.jpg "Opportunities, Appliacation, Openings"){kind=small}
.jpg "Hand Job, Blow Job, Job Search, Monster Job"){kind=small}
.jpg "pusat resume, daftar kerja, cari kerja"){kind=small}
.jpg "Project Manager, SOftware Engineer, SAP Consultant"){kind=small}
SMURF attack mitigation features…
Hi Tony,
There was an excellent thread on this last year on GroupStudy. In particular, Jongsoo did a great job at describing the differences between smurf-amplifier and the spoofed source-target: http://shop.groupstudy.com/archives/ccielab/200505/msg00716.html
Also, one of the follow-up emails (from Tim ie: ccie2be) documents the info from Cisco Router Security Firewall (which is a great book to learn about various things you might see in the Security section on the lab).
HTH, Sean
—– Original Message —– From: “Tony Paterra” To: “Cisco certification” Sent: Tuesday, July 18, 2006 2:28 PM Subject: SMURF attack mitigation features…
> All, > I’m curious as to what SMURF attack mitigation features there are… > If I am correct in my understanding of a SMURF attack it is set up as > follows: > > The attacker is on a remote segment using a directed broadcast at a > target on your LAN segment > > How can we mitigate these attacks? > > What I’m aware of (please tell me if I’m off-base or should be doing > more/less)… > > -Enable unicast RPF on your WAN interface (stops receiving fake source > addresses) > -No ip directed-broadcast under your LAN interface (stops sending > off-network broadcasts) > -Put an ACL on the WAN interface that does a ‘log-input’ on the end or > also ip source-track (lets you figure out where your attacker is) > > What is the difference between ip source-track and doing a permit ip > any any log-input in an ACL? > > Thanks in advance!!! > — > Tony Paterra > apaterra@gmail.com > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
