Checklists, hardware equipment and topic lists are all posted for v4...
Also a video from Natalie Timms.
Grab a lab spot if you don't already have one :)
Sent from my iPhone
On Jun 4, 2012, at 18:38, Mohamed Abdin mohammed.ab...@gmail.com wrote:
Dears,
They are finally announce it the
Hi all
How do we block smurf attacks on an interface other than using no ip
directed-broadcast? I can't think of any other commands.
With regards
Kings
___
For more information regarding industry leading CCIE Lab training, please visit
How about blocking echo and echo-reply as well, one coul be victim or
reflector.
On Tuesday, June 5, 2012, Matt Hill wrote:
Off the top of my head... An ACL with the broadcast address as the
destination? (???)
Cheers,
Matt
CCIE #22386
CCSI #31207
On 5 June 2012 18:03, Kingsley Charles
Probably not.. The attack could be a UDP flood.
On 5 June 2012 21:35, Fawad Khan fawa...@gmail.com wrote:
How about blocking echo and echo-reply as well, one coul be victim or
reflector.
On Tuesday, June 5, 2012, Matt Hill wrote:
Off the top of my head... An ACL with the broadcast
That got me thinking... does a smurf attack have to be ICMP, or can it be UDP?
I think it can be UDP too, because the point is using the directed
bcast address?
Thoughts?
On 5 June 2012 21:58, Matt Hill mayd...@gmail.com wrote:
Probably not.. The attack could be a UDP flood.
On 5 June 2012
UDp one is fragile I think.
On Tuesday, June 5, 2012, Matt Hill wrote:
That got me thinking... does a smurf attack have to be ICMP, or can it be
UDP?
I think it can be UDP too, because the point is using the directed
bcast address?
Thoughts?
On 5 June 2012 21:58, Matt Hill
how about using the 'ip verify unicast reverse-path' command on the input
interface on the router at the upstream end of the connection
Regards, Elizabeth
Date: Tue, 5 Jun 2012 16:30:43 +0530
From: kingsley.char...@gmail.com
To: mayd...@gmail.com
CC: ccie_security@onlinestudylist.com
A lot depends on the question. It would be mentioned in he question how to
resolve it, there would be some clear hints.
Don't believe on the answers posted on the forums for floating questions. A
lot of those wanna bees are pretty down low in technology and they are just
posting anything that
I dont think it would work, if the attack corresponds to the local network
rate limiting can do the trick on this one...of the protocol... if the attack
comes to the router a rate limit to the protocol in question can mitigate the
attack... Either on the interface or the CoPP
Mike
From:
Fawad,
No need for your abusive commends It's been just 5 - 6 days since you
passed your exam, and now what are you such an expert So, if you do not
have respect for others, maybe it would be better that you abstain for posting
on this forum!!!
Regards, Elizabeth
Date: Tue,
attachment was scrubbed...
URL:
/archives/ccie_security/attachments/20120605/39da4f96/attachment.html
End of CCIE_Security Digest, Vol 72, Issue 15
*
___
For more information regarding industry leading CCIE
Sure Marko :-)
With regards
Kings
On Tue, Jun 5, 2012 at 10:23 PM, Marko Milivojevic mar...@ipexpert.comwrote:
Visa issues aside - if you take it in San Jose, you can drop by to say
hi to Vik and I :-)
--
Marko Milivojevic - CCIE #18427 (SP RS)
Senior CCIE Instructor - IPexpert
On Mon,
I met Vik, Rauf and Piotr at San Jose. Wonder how I missed you.
On Tuesday, June 5, 2012, Marko Milivojevic wrote:
Visa issues aside - if you take it in San Jose, you can drop by to say
hi to Vik and I :-)
--
Marko Milivojevic - CCIE #18427 (SP RS)
Senior CCIE Instructor - IPexpert
On
Gents
I am sorry about this episode that we are having here in this thread. It
could be the time of month :) makes me laugh that I am being demanded to
provide my number. I think I should post my plague once I receive it.
There won't be any more reply from my side on this topic. I am sorry
Oh, no CCIE Number that you actually passed! Just Blah, blah
What a waist of space
Date: Tue, 5 Jun 2012 15:10:53 -0400
Subject: Re: [OSL | CCIE_Security] Blocking flood attack on an interface
From: fawa...@gmail.com
To: elizabeth...@hotmail.co.uk
CC:
Kings,
Back to your original question -
How to block smurf attacks on an interface other than using no ip
directed-broadcast and no ACL.
Well I think you might use two methods:1. uRPF -
use the ip verify unicast reverse-path command on the input interface on the
router at the upstream end of
While we are on about it, whats the current la availability like in Sydney?
Havent passed my written yet (give me a week, I need to recert anyway)
but for now Im just curious if someone could check if thats ok.
Cheers,
Matt
CCIE #22386
CCSI #31207
On 6 June 2012 04:47, Fawad Khan
For the dhcp snooping I learned the hard way the difference between the two
commands.
The below command is done at exec level and binding will be removed afte a
reload
3560# ip dhcp snooping binding cccd.1233.3422 vlan 101 1.11.1.1 interface
gi0/3
The following is permenant and will not be
I'd agree that this type of question should be very specific.
If we want the router to stop the prolifiration of smurf/broadcasts then it's
the only no ip directed-broadcast command. If the attack is local it's local,
no router can help ;)
Eugene
From: Fawad Khan
Folks,
If the task asks to hide/encrypt ALL passwords in the router config and let's
say the router has crypto ipsec client ezvpn portion then the standard service
password-encryption doesn't have any affects on the password in this section
if the password was originally entered in clear text.
definitely a defect of documentation, mattch-any does not make any sense in
this context
also
R4(config)#class-map type stack ?
match-all Logical-AND all matching statements under this classmap
No match-any on IOS 12.4(15)T8
A.
On 4 June 2012 16:55, Eugene Pefti eug...@koiossystems.com
a way to remember DF goes before MF is that D goes before M in alphabet,
not the ideal way of remembering things but there you go :-)
On 4 June 2012 15:37, Eugene Pefti eug...@koiossystems.com wrote:
Sorry, didn't mean to send it yet. Starting it all over:
If you don't mind, guys, I'd start
I made that mistake on the test, the question clearly said, make sure it
survives upon reload
Mike
Date: Tue, 5 Jun 2012 20:04:27 -0400
From: fawa...@gmail.com
To: ccie_security@onlinestudylist.com
Subject: [OSL | CCIE_Security] Dhcp snooping permenant vs temp binding
For the dhcp
Very good mnemonics !!!
Thanks, Alexei ;)
Eugene
From: Alexei Monastyrnyi alexei...@gmail.commailto:alexei...@gmail.com
Date: Tuesday, June 5, 2012 6:07 PM
To: Eugene Pefti eug...@koiossystems.commailto:eug...@koiossystems.com
Cc: Mike Rojas mike_c...@hotmail.commailto:mike_c...@hotmail.com,
ip source binding 1112.3332.2243 vlan 3 1.1.1.1 interface gi0/3 can't be
used for DHCP snooping. Have you tested it? It can be only used for IPSG
validation not DHCP packet validation.
With regards
Kings
On Wed, Jun 6, 2012 at 7:35 AM, Mike Rojas mike_c...@hotmail.com wrote:
I made that
25 matches
Mail list logo
