Job Search, Job Listing, Opportunity
Work at home job, job vacancy
find a job, vacancy list, cari lowongan
Butuh, Segera, secretary, director
« Sending specific SNMP traps to NMS host
ICMP Flooding vs SMURF Attack—THE BRIANS AND SCOTT »

ICMP Flooding vs SMURF Attack—THE BRIANS AND SCOTT

August 22, 2006 @ 2:01 pm · Filed under CCIE Study


A smurf attack is when a host sends ICMP echos to a directed broadcast address with a spoofed source. All devices accepting ICMP on the target network reply with ICMP echo-reply back to the spoofed source. The spoofed source is the victim of the attack. To avoid this attack you can either filter ICMP echo, echo-reply, or disable directed broadcast. In newer IOS versions directed broadcast is disabled by default.
A fraggle attack is the same as a smurf attack except it uses UDP echo instead of ICMP echo. Disabling directed broadcast will prevent this attack as well.
The original question is very nondescript with the notion that a “router is experiencing attack via ICMP and UDP flooding”. Depending on what specific type of traffic it is there are a variety of options. You could filter ICMP and UDP altogether, disable UDP small services like echo (which by default should be off), you could rate limit or police the traffic, you could disable ip unreachable, ip mask-reply… etc. So if this were an exam question you would ultimately have to get more clarification on what an “ICMP and UDP flooding” attack actually means.
HTH,
Brian McGahan, CCIE #8593 bmcgahan@internetworkexpert.com
Internetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 x 705 Outside US: 775-826-4344 x 705 24/7 Support: http://forum.internetworkexpert.com Live Chat: http://www.internetworkexpert.com/chat/
> —–Original Message—– > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of > Chris Broadway > Sent: Tuesday, August 22, 2006 10:21 AM > To: Peter Plak > Cc: Victor Cappuccio; Dusty; David Redfern (AU); Aamir Aziz; > ccielab@groupstudy.com > Subject: Re: ICMP Flooding vs SMURF Attack—THE BRIANS AND SCOTT > > Group, > > Can we get the “Brians” and/or Scott to give us their opinion on the > definitive ACL to log smurf, fraggle, and TCP syn attacks? I think > everyone > has an opinion but have not heard from the ones I consider to be the most > trusted sources. > > -Broadway > >

Bookmark this post:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb
keywords found: everyone david traffic source reply sends except 

Leave a Comment

Related Post