Using ACLs to Recognize Denial of Service Attacks
ACLs on routers can serve the important purpose of recognizing attacks. This is a critical functionality that can allow a service provider to set up mechanisms to thwart an attack soon after it starts.
One of the most common ways of using an access list in this manner is to use it to recognize a packet flood in the form of a smurf attack. The following sections describe using a set of ACLs to achieve this goal.
Using an Access List to Recognize a Smurf Attack
A smurf attack, shown in Figure 21-3, is a DoS attack. An attacker sends a ping echo request to a broadcast address on a network. The source address of the echo request is the IP address of the attack's intended victim. Because the destination ...