Go CCIE Go!! - A Cisco Certified Internetwork Expert

Hi Chris, what if your networks is not /24??
Per http://www.cisco.com/warp/public/707/22.html
The fraggle attack is analogous to the smurf attack, except that UDP echo requests are used for the stimulus stream instead of ICMP echo requests. The third and fourth lines of the access list identify fraggle attacks. The appropriate response for the victims is the same, except that UDP echo is a less important service in most networks than is ICMP echo. Therefore, you can disable them completely with fewer negative consequences.
access-list 169 permit icmp any any echo access-list 169 permit icmp any any echo-reply access-list 169 permit udp any any eq echo access-list 169 permit udp any eq echo any access-list 169 permit tcp any any established access-list 169 permit tcp any any access-list 169 permit ip any any
interface serial 0 ip access-group 169 in
if you can find a better resource, please share!
Thanks Victor.-
—–Mensaje original—– De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de Chris Broadway Enviado el: Lunes, 04 de Septiembre de 2006 09:37 p.m. Para: Cisco certification Asunto: Fraggle/Smurf
I know this has been discussed a million times, but I still haven’t got it.
I understand this line: permit icmp any 0.0.0.255 255.255.255.0 eq echo log-input permit icmp any 0.0.0.0 255.255.255.0 eq echo log-input
this will log all ICMP traffic going to network and broadcast addresses this part I don’t understand permit icmp any 0.0.0.255 255.255.255.0 eq echo-reply log-input permit icmp any 0.0.0.0 255.255.255.0 eq echo-reply log-input
why would this router log echo-reply traffic going to network and broadcast addresses when the echo-reply should be the spoofed IP that the perpetrator sent.
The same explaination will apply to UDP. Anyone?
-Broadway