From: Chirag Arora (carora1977@gmail.com)
Date: Tue Jul 18 2006 - 15:59:11 ART
Hi tony
No ip directed-broadcast is the important thing for mitigating the smurf
attack. Though URPF can be enabled but it should be taken care that
asymetric routing isn't happening in the network. Also other parameters such
as source routing should also be disabled ( which usually are by default)
HTH
On 7/18/06, Tony Paterra <apaterra@gmail.com> wrote:
>
> All,
> I'm curious as to what SMURF attack mitigation features there are...
> If I am correct in my understanding of a SMURF attack it is set up as
> follows:
>
> The attacker is on a remote segment using a directed broadcast at a
> target on your LAN segment
>
> How can we mitigate these attacks?
>
> What I'm aware of (please tell me if I'm off-base or should be doing
> more/less)...
>
> -Enable unicast RPF on your WAN interface (stops receiving fake source
> addresses)
> -No ip directed-broadcast under your LAN interface (stops sending
> off-network broadcasts)
> -Put an ACL on the WAN interface that does a 'log-input' on the end or
> also ip source-track (lets you figure out where your attacker is)
>
> What is the difference between ip source-track and doing a permit ip
> any any log-input in an ACL?
>
> Thanks in advance!!!
> --
> Tony Paterra
> apaterra@gmail.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Chirag
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:47 ART