There few things which do not seem to be correct.
Your MULTICAST-TRAFFIC access-list should be permit ip any 224.0.0.0 15.255.255.255 and not permit ip any 224.0.0.0 31.255.255.255. Other thing in policy-map police command for multicast police rate be159000. Also for police command burst size should be in bytes per second and NOT bits per second. Just to Summary/ Brief about Land attack/ Smurf attack. In land attack source and destination ip address of packet area the same and it will be spoofed as a target System to attack target system. In smurf attack you will spoof source address as your target system and then you will sending broadcast for target system’s ip addresss in that Vlan so every system will reply to that broad cast reply and eventually your target system will become unresponsive. No ip directed-broadcast will prevent this. Thanks Nilesh On Mon, Feb 28, 2011 at 7:07 PM, Aaron Moreck <[email protected]> wrote: > I have a few questions here > > For part A and B i had no idea what Land Attacks and Smurf attacks were. > Is > thinks a fun fact that was included in the lab or actually something we > mighted to know? > > > As far as Part C > > I used the MQC to do policing. Any problems with doing it this way instead > of with rate-limit as the DSG says? > > ip access-list extended MULTICAST-TRAFFIC > permit ip any 224.0.0.0 31.255.255.255 > ip access-list extended UDP-TRAFFIC > permit udp any any > ip access-list extended ICMP-TRAFFIC > permit icmp any any > class-map match-all UDP-CLASS > match access-group name UDP-TRAFFIC > class-map match-all MULTICAST-CLASS > match access-group name MULTICAST-TRAFFIC > class-map match-all ICMP-CLASS > match access-group name ICMP-TRAFFIC > ! > ! > policy-map AS1-TRAFFIC-POLICY > class UDP-CLASS > police 250000 50000 > class ICMP-CLASS > police 100000 62500 > class MULTICAST-CLASS > police 15500 75000 > interface Serial1/0.26 point-to-point > ip address 150.50.26.1 255.255.255.252 > ip access-group INGRESS-ACL in > ip accounting access-violations > frame-relay interface-dlci 602 > service-policy input AS1-TRAFFIC-POLICY > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
