applying smurf attack access-list

From: CharlesB (cbalik@adelphia.net)
Date: Thu Nov 30 2006 - 02:53:24 ART

• Next message: wilfred d'souza: "RE: OT - CallManager and NAT"
• Previous message: William.Nellis@cox.com: "RE: spanning-tree portfast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

After spending quite time understanding and researching on this topic, I
realized that the last item I could not figure out where to apply the list.
If I use /24 network base access list:

ip access-list extended ATTACK
permit icmp 0.0.0.0 255.255.255.0 echo log-input
permit icmp 0.0.0.255 255.255.255.0 echo log-input
...
...
...
... and goes on

Question:

Do we apply this list to outside interface as inbound, or inside interface
outbound? Or every interface every direction to figure out what is the
ATTACK direction (source/destination) is (proximity)?

• Next message: wilfred d'souza: "RE: OT - CallManager and NAT"
• Previous message: William.Nellis@cox.com: "RE: spanning-tree portfast"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:49 ART