[c-nsp] DDoS help please
Blake Dunlap
ikiris at gmail.com
Tue Dec 11 15:02:56 EST 2012
Maybe start using object-groups?
-Blake
On Tue, Dec 11, 2012 at 1:19 PM, Mike
<mike-cisconsplist at tiedyenetworks.com>wrote:
> Hi,
>
> I tried asking this question another way and don't think I made it
> clear what or why it was needed.
>
> I am an ISP and I have been seeing a customer IP address being
> targeted for a DDoS which appears to be an dns amplification attack. I
> checked the ip's of the servers sending packets and they all appear to be
> legitimate recusive resolvers that unfortunately don't limit queries to
> their own customer networks. On my side, I would like to impose a rule for
> this single customer that no dns traffic - other than from my own resolvers
> - is forwarded between this customer and the network. The customer is
> terminated with PPPoE on a 7201 and they have radius profile entry that
> includes 'Filter-Id' which contains a basic home user filter to deny crap
> traffic such as rfc1918 and such. I would like to be able to add an
> additional filter on top of this which includes deny all port 53 except
> to/from my servers. I don't want to cut/paste and create a new access list
> for this customer, I just want to be able to add some additional rules on
> top of the default filter set. Surely there has to be a way to do this?
>
> Mike-
> ______________________________**_________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/**mailman/listinfo/cisco-nsp<https://puck.nether.net/mailman/listinfo/cisco-nsp>
> archive at http://puck.nether.net/**pipermail/cisco-nsp/<http://puck.nether.net/pipermail/cisco-nsp/>
>
More information about the cisco-nsp
mailing list