE: smurf attack"
• Previous message: mani poopal: "RE: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Cisco Expert: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3