Security Incidents mailing list archives

Re: ICMP/SYN Flood

From: Sebastian Jaenicke <tsa () jaenicke org>
Date: Thu, 22 May 2003 21:39:16 +0200

On Thu, May 22, 2003 at 07:47:21AM +0500, Muhammad Naseer Bhatti wrote:
[..]

And the list goes oon .. The question I want to ask here, is the
network/router poorly configured at my NOC which is allowing
broadcasts/networks to pass through it? If so, how can I assist them to fix
it? I am not a Cisco guru, so might need someone to give me some hints so
that I can pass that to the poor NOC techs.


"no ip directed-broadcast" disallows packets targeted at broadcast 
addresses. Note this applies to destination, but not source IP address.
This is the default setting in Cisco IOS 12.0 and later.

- Sebastian
-- 
Sebastian Jaenicke                                   Disce aut discede!
whois pgpkey-18AC0BE4 -h whois.ripe.net|perl -ne's-^certif: +--&&print'

Attachment: _bin
Description:

Current thread:

ICMP/SYN Flood Muhammad Naseer Bhatti (May 22)
- RE: ICMP/SYN Flood David Gillett (May 23)
- Re: ICMP/SYN Flood Sebastian Jaenicke (May 23)
- Re: ICMP/SYN Flood CTA (May 23)
- Re: ICMP/SYN Flood Dr J (May 23)
- <Possible follow-ups>
- Re: ICMP/SYN Flood Muhammad Naseer Bhatti (May 23)
- RE: ICMP/SYN Flood Whiteside, Larry [contractor] (May 23)