RE: Large Scale Internet Attacks - Technical article.
Hi,
In one of the e commerce sites, they were blown up by a Smurf attack. However, the attack was against the upstream ISP, not the e commerce site itself. Had the target insisted the ISP put the "no ip directed broadcast" command on the outgoing line from the ISP to the target, then the Smurf would have not worked.
Just a little opinion of mine. "no ip directed-broadcast" only deals with the directed broadcast to the interface where the command is specified. It does nothing to the transit directed broadcast. To prevent from SMURF attack you have to code this command on each Cisco router interfaces in your network. Alternatively, a packet filter on boundary router blocking any IP packet destined to *.0 or *.255 would do the trink but you still need "no ip directed-broadcast" to deal with the directed broadcast originating from your internal network. Dennis Su ITS, University of Waikato --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Alternatively, a packet filter on boundary router blocking any IP packet destined to *.0 or *.255 would do the trink but you still need "no ip directed-broadcast" to deal with the directed broadcast originating from your internal network.
That can and will break access to hosts that are on /n networks where n!=0 mod 8, for example, 10.0.100.0 and 10.0.0.255 are perfectly valid host addresses in 10.0.0.0/8. -cw P.S. Alas, ot make matters worse, for machines (for example Suns boxes) still repond to *.255 pings even when they are on a (say) /21 network and shouldn't... -- Chris Wedgwood chris.wedgwood(a)clear.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (2)
-
Chris Wedgwood -
Dennis Su