From: Chris Lewis (chrlewiscsco@yahoo.com)
Date: Tue Nov 08 2005 - 14:02:42 GMT-3
Strictly speaking smurf is the ICMP form of the attack and fraggle is the UDP version. If you are the person being attacked, smurf will be sending you tons of ICMP echo replies, so that is what you need to either deny or rate limit on the inbound interface of your network. In practice this does you little good as the link will be swamped before you get a chance to deny it. In real life you need the ISP to rate limit this traffic to your site to keep room free on your access link for legitimate traffic.
Chris
cscoitit cscoitit <cscoitit@yahoo.ca> wrote:
Hi Friends,
I have a doubt in smurf attack. How do I log the smurf attack on the interface. In the web smarf attack is defined as icmp echo requests to specific directed broadcast address specifying false source address(victim). ****Do we have to define udp in the access list or is icmp is enough***
I will be writing my exam next week.
my configs as follows:
acl 101 permit icmp any any eq echo log
acl 101 permit icmp any any eq echo-reply log
acl 101 permit ip any any
ip access-group 101 in
---------------------------------
Find your next car at Yahoo! Canada Autos
This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:05 GMT-3