O'Reilly logo

CCIE Security Practice Labs by Fahim Hussain Yusuf Bhaiji

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Section 10.0: Security Violations

10.1. Smurf Attack

  1. Use the Port ACL feature on 3550s to block ICMP on Switch1.

  2. Port ACL can be used to apply on the Layer-2 interface of the switch.

  3. Port ACLs are applied on interfaces for inbound traffic only. Configure ACL on switch1 to deny ICMP and permit everything. Apply the ACL to Fastethernet0/4 on switch1, where AAA/CA server is connected as shown in Table 5-1. The example that follows shows this configuration:

    hostname sw1
    !
    interface FastEthernet0/4
     switchport access vlan 2
     switchport mode access
     no ip address
     ip access-group 101 in
    !
    access-list 101 deny   icmp any any
    access-list 101 permit ip any any
    

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required