Protection against smurf

• configure “no directed-broadcast” on all interfaces

  • so you can’t be used as an amplifier

• trace forged packets back, hop by hop

• block outgoing forged packets from your customers

• limit the bandwidth that can be used by ICMP traffic