From: Shawn Zandi (szmetal@gmail.com)
Date: Wed Feb 27 2008 - 14:37:29 ARST
SMURF destination is broadcast address of IP subnet, considering VLSM
and CIDR you should block all odd ip addresses (cause broadcast is
always odd and subnet mask is variable)
But you should remember that, we block smurf in edge routers connected
to subnets, so you don't need to block every subnet in the world, just
you own broadcast IP.
Shafagh Zandi
> > > Here are the 2 access-list we can use for preventing DoS for Smurf
> > > attack,
> > > do you have any suggestion on whether to use the access-list 111 or 169
> > > in
> > > the exam.
> > >
> > > access-list 111 permit icmp any 0.0.0.255 255.255.255.0 echo
> > > access-list 111 permit icmp any 0.0.0.0 255.255.255.0 echo
> > > access-list 111 permit icmp any 0.0.0.255 255.255.255.0 echo-reply
> > > access-list 111 permit icmp any 0.0.0.0 255.255.255.0 echo-reply
> > > access-list 111 permit udp any 0.0.0.255 255.255.255.0 eq echo
> > > access-list 111 permit udp any 0.0.0.0 255.255.255.0 eq echo
> > > access-list 111 permit udp any eq echo 0.0.0.255 255.255.255.0
> > > access-list 111 permit udp any eq echo 0.0.0.0 255.255.255.0
> > >
> > >
> > > access-list 169 permit icmp any any echo
> > > access-list 169 permit icmp any any echo-reply
> > > access-list 169 permit udp any any eq echo
> > > access-list 169 permit udp any eq echo any
> > >
> > > Thanks and Regards
> > > SCD
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:50 ARST