[Fwd: [nsp] border configs]
james
hackerwacker at cybermesa.com
Thu Mar 11 19:13:45 EST 2004
Along with the excellent things Joshua mentioned I would add
using net-flows and being able to log this info and process it in
some way. The worst time to figure out what your networks
normal traffic patterns look like is during a DDoS. Having long term
info in some format will clue you into what normal is & how
different your present traffic is flowing.
Look for opportunities to use null routing instead of ACL's to control
problems. ACL's cause packets to use slower switching methods,
while null routing will be switched faster.
If there is an Ethernet "choke point" on your network where all or
most traffic coming in from the Internet must pass consider using a
mirror port to a *nix box where you can run TCPDump.
James Edwards
Routing and Security
jamesh at cybermesa.com
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965
More information about the cisco-nsp
mailing list