From: Anderson Mota Alves (mota_anderson@hotmail.com)
Date: Sun Aug 20 2006 - 09:21:00 ART
Hi Aamir,
I just don't know why are you using so many statements, from my
understanding this question could be answered with a few lines, someone
let me know if I'm wrong:
ip access-list extended SMURF_UDP_FLOODING
deny icmp any any echo
deny icmp any eny echo-reply
deny udp any eq echo any
deny udp any any eq echo
permit ip any any
Andy
--------------------------------------------------------------------
From: "Aamir Aziz" <aamiraz77@gmail.com>
Reply-To: "Aamir Aziz" <aamiraz77@gmail.com>
To: ccielab@groupstudy.com
Subject: ICMP Flooding vs SMURF Attack
Date: Sun, 20 Aug 2006 15:08:31 +0400
>Hi there ppl
>
>I just wanted to clear something, if the tast says that certain
router is
>experiencing attack via ICMP and UDP flooding does it mean SMURF
ATTACK?
>and would the following ACL work to mitigate this flooding issue?
>
>deny icmp any 0.0.0.255 255.255.255.0 echo
>deny icmp any 0.0.0.0 255.255.255.0 echo
>deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any
0.0.0.0
>255.255.255.0 echo-reply
>deny upd any 0.0.0.255 255.255.255.0 echo
>deny upd any 0.0.0.0 255.255.255.0 echo
>permit ip any any
>
>Thanks
>Aamir
>
>_______________________________________________________________________
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART