From: mani poopal (mani_ccie@yahoo.com)
Date: Tue May 10 2005 - 08:01:21 GMT-3
Hi Tony,
I got it, thanks
Mani
Tony Schaffran <groupstudy@cconlinelabs.com> wrote:
The other way to stop the smurf attack from passing through your router if
the address is not in the routing table is to use no ip directed-broadcasts.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 8:59 PM
To: 'Security Candidate'; 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack
I guess we would need more information here.
I assumed that the 150.15.0.0/16 address would be on the Ethernet (LAN)
interface and therefore would be in the routing table. RPF would then stop
any packet sourcing from the 150.15.0.0/16 address from entering the Serial
interface, would it not?
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Security Candidate
Sent: Monday, May 09, 2005 8:40 PM
To: mani poopal; Tony Schaffran; ccielab@groupstudy.com
Subject: RE: smurf attack
small correction here , the RPF does not stop packets of source not in the
routing table
what it does is it verifies that the source is in the routing table from the
same interface it should come from , so lets say you have default route to
serial 0 , it means any packet with unknown source should be received from
serial 0 ..not any other interface
hope this help
yahoo.com> wrote:
Hi Tony,
I think the "ip verify unicast reverse-path" command stops packets from
sources of ip address not in the routing table. ie: without verifiable
source address. But this major network is in the routing table of the
router, so how this command stops the smurf attack
thanks
Mani
Tony Schaffran wrote:
Here is the best way to stop a smurf attack.
ip verify unicast reverse-path
The access list was used to filter spoofed IP packets before this command
was introduced.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:52 PM
To: 'Tony Schaffran'; 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack
Disregard my last.
I was thinking of another attack.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony
Schaffran
Sent: Monday, May 09, 2005 6:48 PM
To: 'mani poopal'; ccielab@groupstudy.com
Subject: RE: smurf attack
You need to understand what a SMURF attack is before you can know how to
stop it.
Google it.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of mani
poopal
Sent: Monday, May 09, 2005 6:27 PM
To: ccielab@groupstudy.com
Subject: smurf attack
Hi Group,
If your network(150.15.0.0/16) is subjected to smurf attack how do you
prevent it. Is it attck by inturder stealing your own ip address. Is the
following config is enough to stop the smurf attack.
access-list 101 deny ip 150.15.0.0 0.0.255.255 any
access-list 101 permit ip any any
int s 0
ip access-group 101 in
thanks
Mani
B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
(416)431 9929
MANI_CCIE@YAHOO.COM
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3