* Technical Tip: Characterizing and Tracing Packet Floods Using Cisco
Routers
http://www.cisco.com/warp/public/707/22.html
On Wed, 9 Feb 2000, Charles Sprickman wrote:
> Hello,
>
> With all the attacks happening these days (yahoo, cnn, etrade, etc.), I'm
> wondering if anyone here could share their techniques for tracking down
> source addresses using netflow (or any other nifty methods you may have).
>
> While many attacks have varying source addresses, some don't and it seems
> possible to at least try to block some of the traffic. Basically what I'm
> looking to do is hopefully start a thread here where we can share info
> about how to identify and quell some of the more common attacks.
>
> Some ideas:
>
> -netflow for dummies
> -quick-n-dirty netflow collector setup
> -using tcpdump/snoop to identify huge flows
> -capabilities of various cisco platforms for flow collection and filtering
> (ie: when will the router just fall over and die)
> -talking to / educating your upstream
>
> Just thought it would be useful for some of us smaller ops on this list to
> start talking about this now rather than at the time someone is being hit
> and is in a panic... This seems like a more appropriate forum than NANOG,
> so I'm posting here, let me know if this is not a good assumption.
>
> Thanks,
>
> Charles
>
> --
> =-----------------= =
> | Charles Sprickman Internet Channel |
> | INCH System Administration Team (212)243-5200 |
> | spork@inch.com access@inch.com |
> = =----------------=
>
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:09 EDT