[nsp] limit connections per-source-ip on pix or localdir?
Robert Helmer
robert at namodn.com
Thu Jul 31 19:49:02 EDT 2003
Hi Christopher,
On Thu, Jul 31, 2003 at 06:04:27PM -0700, Christopher McCrory wrote:
> > I would like to limit the number of open connections to (say)
> > 1000 per source IP. I've gone through all the manuals, but the
>
> 1:
> pix> shun ip.address.of.client
:) I've considered putting a trigger in the monitoring system to
do this, but I'd rather not do it that way..
> 2:
> ld> assign
>
> setup a real/virtual/bind to a specific server just for this client,
> they overload it, everyone else is still happy.
Yeah, we discussed this. It would work, but they are not the only client
large enough to squish us in this way..
Thanks for the reply though. It seems like what I want is a pretty
basic method of throttling.. I am surprised that I can't do it on the
PIX or LD.
Can anyone recommend any hardware that can do connection limiting based
on IP?
Thanks,
Rob
More information about the cisco-nsp
mailing list