Re: smurf's attack...

From: Wayne Bouchard (no email)
Date: Fri Sep 05 1997 - 22:52:40 EDT

> Randy Bush writes...
> > > access-list XXX deny ip any
> >
> > You must be kidding. Why not
> >
> > access-list XXX deny ip any
> I like...
> access-list XXX deny ip any

Okay... trying to access Oops..

The first example is okay if its "deny icmp" instead of "deny
ip". That still allows traffic to reach those hosts, just doesn't let
ICMP through.

Although 255 is a valid IP address, its use is, in my view,
limited. Denying ICMP packets to those hosts may be considered an
acceptable sacrafice by many.

Wayne Bouchard GlobalCenter
Primenet Network Engineering Internet Solutions for
(602) 416-6422 800-373-2499 x6422 Growing Businesses
FAX: (602) 416-9422

Hosted Email Solutions

Invaluement Anti-Spam DNSBLs

Powered By FreeBSD   Powered By FreeBSD