yep
Regards, Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr. Instructor - IPexpert, Inc. Mailto: [email protected] Telephone: +1.810.326.1444, ext. 208 Live Assistance, Please visit: www.ipexpert.com/chat eFax: +1.810.454.0130 IPexpert is a premier provider of Self-Study Workbooks, Video on Demand, Audio Tools, Online Hardware Rental and Classroom Training for the Cisco CCIE (R&S, Voice, Security & Service Provider) certification(s) with training locations throughout the United States, Europe, South Asia and Australia. Be sure to visit our online communities at www.ipexpert.com/communities and our public website at www.ipexpert.com <http://www.ipexpert.com/> From: [email protected] [mailto:[email protected]] On Behalf Of kamran shakil Sent: Sunday, February 13, 2011 10:47 AM To: [email protected] Subject: [OSL | CCIE_Security] Smurf attack Prevention and Mitigation: i have to confirm following logic. i know the for smurf attack i have to consider icmp echo and icmp echo reply and then either drop it or policy it as per requirement. but , i have read that "no ip directed-broadcast" can also be used for smurf protection ? today i was using a router with flash:c2600-advsecurityk9-mz.124-15.T14.bin" and when i did #show run all, under fa0/0 there is not default value of "no ip directed broadcast", so just want to confirm from EXPERTS, would that be ok and acceptable by CCIE LAB, in case if they ask smurf attack question and i configure both "no ip directed broadcast " under the interface and also deny icmp-echo and echo-reply or police it if mentioned !!! regards,
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
