From: sabrina pittarel (sabri_esame@yahoo.com)
Date: Sat Dec 02 2006 - 01:29:39 ART
This is the funniest thing I've read in a while, I've almost wet in my pants
:-)
Scott,
this in not even intermediate level, you should see the collection
of little blue men I have at home :-)
Sabrina
----- Original Message ----
From: Scott Morris <swm@emanon.com>
To: Brad Ellis <brad@ccbootcamp.com>; Udo
<ccie_groupstudy@yahoo.de>
Cc: Cisco certification <ccielab@groupstudy.com>
Sent: Friday, December 1, 2006 5:47:10 AM
Subject: RE: SMURF Attack - tracking
down the source
Childhood phobias gone bad.... You know WAY too much about
these little
guys. :)
-----Original Message-----
From:
nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Brad
Ellis
Sent: Friday, December 01, 2006 2:34 AM
To: Udo
Cc: Cisco certification
Subject: Re: SMURF Attack - tracking down the source
There are several
typical situations in which smurf attacks occur:
case 1) Papa Smurf gets
pissed at his fellow smurfs and goes "postal." This
happens when Papa Smurf
stops taking his medications and his dual
personality comes out. It's not
pretty.
case 2) Multiple smurfs are making passes at Smurfette. In this
situation
the smurfs tend to attack each other in an effort to get Smurfette's
affection. They update their my-smurf-space pages, send her gifts (play
smurfstation 3s), etc.
case 3) Gargamel and Azrael tend to hunt down smurfs
and do nasty things to
them (we've heard rumors that they are substitutes for
hamsters...but we
won't go there). The smurfs don't take too kindly to this
and tend to
launch a counter-attack.
To get to the source of the smurf
attack, a consult with Papa Smurf should
help...but in the networking world,
since the source address of smurf
attacks are spoofed, it can be difficult to
determine the actual source of
the attack. Papa Smurf recommends "no ip
directed-broadcast " as a great
solution for this...Gargamel prefers just
blocking ICMP all together. The
choice is yours. :)
(I prefer to put on a
nice pair of steel toe boots and crush the little
fa-la-lalala buggers)
thanks,
Brad Ellis
CCIE#5796 (R&S / Security)
CCSI#30482
Network Learning Inc
- A Cisco Sponsored Organization (SO) YES! We take
Cisco Learning credits!
mailto:brad@ccbootcamp.com
http://www.ccbootcamp.com (Cisco Training and
Rental Racks)
http://www.ccbootcamp.com/groupstudy.html (groupstudy member
discounts!)
Voice: 702-968-5100
FAX: 702-446-8012
----- Original Message -----
From: "Udo" <ccie_groupstudy@yahoo.de>
To: "CCIE Groupstudy"
<ccielab@groupstudy.com>
Sent: Friday, December 01, 2006 5:32 AM
Subject:
SMURF Attack - tracking down the source
Hi Group,
If I want to track back
to the source of a SMURF attack, what is the
best solution ?
Also what are the
recommended features for tracking back to the source
of an attack...
THX
Udo
This archive was generated by hypermail 2.1.4 : Tue Jan 02 2007 - 07:50:36 ART