Re: smurf attack

From: Bajo (bajoalex@gmail.com)
Date: Tue Sep 20 2005 - 12:40:04 GMT-3

• Next message: Khurana, Sameer: "RE: study plan!"
• Previous message: Leigh Harrison: "Re: smurf attack"
• Maybe in reply to: Rajib Khan: "smurf attack"
• Next in thread: Jim Dixon: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This was discussed a while back. Search the archives. One good link:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.s
html

 On 9/20/05, Leigh Harrison <ccileigh@gmail.com> wrote:
>
> Hey chap,
>
> From what I can remember, a smurf attack is icmp and udp echo and echo
> replies sent to network and broadcast (0 and 255) addresses.
>
> So something along the lines of:-
>
> access-list 100 deny icmp 0.0.0.255 <http://0.0.0.255>
255.255.255.0<http://255.255.255.0>any echo
> access-list 100 deny icmp 0.0.0.255 <http://0.0.0.255>
255.255.255.0<http://255.255.255.0>any echo-reply
> access-list 100 deny icmp 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>any echo
> access-list 100 deny imcp 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>any echo-reply
> access-list 100 deny udp 0.0.0.255 <http://0.0.0.255>
255.255.255.0<http://255.255.255.0>any echo
> access-list 100 deny udp 0.0.0.255 <http://0.0.0.255>
255.255.255.0<http://255.255.255.0>any echo-reply
> access-list 100 deny udp 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>any echo
> access-list 100 deny udp 0.0.0.0 <http://0.0.0.0>
255.255.255.0<http://255.255.255.0>any echo-reply
>
> You might want to double check that what I think is a smurf attack
> actually is a smurf attack !!!
>
> LH
>
>
> Rajib Khan wrote:
>
> >Hi group,
> >
> >I looking for ACL to match smurf traffic
> >
> >Thanks in advance
> >
> >Raj
> >
> >
> >---------------------------------
> >Yahoo! for Good
> > Click here to donate to the Hurricane Katrina relief effort.
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>

--
Kind Regards,
Bajo

• Next message: Khurana, Sameer: "RE: study plan!"
• Previous message: Leigh Harrison: "Re: smurf attack"
• Maybe in reply to: Rajib Khan: "smurf attack"
• Next in thread: Jim Dixon: "RE: smurf attack"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3