RE: smurf attack

From: Cisco Expert (ciscoexpert2@yahoo.com)
Date: Tue May 10 2005 - 00:48:05 GMT-3

• Next message: Tony Schaffran: "RE: smurf attack"
• Previous message: Security Candidate: "RE: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Tony Schaffran: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A smurf attack is when a target is flooded with echo-replies (ICMP). When someone does a smurf attack they send echos to broadcast addresses. The return address is usually spoofed with your network. A good way to prevent from being attacked is to limit ICMP on your perimeter.

mani poopal <mani_ccie@yahoo.com> wrote:Hi Tony,

I think the "ip verify unicast reverse-path" command stops packets from sources of ip address not in the routing table. ie: without verifiable source address. But this major network is in the routing table of the router, so how this command stops the smurf attack

thanks

Mani

Tony Schaffran wrote:
Here is the best way to stop a smurf attack.

ip verify unicast reverse-path

The access list was used to filter spoofed IP packets before this command
was introduced.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:52 PM
To: 'Tony Schaffran'; 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack

Disregard my last.

I was thinking of another attack.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:48 PM
To: 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack

You need to understand what a SMURF attack is before you can know how to
stop it.

Google it.

Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE

www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of mani
poopal
Sent: Monday, May 09, 2005 6:27 PM
To: ccielab@groupstudy.com
Subject: smurf attack

Hi Group,

If your network(150.15.0.0/16) is subjected to smurf attack how do you
prevent it. Is it attck by inturder stealing your own ip address. Is the
following config is enough to stop the smurf attack.

access-list 101 deny ip 150.15.0.0 0.0.255.255 any
access-list 101 permit ip any any

int s 0
ip access-group 101 in

thanks

Mani

B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM

• Next message: Tony Schaffran: "RE: smurf attack"
• Previous message: Security Candidate: "RE: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Tony Schaffran: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3