I had that same question Kings, and after going through several documents I came to the same conclusion you did.
If we just rate-limit echo we will only prevent to be the reflector but not the ultimate target. Echo request storm -> smurf reflector Echo-reply storm -> smurf ultimate target Also it is always mention that ip direct-broadcast should be disable to prevent smurf attacks if not really required. Here are some of the documents I read and helped me get to that conclusion. Hope they help and we all agree. http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.shtml#topic3 http://www.pentics.net/denial-of-service/white-papers/smurf.cgi http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper09186a00801dbf61.html http://etutorials.org/Networking/Router+firewall+security/Part+III+Nonstateful+Filtering+Technologies/Chapter+7.+Basic+Access+Lists/Protection+Against+Attacks/ http://www.sans.org/reading_room/whitepapers/networkdevs/securing-ip-routing-remote-access-cisco-routers_234 -- Ernesto Gonzalez G.
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
