> I would like to protect my router against smurf attaque. For
> that I have to
> set up a CAR on my serial interface. But I want to know how to
> determine the
> proper amount of bandwidth for icmp packets for the CAR (I have
> a 8Mb/s
> bandwidth interconnection to the Internet). By trail and error
> I have
> determined a bandwidth of 128 kb/s.
>
> CAR Configuration:
>
> interface Serial 0
> rate limit input access-group 102 128000 8000 8000
> conform-action transmit
> exceed-action drop
>
> access-list 102 permit icmp any any echo
> access-list 102 permit icmp any any echo-reply
>
> I have another question, can somebody tell me the threshold of
> icmp packets
> (in kb/s) necessary to consume a host ressources
The best way to protect a network against a smurf attack is to use the
command:
no ip directed-broadcast
on your Serial interface that connects to the internet. Cisco IOS 12.x and
later has the command on by default.
If you are the end receipient of a smurf attack, you will need to work with
your Internet Service Provider to limit the bandwidth of echo-replies being
sent to your network. Filtering on your router does no good as the attack
is designed as a denial-of-service attack to fill your internet access with
garbage. Once it hits your router it is too late. You will need to use CAR
on the router before your internet connection.
I hope this helps!
Paul Borghese
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=14860&t=14634
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
