From: Sean C (Upp_and_Upp@hotmail.com)
Date: Tue Jul 18 2006 - 16:51:20 ART
Hi Tony,
There was an excellent thread on this last year on GroupStudy. In
particular, Jongsoo did a great job at describing the differences between
smurf-amplifier and the spoofed source-target:
http://shop.groupstudy.com/archives/ccielab/200505/msg00716.html
Also, one of the follow-up emails (from Tim ie: ccie2be) documents the info
from Cisco Router Security Firewall (which is a great book to learn about
various things you might see in the Security section on the lab).
HTH,
Sean
----- Original Message -----
From: "Tony Paterra" <apaterra@gmail.com>
To: "Cisco certification" <ccielab@groupstudy.com>
Sent: Tuesday, July 18, 2006 2:28 PM
Subject: SMURF attack mitigation features...
> All,
> I'm curious as to what SMURF attack mitigation features there are...
> If I am correct in my understanding of a SMURF attack it is set up as
> follows:
>
> The attacker is on a remote segment using a directed broadcast at a
> target on your LAN segment
>
> How can we mitigate these attacks?
>
> What I'm aware of (please tell me if I'm off-base or should be doing
> more/less)...
>
> -Enable unicast RPF on your WAN interface (stops receiving fake source
> addresses)
> -No ip directed-broadcast under your LAN interface (stops sending
> off-network broadcasts)
> -Put an ACL on the WAN interface that does a 'log-input' on the end or
> also ip source-track (lets you figure out where your attacker is)
>
> What is the difference between ip source-track and doing a permit ip
> any any log-input in an ACL?
>
> Thanks in advance!!!
> --
> Tony Paterra
> apaterra@gmail.com
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART