Re: smurf attack

From: Oliver Grenham (ogrenham@optusnet.com.au)
Date: Thu May 12 2005 - 12:32:54 GMT-3

• Next message: Oliver Grenham: "Re: neighbor priority on NBMA"
• Previous message: Jamie Caesar: "Re: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Jongsoo kim: "Re: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I believe if you get this question on the exam then the destination of the
attack may have its ethernet interface configured with #ip
directed-broadcast. Remember that this is no not the default so that may
indicate that #no ip directed-broadcast may be the solution.

Just my thoughts!

Ollie.
----- Original Message -----
From: "Keane, James" <James.Keane@agriculture.gov.ie>
To: "mani poopal" <mani_ccie@yahoo.com>; "Tony Schaffran"
<groupstudy@cconlinelabs.com>; "Security Candidate" <doubleccie@yahoo.com>;
<ccielab@groupstudy.com>
Sent: Thursday, May 12, 2005 4:21 PM
Subject: RE: smurf attack

> Did you get a positive resolution on this ?
>
> Which is better to use in the prevention of the smurf attack ?
>
> ip verify unicast reverse-path
>
> or
>
> no ip directed-broadcasts
>
> or both ?
>
> -----Original Message-----
> From: mani poopal [mailto:mani_ccie@yahoo.com]
> Sent: 10 May 2005 12:01
> To: Tony Schaffran; 'Security Candidate'; ccielab@groupstudy.com
> Subject: RE: smurf attack
>
>
> Hi Tony,
>
> I got it, thanks
>
> Mani
>
> Tony Schaffran <groupstudy@cconlinelabs.com> wrote:
> The other way to stop the smurf attack from passing through your router if
> the address is not in the routing table is to use no ip
directed-broadcasts.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony
> Schaffran
> Sent: Monday, May 09, 2005 8:59 PM
> To: 'Security Candidate'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: smurf attack
>
>
> I guess we would need more information here.
>
> I assumed that the 150.15.0.0/16 address would be on the Ethernet (LAN)
> interface and therefore would be in the routing table. RPF would then stop
> any packet sourcing from the 150.15.0.0/16 address from entering the
Serial
> interface, would it not?
>
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Security Candidate
> Sent: Monday, May 09, 2005 8:40 PM
> To: mani poopal; Tony Schaffran; ccielab@groupstudy.com
> Subject: RE: smurf attack
>
>
> small correction here , the RPF does not stop packets of source not in the
> routing table
>
> what it does is it verifies that the source is in the routing table from
the
> same interface it should come from , so lets say you have default route to
> serial 0 , it means any packet with unknown source should be received from
> serial 0 ..not any other interface
>
> hope this help
>
>
> yahoo.com> wrote:
> Hi Tony,
>
> I think the "ip verify unicast reverse-path" command stops packets from
> sources of ip address not in the routing table. ie: without verifiable
> source address. But this major network is in the routing table of the
> router, so how this command stops the smurf attack
>
> thanks
>
> Mani
>
> Tony Schaffran wrote:
> Here is the best way to stop a smurf attack.
>
> ip verify unicast reverse-path
>
> The access list was used to filter spoofed IP packets before this command
> was introduced.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony
> Schaffran
> Sent: Monday, May 09, 2005 6:52 PM
> To: 'Tony Schaffran'; 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: smurf attack
>
>
> Disregard my last.
>
> I was thinking of another attack.
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Tony
> Schaffran
> Sent: Monday, May 09, 2005 6:48 PM
> To: 'mani poopal'; ccielab@groupstudy.com
> Subject: RE: smurf attack
>
>
> You need to understand what a SMURF attack is before you can know how to
> stop it.
>
> Google it.
>
>
> Tony Schaffran
> Network Analyst
> CCIE #11071
> CCNP, CCNA, CCDA,
> NNCDS, NNCSS, CNE, MCSE
>
> www.cconlinelabs.com
> Your #1 choice for online Cisco rack rentals.
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
mani
> poopal
> Sent: Monday, May 09, 2005 6:27 PM
> To: ccielab@groupstudy.com
> Subject: smurf attack
>
>
> Hi Group,
>
> If your network(150.15.0.0/16) is subjected to smurf attack how do you
> prevent it. Is it attck by inturder stealing your own ip address. Is the
> following config is enough to stop the smurf attack.
>
> access-list 101 deny ip 150.15.0.0 0.0.255.255 any
> access-list 101 permit ip any any
>
> int s 0
> ip access-group 101 in
>
> thanks
>
> Mani
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
>
> ---------------------------------
> Yahoo! Mail
> Stay connected, organized, and protected. Take the tour
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> B.ENG,A+,CCNA,CCNP,CCNP-VOICE, CSS1,CNA,MCSE
> (416)431 9929
> MANI_CCIE@YAHOO.COM
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> **********************************************************************
> *********** Department of Agriculture and Food ***************
>
> The information contained in this email and in any
> attachments is confidential and is designated solely
> for the attention and use of the intended recipient(s).
> This information may be subject to legal and professional
> privilege. If you are not an intended recipient of
> this email, you must not use, disclose, copy,
> distribute or retain this message or any part of it.
> If you have received this email in error, please
> notify the sender immediately and delete all copies of
> this email from your computer system(s).
> **********************************************************************
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Oliver Grenham: "Re: neighbor priority on NBMA"
• Previous message: Jamie Caesar: "Re: smurf attack"
• Maybe in reply to: mani poopal: "smurf attack"
• Next in thread: Jongsoo kim: "Re: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:57 GMT-3