From: Jared Scrivener (jared@mensa.org.au)
Date: Sun Feb 24 2008 - 07:12:06 ARST
SCD,
A smurf attack is an ICMP echo sent to the broadcast address of a network
(normally with a spoofed source IP address), with the goal of having all
hosts send ICMP echo-reply packets to the source IP address.
A fraggle attack is a similar attack using UDP echo rather than ICMP echo.
So if, for example, you were told something like:
You suspect there is a smurf attack being initiated from within the
172.19.5.0/24 subnet to attack the 172.19.6.0/24 network. Create an
access-list to stop it.
A valid access-list would be something like:
Access-list 101 deny icmp 172.19.5.0 0.0.0.255 host 172.19.6.255 echo
Access-list 101 permit ip any any
This presumes there is no other requirements from an access-list to filter
other traffic on that interface - hence the "permit ip any any" statement in
the second line.
The key here is to be only as specific as required by the question. In this
case a source and destination network were specified. I only blocked ICMP
echo (rather than UDP echo as well) because it specified a Smurf attack
rather than a Fraggle attack.
And remember to apply the access-list to the relevant interface (most likely
inbound on the interface connected to 172.19.5.0/24 in this case) as the
question requires. :)
Kind Regards,
Jared Scrivener, CCIE2 (R&S,Security) #16983, CISSP
Email: - jared@mensa.org.au
LinkedIn: http://www.linkedin.com/in/jaredscrivener
"I can accept failure. Everyone fails at something. But I can't accept not
trying." - Michael Jordan
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of C D
Sent: Saturday, 23 February 2008 5:59 AM
To: Cisco certification
Subject: Access-list for Smurf Attack : Which one is to be used in the exam
Hi Group,
Here are the 2 access-list we can use for preventing DoS for Smurf attack,
do you have any suggestion on whether to use the access-list 111 or 169 in
the exam.
access-list 111 permit icmp any 0.0.0.255 255.255.255.0 echo
access-list 111 permit icmp any 0.0.0.0 255.255.255.0 echo
access-list 111 permit icmp any 0.0.0.255 255.255.255.0 echo-reply
access-list 111 permit icmp any 0.0.0.0 255.255.255.0 echo-reply
access-list 111 permit udp any 0.0.0.255 255.255.255.0 eq echo
access-list 111 permit udp any 0.0.0.0 255.255.255.0 eq echo
access-list 111 permit udp any eq echo 0.0.0.255 255.255.255.0
access-list 111 permit udp any eq echo 0.0.0.0 255.255.255.0
access-list 169 permit icmp any any echo
access-list 169 permit icmp any any echo-reply
access-list 169 permit udp any any eq echo
access-list 169 permit udp any eq echo any
Thanks and Regards
SCD
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:49 ARST