Re: (ASCEND) Smurf attack

To: ascend-users@max.bungi.com
Subject: Re: (ASCEND) Smurf attack
From: basher@alpha.ces.cwru.edu (Tim Basher)
Date: Tue, 8 Sep 98 22:14:55 EDT
Sender: owner-ascend-users@max.bungi.com

> I have traced a smurf attack to my Max.
>
> Someone sends an echo request to my broadcast.
>
> I have a max4000 with 6.1.7 installed.
> I have set  Reply DirectedBcast Ping=No
>        and  Forward Directed Bcast=No

You are right, these two options should prevent the MAX from being able to
generate a smurf attack.

>        and  ICMP redirects = ignore

This option is not directly related.

> but I have continually packet of 1k of echo-request
 
It is not clear from your message exactly what is happening.
 
#1 Is the MAX forwarding the Echo message?  (Are you seeing multiple replies?) 

#2 Is the MAX itself responding to the Echo message?

#3 What is the address/netmask of the MAX?  What is the address in the Echo?

#4 Which interface is the Echo message originating from?

> How I can stop thats ?

You can always add a Filter or Data Filter to block the packets, but I would
recommend you do a little more trouble shooting and then contact the
European Technical Assistance Center (TAC) - http://www.ascend.com/665.html

[you can send e-mail to emeasupport@ascend.com]

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) Random MAX 4000 reboots, no fatal errors v6.1.7
Next by Date: Re: (ASCEND) Busy signals
Prev by thread: Re: (ASCEND) Smurf attack
Next by thread: (ASCEND) Ascend-Idle-Limit (MAX4000)
Index(es):
- Main
- Thread