hi Kings, I would agree that the 3rd one is the most efficient among them, but the problem I see with this solution is that you are not really preventing the attack you are just scaling it down, and as a side effect probably you would drop production traffic too due to the policing.
Why don't just use the no ip directed broadcast? or maybe some spoofing protection mechanism to prevent the attack to happen? Anyways, if they explicitly say not to use any of the two above then I would go with option 3. Oszkar > > Hi all > > If we are asked to prevent icmp smurf attacks, we can use features like > MQC, rate-limiter, interface acls etc. > > The logic is to classify the icmp packets and limit them. > > For all of features that I mentioned above, we need an ACL for > classification. > > Now, should we classify for echo or echo-reply or for both? > > With echo, you block the spoofed echo packets itself at the very beginning > With echo-reply, you block the avalanche of icmp replies > With both echo and echo-reply, you prevent smurf attacks on both > directions. > > I feel 3rd one should do. > > Thoughts please. > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
