RE: smurf attack

From: Jim Dixon (JDixon@communigroup.com)
Date: Tue Sep 20 2005 - 12:42:42 GMT-3

• Next message: kevin gannon: "Re: isdn call back problem"
• Previous message: Christopher M. Heffner: "RE: Catalyst Specialties Question Interpretation"
• Maybe in reply to: Rajib Khan: "smurf attack"
• Next in thread: Arun Arumuganainar: "Re: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.cisco.com/warp/public/707/newsflash.html

http://www.cert.org/advisories/CA-1998-01.html

-----Original Message-----
From: Leigh Harrison [mailto:ccileigh@gmail.com]
Sent: Tuesday, September 20, 2005 10:33 AM
To: Rajib Khan
Cc: ccielab@groupstudy.com
Subject: Re: smurf attack

Hey chap,

 From what I can remember, a smurf attack is icmp and udp echo and echo
replies sent to network and broadcast (0 and 255) addresses.

So something along the lines of:-

access-list 100 deny icmp 0.0.0.255 255.255.255.0 any echo
access-list 100 deny icmp 0.0.0.255 255.255.255.0 any echo-reply
access-list 100 deny icmp 0.0.0.0 255.255.255.0 any echo
access-list 100 deny imcp 0.0.0.0 255.255.255.0 any echo-reply
access-list 100 deny udp 0.0.0.255 255.255.255.0 any echo
access-list 100 deny udp 0.0.0.255 255.255.255.0 any echo-reply
access-list 100 deny udp 0.0.0.0 255.255.255.0 any echo
access-list 100 deny udp 0.0.0.0 255.255.255.0 any echo-reply

You might want to double check that what I think is a smurf attack actually
is a smurf attack !!!

LH

>Hi group,
>
>I looking for ACL to match smurf traffic
>
>Thanks in advance
>
>Raj

• Next message: kevin gannon: "Re: isdn call back problem"
• Previous message: Christopher M. Heffner: "RE: Catalyst Specialties Question Interpretation"
• Maybe in reply to: Rajib Khan: "smurf attack"
• Next in thread: Arun Arumuganainar: "Re: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3