.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
ICMP Flooding vs SMURF Attack
Hi Aziz,
I have also spent lot of time to this task. I found a link which enters the explanation of smurf / fragle and protection best so far. http://www.windowsecurity.com/whitepaper/Characterizing_and_Tracing_Packet_Floods_Using_Cisco_Routers.html
If I look at your list, I would say, almost there. What in my opinion misses is the udp source eq echo. I would replace the udp lines with any any. Cause udp echo is rarely used nowadays, it’s likely that you will have many hits compared to icmp.
So, I think the list totally will be then: deny icmp any 0.0.0.255 255.255.255.0 echo deny icmp any 0.0.0.0 255.255.255.0 echo deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any 0.0.0.0 255.255.255.0 echo-reply deny upd any any eq echo deny upd any eq echo any permit ip any any
What you think?
On 8/20/06, Aamir Aziz wrote: > > Hi there ppl > > I just wanted to clear something, if the tast says that certain router is > experiencing attack via ICMP and UDP flooding does it mean SMURF ATTACK? > and would the following ACL work to mitigate this flooding issue? > > deny icmp any 0.0.0.255 255.255.255.0 echo > deny icmp any 0.0.0.0 255.255.255.0 echo > deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any 0.0.0.0 > 255.255.255.0 echo-reply > deny upd any 0.0.0.255 255.255.255.0 echo > deny upd any 0.0.0.0 255.255.255.0 echo > permit ip any any > > Thanks > Aamir > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
