Smurf attacks which are basically flood attacks use either 255.255.255.255 or subnet broadcast address. Your solution can help but will not prevent.
With regards Kings On Wed, Jun 6, 2012 at 2:55 AM, Elizabeth .... <[email protected]>wrote: > Kings, > > Back to your original question - How to block smurf attacks on an > interface other than using "no ip directed-broadcast" and no ACL. > > Well I think you might use two methods: > 1. uRPF - use the *ip verify unicast reverse-path* command on the input > interface on the router at the upstream end of the connection. The router > will verify that it has a reverse path for the spoofed ICMP packet and drop > the packet if no path exists. CEF must be enabled > 2. Use CAR to rate limit ICMP packets - if ping must be allowed, you can > limit the amount of ICMP traffic. > > have a look at the following Cisco Doc > http://www.cisco.com/en/US/tech/tk59/technologies_white_paper09186a0080174a5b.shtml > > > Regards, > Elizabeth > ------------------------------ > From: [email protected] > To: [email protected] > Date: Tue, 5 Jun 2012 19:22:32 +0000 > CC: [email protected] > Subject: Re: [OSL | CCIE_Security] Blocking flood attack on an interface > > Oh, no CCIE Number that you actually passed!!!!! Just Blah, blah .... > > What a waist of space .... > > ------------------------------ > Date: Tue, 5 Jun 2012 15:10:53 -0400 > Subject: Re: [OSL | CCIE_Security] Blocking flood attack on an interface > From: [email protected] > To: [email protected] > CC: [email protected] > > Gents > I am sorry about this episode that we are having here in this thread. It > could be the time of month :) makes me laugh that I am being demanded to > provide my number. I think I should post my plague once I receive it. > > > There won't be any more reply from my side on this topic. I am sorry > again. > > On Tuesday, June 5, 2012, Elizabeth .... wrote: > > Well, what a waist of time & space to discuss with you ... What's your > CCIE number, that you can really prove that you'd passed the Lab!!!! > > Please do not replay!!! > > Regards, > Elizabeth > ------------------------------ > Date: Tue, 5 Jun 2012 14:17:29 -0400 > Subject: Re: [OSL | CCIE_Security] Blocking flood attack on an interface > From: [email protected] > To: [email protected] > CC: [email protected] > > It's not my comments which are abusive. Its yours and It's you who is > ignorant and probably jealous as well. A lot of ppl on this forum know me > personally and virtually and they know what I meant by comments. Keep your > retardness to yourself and Bring something useful to this forum. Iam on > this forum for sometime and am trying to work with various people to make > it better. When you have no idea what others meant then keep your reply to > your self. Visit various pathetic forums and see what those wanna bees are > discussing. > Goto Cisco website and see where Cisco announced about v4 and then see the > comment of user who asked, "how many 'lab' in this new version 4" > Do you have any idea what hat user was asking about? You wouldn't know I > bet. > Enough said. > > On Tuesday, June 5, 2012, Elizabeth .... wrote: > > Fawad, > > No need for your abusive commends.... > It's been just 5 - 6 days since you passed your exam, and now what are you > such an expert .... > So, if you do not have respect for others, maybe it would be better that > you abstain for posting on this forum!!! > > Regards, > Elizabeth > > ------------------------------ > Date: Tue, 5 Jun 2012 09:37:55 -0400 > From: [email protected] > To: [email protected] > CC: [email protected] > Subject: Re: [OSL | CCIE_Security] Blocking flood attack on an interface > > A lot depends on the question. It would be mentioned in he question how to > resolve it, there would be some clear hints. > Don't believe on the answers posted on the forums for floating questions. > A lot of those wanna bees are pretty down low in technology and they are > just posting anything that would come to their mind. > > On Tuesday, June 5, 2012, Kingsley Charles wrote: > > Not ACL but some interface command should be the answer. I just saw this > question floating... > > With regards > Kings > > On Tue, Jun 5, 2012 at 2:58 PM, Matt Hill <[email protected]> wrote: > > Off the top of my head... An ACL with the broadcast address as the > destination? (???) > > Cheers, > Matt > > CCIE #22386 > CCSI #31207 > > On 5 June 2012 18:03, Kingsley Charles <[email protected]> wrote: > > Hi all > > > > How do we block smurf attacks on an interface other than using "no ip > > directed-broadcast"? I can't think of any other commands. > > > > > > With regards > > Kings > > > > _______________________________________________ > > For more information regarding industry leading CCIE Lab training, please > > visit www.ipexpert.com > > > > Are you a CCNP or CCIE and looking for a job? Check out > > www.PlatinumPlacement.com > > > > > -- > FNK > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > > > -- > FNK > > > > -- > FNK > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit > www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
