Protection against smurf
-
configure “no directed-broadcast” on all
interfaces
- so you can’t be used as an amplifier
-
trace forged packets back, hop by hop
-
block outgoing forged packets from your customers
-
limit the bandwidth that can be used by ICMP traffic