.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
SMURF attack mitigation features…
Hi Tony,
What you’re describing is how to prevent yourself from being a SMURF-attack amplifier. The actual victim is the person that actually owns the spoofed source address in the icmp echo-request, thus being bombarded with echo-replies.
However your question will be invaluable to me one day, as I now know how to find the source of spoofed packets within my network; an irritation in the past.
My guess is that the ip source-track is less processor intensive, since an ACL ‘log-input’ will likely be logging every packet in a smurf attack or a DDOS syn attack into the logging buffer.
Thanks,
Curt
—–Original Message—– From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Tony Paterra Sent: Tuesday, July 18, 2006 2:28 PM To: Cisco certification Subject: SMURF attack mitigation features…
All, I’m curious as to what SMURF attack mitigation features there are… If I am correct in my understanding of a SMURF attack it is set up as follows:
The attacker is on a remote segment using a directed broadcast at a target on your LAN segment
How can we mitigate these attacks?
What I’m aware of (please tell me if I’m off-base or should be doing more/less)…
-Enable unicast RPF on your WAN interface (stops receiving fake source addresses) -No ip directed-broadcast under your LAN interface (stops sending off-network broadcasts) -Put an ACL on the WAN interface that does a ‘log-input’ on the end or also ip source-track (lets you figure out where your attacker is)
What is the difference between ip source-track and doing a permit ip any any log-input in an ACL?
Thanks in advance!!! — Tony Paterra apaterra@gmail.com
