From: Tony Paterra (apaterra@gmail.com)
Date: Tue Jul 18 2006 - 15:28:29 ART
All,
I'm curious as to what SMURF attack mitigation features there are...
If I am correct in my understanding of a SMURF attack it is set up as
follows:
The attacker is on a remote segment using a directed broadcast at a
target on your LAN segment
How can we mitigate these attacks?
What I'm aware of (please tell me if I'm off-base or should be doing
more/less)...
-Enable unicast RPF on your WAN interface (stops receiving fake source
addresses)
-No ip directed-broadcast under your LAN interface (stops sending
off-network broadcasts)
-Put an ACL on the WAN interface that does a 'log-input' on the end or
also ip source-track (lets you figure out where your attacker is)
What is the difference between ip source-track and doing a permit ip
any any log-input in an ACL?
Thanks in advance!!!
-- Tony Paterra apaterra@gmail.com
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART