ICMP and UDP flooding

From: Stefan Grey (examplebrain@hotmail.com)
Date: Thu Oct 06 2005 - 12:57:56 GMT-3

• Next message: Edwards, Andrew M: "RE: ICMP and UDP flooding"
• Previous message: mani poopal: "Re: Reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi group,

I have the task to logg ICMP and UDP flooding attacks (come to interface
s0/0). What would be the correct solution for this??

1.

config#ip access-list extended ICMPTRACK
config-ext-acl#permit icmp any any echo log input
config-ext-acl#permit icmp any any echo-reply log input

2. config-ext-acl#permit icmp any 0.0.0.255 255.255.255.0 echo log input
config-ext-acl#permit icmp any 0.0.0.255 255.255.255.0 echo-reply log input

Which of the above solutions would be the correct one for ICMP flooding
attack?? Or neighter one?? Which would be correct one.

And great question about UDP. How to track the UDP flooding than?? UDP
doesn't have pings.

at the end of this access-list might be:
interface s0
ip access-group ICMPTRACK out

Thanks.

• Next message: Edwards, Andrew M: "RE: ICMP and UDP flooding"
• Previous message: mani poopal: "Re: Reflexive access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3