Just popped out to my mind while looking at various IP options. What if you add some filtering on IP options, namely Selective Directed Broadcast Option? E.g. Deny ip any any option sdb
I believe it's mostly for UDP protocol but those mentioned UDP attacks could be blocked. Eugene From: Kingsley Charles <[email protected]<mailto:[email protected]>> Date: Tuesday, June 5, 2012 1:03 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [OSL | CCIE_Security] Blocking flood attack on an interface Hi all How do we block smurf attacks on an interface other than using "no ip directed-broadcast"? I can't think of any other commands. With regards Kings
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
