From: David Redfern \(AU\) (David.Redfern@didata.com.au)
Date: Thu Jul 27 2006 - 19:47:12 ART
Hi Guys,
I've seen a few different acl's for preventing smurf attacks to your
internal network from the backbone.
Although I'm not sure of the best to use.
Just wondering what everyone thinks of one I have come up with below.
The first 4 lines block smurf attacks using my internal network as the
reflector.
(traffic to the network and broadcast address of any of my subnets)
The next 2 lines block my from being the final target of the smurf
attack.
(as this reply could be coming from anywhere and destined to any of my
internal hosts 'any any' is used)
The problem I see is that lines 5 and 6 this will block my internal
pings to the backbone.
Although the backbone can still ping my internal routers so I'm not sure
if this is a problem at all.
What do you guys think.
Can you see any problems with this or is there a better one?
Applied Inbound
deny icmp any 0.0.0.255 255.255.255.0 echo
deny icmp any 0.0.0.0 255.255.255.0 echo
deny udp any 0.0.0.255 255.255.255.0 eq echo
deny udp any 0.0.0.0 255.555.255.0 eq echo
deny icmp any any echo reply
deny upd eny eq echo any
permit any any
*****************************************************************************
*
- NOTICE FROM DIMENSION DATA AUSTRALIA
This message is confidential, and may contain proprietary or legally
privileged information. If you have received this email in error, please
notify the sender and delete it immediately.
Internet communications are not secure. You should scan this message and any
attachments for viruses. Under no circumstances do we accept liability for
any loss or damage which may result from your receipt of this message or any
attachments.
*****************************************************************************
*
This archive was generated by hypermail 2.1.4 : Tue Aug 01 2006 - 07:13:48 ART