Re: Smurf Attack

From: Rich Collins (nilsi2002@gmail.com)
Date: Sat Sep 22 2007 - 22:15:39 ART

• Next message: Toh Soon, Lim: "Re: how to identify host ip from routes comming from Backbone"
• Previous message: Scott Morris: "RE: Briding and Switching/Tunneling!"
• Maybe in reply to: Joe Carr (Enventis): "Smurf Attack"
• Next in thread: Joseph Saad: "Re: Smurf Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I remember I looked into this a few months back and never found a
satisfactory answer. I did find an approach to blocking a smurf attack for
class C networks. I am not sure if this is just when the router is a
"reflector" or whether a simple "no ip directed-broadcast" does the same
thing. I'd also like to further comments about this topic.

>> Extended IP access list SMURF
>> 10 deny icmp any 0.0.0.255 255.255.255.0 echo log-input
>> 20 deny icmp any 0.0.0.0 255.255.255.0 echo log-input
>> 30 deny icmp any 0.0.0.255 255.255.255.0 echo-reply log-input
>> 40 deny icmp any 0.0.0.0 255.255.255.0 echo-reply log-input
>> 50 permit ip any any

On 9/22/07, Joe Carr (Enventis) <jcarr@enventis.com> wrote:
>
> So if you are the victim of an attack then your only two options are to
> deny ICMP with in inbound ACL or Rate Limit the inbound ICMP traffic?
>
> Joe
>
> -----Original Message-----
> From: Joseph Brunner [mailto:joe@affirmedsystems.com]
> Sent: Saturday, September 22, 2007 3:53 PM
> To: Joe Carr (Enventis); ccielab@groupstudy.com
> Subject: RE: Smurf Attack
>
> Why isn't the phrase "smurf attack" on the DAMN DOC CD! (at least that I
> can
> tell, anyone?)
>
> http://articles.techrepublic.com.com/5100-1035-5034101.html
>
> check this link...!!!
>
> -Joe
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Joe
> Carr (Enventis)
> Sent: Saturday, September 22, 2007 4:50 PM
> To: ccielab@groupstudy.com
> Subject: Smurf Attack
>
> If I were asked to write and ACL to prevent Smurf attacks what would
> that look like?
>
>
>
> Joe
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Toh Soon, Lim: "Re: how to identify host ip from routes comming from Backbone"
• Previous message: Scott Morris: "RE: Briding and Switching/Tunneling!"
• Maybe in reply to: Joe Carr (Enventis): "Smurf Attack"
• Next in thread: Joseph Saad: "Re: Smurf Attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Oct 06 2007 - 12:01:15 ART