From: Paul Dardinski (pauld@marshallcomm.com)
Date: Mon Sep 04 2006 - 22:49:56 ART
AFAIK, the echo-reply will log for an amplifier. The extra two lines
should log the echo-reply headed back out of your network.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Broadway
Sent: Monday, September 04, 2006 9:37 PM
To: Cisco certification
Subject: Fraggle/Smurf
I know this has been discussed a million times, but I still haven't got
it.
I understand this line:
permit icmp any 0.0.0.255 255.255.255.0 eq echo log-input
permit icmp any 0.0.0.0 255.255.255.0 eq echo log-input
this will log all ICMP traffic going to network and broadcast addresses
this part I don't understand
permit icmp any 0.0.0.255 255.255.255.0 eq echo-reply log-input
permit icmp any 0.0.0.0 255.255.255.0 eq echo-reply log-input
why would this router log echo-reply traffic going to network and
broadcast
addresses when the echo-reply should be the spoofed IP that the
perpetrator
sent.
The same explaination will apply to UDP. Anyone?
-Broadway
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART