Fraggle/Smurf

From: Chris Broadway (midatlanticnet@gmail.com)
Date: Mon Sep 04 2006 - 22:36:58 ART

• Next message: Victor Cappuccio: "Deny Arp"
• Previous message: Paul Dardinski: "RE: Deny Arp"
• Next in thread: Victor Cappuccio: "RE: Fraggle/Smurf"
• Maybe reply: Victor Cappuccio: "RE: Fraggle/Smurf"
• Maybe reply: Paul Dardinski: "RE: Fraggle/Smurf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I know this has been discussed a million times, but I still haven't got it.

 I understand this line:
permit icmp any 0.0.0.255 255.255.255.0 eq echo log-input
permit icmp any 0.0.0.0 255.255.255.0 eq echo log-input

 this will log all ICMP traffic going to network and broadcast addresses
 this part I don't understand
permit icmp any 0.0.0.255 255.255.255.0 eq echo-reply log-input
permit icmp any 0.0.0.0 255.255.255.0 eq echo-reply log-input

why would this router log echo-reply traffic going to network and broadcast
addresses when the echo-reply should be the spoofed IP that the perpetrator
sent.

The same explaination will apply to UDP. Anyone?

-Broadway

• Next message: Victor Cappuccio: "Deny Arp"
• Previous message: Paul Dardinski: "RE: Deny Arp"
• Next in thread: Victor Cappuccio: "RE: Fraggle/Smurf"
• Maybe reply: Victor Cappuccio: "RE: Fraggle/Smurf"
• Maybe reply: Paul Dardinski: "RE: Fraggle/Smurf"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART