"no ip directed-broadcast" only prevents your network
from being used as a smurf amp. What you want to cut
down on a smurf attack on your network is:
ip verify unicast reverse-path
Also, if you are running BGP with your ISP(s) you can
establish a NULL_ROUTE non-transitive community with
them be
> I would like to protect my router against smurf attaque. For
> that I have to
> set up a CAR on my serial interface. But I want to know how to
> determine the
> proper amount of bandwidth for icmp packets for the CAR (I have
> a 8Mb/s
> bandwidth interconnection to the Internet). By trail and er
2 matches
Mail list logo