From: Aamir Aziz (aamiraz77@gmail.com)
Date: Sun Aug 20 2006 - 11:41:19 ART
Hi Andy
Could you explain the third line of ur ACL why have you done this one:
deny udp any eq echo any
Thanks
Aamir
On 8/20/06, Anderson Mota Alves <mota_anderson@hotmail.com> wrote:
>
> Hi Aamir,
>
> I just don't know why are you using so many statements, from my
> understanding this question could be answered with a few lines, someone
> let me know if I'm wrong:
>
> ip access-list extended SMURF_UDP_FLOODING
> deny icmp any any echo
> deny icmp any eny echo-reply
> deny udp any eq echo any
> deny udp any any eq echo
> permit ip any any
>
> Andy
>
> --------------------------------------------------------------------
>
> From: "Aamir Aziz" <aamiraz77@gmail.com>
> Reply-To: "Aamir Aziz" <aamiraz77@gmail.com>
> To: ccielab@groupstudy.com
> Subject: ICMP Flooding vs SMURF Attack
> Date: Sun, 20 Aug 2006 15:08:31 +0400
> >Hi there ppl
> >
> >I just wanted to clear something, if the tast says that certain
> router is
> >experiencing attack via ICMP and UDP flooding does it mean SMURF
> ATTACK?
> >and would the following ACL work to mitigate this flooding issue?
> >
> >deny icmp any 0.0.0.255 255.255.255.0 echo
> >deny icmp any 0.0.0.0 255.255.255.0 echo
> >deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any
> 0.0.0.0
> >255.255.255.0 echo-reply
> >deny upd any 0.0.0.255 255.255.255.0 echo
> >deny upd any 0.0.0.0 255.255.255.0 echo
> >permit ip any any
> >
> >Thanks
> >Aamir
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Sep 01 2006 - 15:41:57 ART