can the netgear rt314 stop smurf attacks?
- Thread starter CoolTech
- Start date
There are several ways to do a "smurf." If you are running a server, you are better off using something like the ZyWall 10. It offers you better control on your network. However, the RT314 is very capable and offers many advanced features most are not aware of.
You can stop "spoof" attempts (one stage of "smurf"
.
Without getting into a "step by step" I hope you understand how to impliment the following rules through the Telnet interface!!
Menu 21.4 - Filter Rules Summary
1 Y IP Pr=0, SA=10.0.0.0, DA=0.0.0.0 N D N
2 Y IP Pr=0, SA=172.16.0.0, DA=0.0.0.0 N D N
3 Y IP Pr=0, SA=192.168.0.0, DA=0.0.0.0 N D N
R1: Drop if source address is 10.0.0.0 - 10.255.255.255
R2: Drop if source address is 172.16.0.0 - 172.31.255.255
R3: Drop if source address is 192.168.0.0 - 192.168.255.255
------------------------
Menu 21.5 - Filter Rules Summary
# A Type Filter Rules M m n Log
1 Y IP Pr=0, SA=0.0.0.0, DA=192.168.0.0 N F N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, TCP Estab N D N
3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
4 Y IP Pr=17, SA=0.0.0.0, SP=53, DA=0.0.0.0, DP=1024 N F D
5 N
6 N
R1: Forward if destination address is 192.168.x.x
(Forwards all solicited traffic for all protocols)
R2: Drop all unsolicited TCP connection attempts
R3: Drop incoming NetBIOS requests to port 137 without logging
R4: Forward UDP messages with source port 53, destination port 1024
(Forwards DNS replies; All other traffic is dropped)
------------
**Then don't forget to activate them**
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 4, 5
------------
Note:
If you use DHCP, also change filter set 5, rules 4 and 5 as follows (do not change rules 1-3 defaults with firmware 3.25):
# A Type Filter Rules M m n
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=68 N F N
5 Y IP Pr=17, SA=0.0.0.0, SP=53, DA=0.0.0.0, DP=1024 N F D
You can stop "spoof" attempts (one stage of "smurf"
.Without getting into a "step by step" I hope you understand how to impliment the following rules through the Telnet interface!!
Menu 21.4 - Filter Rules Summary
1 Y IP Pr=0, SA=10.0.0.0, DA=0.0.0.0 N D N
2 Y IP Pr=0, SA=172.16.0.0, DA=0.0.0.0 N D N
3 Y IP Pr=0, SA=192.168.0.0, DA=0.0.0.0 N D N
R1: Drop if source address is 10.0.0.0 - 10.255.255.255
R2: Drop if source address is 172.16.0.0 - 172.31.255.255
R3: Drop if source address is 192.168.0.0 - 192.168.255.255
------------------------
Menu 21.5 - Filter Rules Summary
# A Type Filter Rules M m n Log
1 Y IP Pr=0, SA=0.0.0.0, DA=192.168.0.0 N F N
2 Y IP Pr=6, SA=0.0.0.0, DA=0.0.0.0, TCP Estab N D N
3 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=137 N D N
4 Y IP Pr=17, SA=0.0.0.0, SP=53, DA=0.0.0.0, DP=1024 N F D
5 N
6 N
R1: Forward if destination address is 192.168.x.x
(Forwards all solicited traffic for all protocols)
R2: Drop all unsolicited TCP connection attempts
R3: Drop incoming NetBIOS requests to port 137 without logging
R4: Forward UDP messages with source port 53, destination port 1024
(Forwards DNS replies; All other traffic is dropped)
------------
**Then don't forget to activate them**
Menu 11.5 - Remote Node Filter
Input Filter Sets:
protocol filters= 4, 5
------------
Note:
If you use DHCP, also change filter set 5, rules 4 and 5 as follows (do not change rules 1-3 defaults with firmware 3.25):
# A Type Filter Rules M m n
4 Y IP Pr=17, SA=0.0.0.0, DA=0.0.0.0, DP=68 N F N
5 Y IP Pr=17, SA=0.0.0.0, SP=53, DA=0.0.0.0, DP=1024 N F D
I always thought it was a directed broadcast.
something like - ping 206.32.3.255. All hosts on the 206.32.3.0 network would reply to the ping. Most routers on the internet don't allow this anymore so the threat is pretty much gone.
something like - ping 206.32.3.255. All hosts on the 206.32.3.0 network would reply to the ping. Most routers on the internet don't allow this anymore so the threat is pretty much gone.
<< what is a smurf? >>
Read here about SMURF ATTACKS
And here most people thought it was a blue cartoon character from the 1980's
uh, trust me, u can be smurfed, !!! i was smurfed, so much traffic coming into my cable modem, i was dropped off the internet for like 20 mins
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter