Re: smurf's attack...

From: Wayne Bouchard (no email)
Date: Fri Sep 05 1997 - 22:52:40 EDT


> Randy Bush writes...
>
> > > access-list XXX deny ip any 0.0.0.255 255.255.255.0
> >
> > You must be kidding. Why not
> >
> > access-list XXX deny ip any 0.0.0.42 255.255.255.0
>
> I like...
>
> access-list XXX deny ip any 0.0.0.1 255.255.255.254

Okay... trying to access 10.10.10.1.. Oops..

The first example is okay if its "deny icmp" instead of "deny
ip". That still allows traffic to reach those hosts, just doesn't let
ICMP through.

Although 255 is a valid IP address, its use is, in my view,
limited. Denying ICMP packets to those hosts may be considered an
acceptable sacrafice by many.

----------------------------------------------------------------------
Wayne Bouchard GlobalCenter
                           
Primenet Network Engineering Internet Solutions for
(602) 416-6422 800-373-2499 x6422 Growing Businesses
FAX: (602) 416-9422
http://www.primenet.com http://www.globalcenter.net
----------------------------------------------------------------------








Hosted Email Solutions

Invaluement Anti-Spam DNSBLs



Powered By FreeBSD   Powered By FreeBSD