From: Chris Lewis (chrlewiscsco@gmail.com)
Date: Sun Apr 09 2006 - 16:32:25 GMT-3
Hmmm,
If I may, I'd like to re-phrase this question a little.
The SMURF attack involves three parties, the attacker, the reflector network
and the victim. The attacker sends spoofed packets with the source address
of the attackee to a subnet broadcast address in a reflector network. When
the reflector network receives this spoofed packet, all hosts on the subnet
send an echo-reply to the victom network. So if you are a victim, you will
see lots of echo-reply packets coming in toyou destined to your network
address space.
A similar attack is called Fraggle which uses UDP echo instead of ICMP echo.
So from what you state, I interpret the question to be;
1. How do you protect your internal network from a SMURF attack
2. How do you stop your network from being a reflector for either a SMURF or
Fraggle attack.
The first is to configure an ACL denying icmp echo-replies, or at least
rate-limiting them.
The second is to configure no ip directed broadcasts
Chris
On 4/8/06, emmanuel daniel <emmanueldan@gmail.com> wrote:
>
> Hi
>
> i have two questions in access list if we want to deny smruf attack in
> dos
> what are the packet i should deny
> & what are the packets i should deny for protocol flooding in icmp and udp
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:56 GMT-3