From: Leigh Harrison (ccileigh@gmail.com)
Date: Tue Sep 20 2005 - 12:32:40 GMT-3
Hey chap,
From what I can remember, a smurf attack is icmp and udp echo and echo
replies sent to network and broadcast (0 and 255) addresses.
So something along the lines of:-
access-list 100 deny icmp 0.0.0.255 255.255.255.0 any echo
access-list 100 deny icmp 0.0.0.255 255.255.255.0 any echo-reply
access-list 100 deny icmp 0.0.0.0 255.255.255.0 any echo
access-list 100 deny imcp 0.0.0.0 255.255.255.0 any echo-reply
access-list 100 deny udp 0.0.0.255 255.255.255.0 any echo
access-list 100 deny udp 0.0.0.255 255.255.255.0 any echo-reply
access-list 100 deny udp 0.0.0.0 255.255.255.0 any echo
access-list 100 deny udp 0.0.0.0 255.255.255.0 any echo-reply
You might want to double check that what I think is a smurf attack
actually is a smurf attack !!!
LH
Rajib Khan wrote:
>Hi group,
>
>I looking for ACL to match smurf traffic
>
>Thanks in advance
>
>Raj
>
>
>---------------------------------
>Yahoo! for Good
> Click here to donate to the Hurricane Katrina relief effort.
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3