Prevention Techniques (cont’d)

• How to prevent being a “bounce site” in a “Smurf” or “Fraggle” attack:

  Turn off directed broadcasts to networks:
  
  Cisco: Interface command “no ip directed-broadcast”
  
  As of 12.0, this is default (CSCdj31162)
  
  Proteon: IP protocol configuration “disable directed-broadcast”
  Bay Networks: Set a false static ARP address for bcast address
  3Com: SETDefault -IP CONTrol = NoFwdSubnetBcast
  Use access control lists (if necessary) to prevent ICMP echo requests from entering your network
  Configure host machines to not reply to broadcast ICMP echos

Previous slide

Next slide

Back to first slide

View graphic version