I think in case of smurf reflecters network connected to router , we need scaling down echo on interface which recive the attack and for echo replay on interface connected to reflectors subnet
Regards Date: Tue, 3 Jul 2012 11:49:09 -0600 From: [email protected] To: [email protected] Subject: Re: [OSL | CCIE_Security] Preventing icmp smurf attacks I had that same question Kings, and after going through several documents I came to the same conclusion you did. If we just rate-limit echo we will only prevent to be the reflector but not the ultimate target. Echo request storm -> smurf reflector Echo-reply storm -> smurf ultimate target Also it is always mention that ip direct-broadcast should be disable to prevent smurf attacks if not really required. Here are some of the documents I read and helped me get to that conclusion. Hope they help and we all agree. http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a0080149ad6.shtml#topic3 http://www.pentics.net/denial-of-service/white-papers/smurf.cgi http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6586/ps6642/prod_white_paper09186a00801dbf61.html http://etutorials.org/Networking/Router+firewall+security/Part+III+Nonstateful+Filtering+Technologies/Chapter+7.+Basic+Access+Lists/Protection+Against+Attacks/ http://www.sans.org/reading_room/whitepapers/networkdevs/securing-ip-routing-remote-access-cisco-routers_234 -- Ernesto Gonzalez G. _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
