From: Tim (ccie2be@nyc.rr.com)
Date: Sat Jan 06 2007 - 10:03:26 ART
A smurf attack is very simple, yet quite devious.
Keep in mind that typically, packets are forwarded based only on the
destination address.
So, imagine a packet with this destination address: 150.15.1.255
If directed broadcasts are supported, this packet will go to each host in
the 150.15.1.0 network.
Now, let's assume the packet being sent is an icmp echo request. When each
packet in the dest network receives the packet, what will they do?
They will respond with a echo reply which they will send to the source
address that was in the echo request packet they just received.
Now, here's the kicker:
Suppose the source address in the packet was a spoofed address?
Now, each host that got the echo request packet will send an echo reply to a
spoofed address and the real owner of that spoofed address becomes the
victim.
So, as a result of a smurf attack, the victim can literally get millions of
packets and be overwhelmed; making the smurf attack a type of DOS attack.
They are lots of variations of the smurf attack but they can be easily
defeated with a couple techniques.
First, don't allowed directed broadcasts on your network.
2nd, implement ip verify which protects against lots of packets with spoofed
addresses.
HTH, Tim
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
johngibson1541@yahoo.com
Sent: Thursday, January 04, 2007 11:50 AM
To: ccielab@groupstudy.com
Subject: Re: Security portion in CCIE R & S
you are above me in routing/switching
take CCSP's first exam SECUR , it is IOS based, not pix firewall
their cisco express book for the exam has CBAC, common threat mitigation
(reverse path thing), aaa authentication (for login) mapping to line
configuration, the outer aaa concept.
the SECUR exam pretty much forced me to memorize all those.
one thing I still don't understand is the smurf attack.
John
This archive was generated by hypermail 2.1.4 : Thu Feb 08 2007 - 23:46:55 ART