.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
ICMP Flooding vs SMURF Attack
Yes i agree with you that the UDP source is missing here, but the question is what is most suitable or lets say what is required in the lab, how about if we go for something like this:
deny icmp any 0.0.0.255 255.255.255.0 echo deny icmp any 0.0.0.0 255.255.255.0 echo deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any 0.0.0.0 255.255.255.0 echo-reply deny udp any 0.0.0.255 255.255.255.0 eq echo deny udp 0.0.0.255 255.255.255.0 eq echo any deny udp any 0.0.0.0 255.255.255.0 eq echo deny udp 0.0.0.0 255.255.255.0 eq echo any permit ip any any
this one makes any sense?
Thanks Aamir
> >
On 8/20/06, Peter Plak wrote: > > Hi Aziz, > > I have also spent lot of time to this task. I found a link which enters > the explanation of smurf / fragle and protection best so far. > http://www.windowsecurity.com/whitepaper/Characterizing_and_Tracing_Packet_Floods_Using_Cisco_Routers.html > > > > If I look at your list, I would say, almost there. What in my opinion > misses is the udp source eq echo. > I would replace the udp lines with any any. Cause udp echo is rarely used > nowadays, it’s likely that you will have many hits compared to icmp. > > So, I think the list totally will be then: > deny icmp any 0.0.0.255 255.255.255.0 echo > deny icmp any 0.0.0.0 255.255.255.0 echo > deny icmp any 0.0.0.255 255.255.255.0 echo-reply > deny icmp any 0.0.0.0 255.255.255.0 echo-reply > deny upd any any eq echo > deny upd any eq echo any > permit ip any any > > What you think? > > > On 8/20/06, Aamir Aziz wrote: > > > Hi there ppl > > I just wanted to clear something, if the tast says that certain router is > experiencing attack via ICMP and UDP flooding does it mean SMURF ATTACK? > and would the following ACL work to mitigate this flooding issue? > > deny icmp any 0.0.0.255 255.255.255.0 echo > deny icmp any 0.0.0.0 255.255.255.0 echo > deny icmp any 0.0.0.255 255.255.255.0 echo-reply deny icmp any 0.0.0.0 > 255.255.255.0 echo-reply > deny upd any 0.0.0.255 255.255.255.0 echo > deny upd any 0.0.0.0 255.255.255.0 echo > permit ip any any > > Thanks > Aamir > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
