Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT

From: David Timmons (masterdt@yahoo.com)
Date: Wed Sep 06 2006 - 12:09:37 ART

• Next message: chris: "switching and vlans"
• Previous message: Michael Stout: "Re: 7500 CPU Processes"
• Maybe in reply to: David Timmons: "Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT"
• Next in thread: route flap: "Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Your right, you don't need to read that link. I am sure the book is too full of errors to help. Sorry for the email...
 
dt

----- Original Message ----
From: route flap <routeflap@gmail.com>
To: David Timmons <masterdt@yahoo.com>
Cc: Chris Broadway <midatlanticnet@gmail.com>; Peter Plak <plukkie@gmail.com>; Victor Cappuccio <cvictor@protokolgroup.com>; Dusty <dustygoody@gmail.com>; David Redfern (AU) <David.Redfern@didata.com.au>; Aamir Aziz <aamiraz77@gmail.com>; ccielab@groupstudy.com
Sent: Wednesday, September 6, 2006 9:34:57 AM
Subject: Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT

Hmmmm

From that link

In Example 17-16, ICMP echos and echo replies are limited to 64 kbps of bandwidth, with a burst size of 4 kbps of bandwidth. Example 17-17 shows the code used on the customer's router.
Customer(config)# access-list 100 permit icmp any any echo
Customer(config)# access-list 100 permit icmp any any echo-reply
Customer(config)# interface serial0
Customer(config-if)# rate-limit output access-group 100 64000 4000 4000
 conform-action transmit exceed-action drop

the BRUST Size is in BYTESSSSSSSSSS

regards
RalF

On 9/6/06, David Timmons < masterdt@yahoo.com> wrote:
Hi,

Here is Cisco Press link on a book about security. I think it is worth a read. They have some ACL to block your requested post.

http://www.ciscopress.com/articles/article.asp?p=345618&seqNum=5&rl=1

----- Original Message ----
From: Chris Broadway < midatlanticnet@gmail.com>
To: Peter Plak <plukkie@gmail.com>
Cc: Victor Cappuccio < cvictor@protokolgroup.com>; Dusty <dustygoody@gmail.com>; David Redfern (AU) <David.Redfern@didata.com.au>; Aamir Aziz < aamiraz77@gmail.com>; ccielab@groupstudy.com
Sent: Tuesday, August 22, 2006 10:21:24 AM
Subject: Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT

Group,

Can we get the "Brians" and/or Scott to give us their opinion on the
definitive ACL to log smurf, fraggle, and TCP syn attacks? I think everyone
has an opinion but have not heard from the ones I consider to be the most
trusted sources.

-Broadway

• Next message: chris: "switching and vlans"
• Previous message: Michael Stout: "Re: 7500 CPU Processes"
• Maybe in reply to: David Timmons: "Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT"
• Next in thread: route flap: "Re: ICMP Flooding vs SMURF Attack---THE BRIANS AND SCOTT"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:40 ART