> Right now I'm more concerned with some low-volume DOS
> attacks which are capable of killing a 7513/RSP4. I don't know
> what the hell can do that, but I've seen a couple of instances in
> the past where one of my router cpu load shoots up, HDLC connections
> drop (T1 and T3), and BGP sessions go down. Since the behaviour
> is so anamolous, my best guess is that it's some sort of DOS attack.
>
> But it's a low-volume DOS attack. There is no traffic
> spike according to my MRTG. I see nothing to make me believe that
> the issue is any kind of flood directed at the router or any hosts
> behind the router. So it must be some sort of specific vulnerability
> in IOS, or maybe in router in general, that I'm not thinking of or
> am not aware of.
>
> Anyone have any pointers, experience, suggestions for
> getting educated about this?
Running netflow on a big link, that happens to have a tcp syn attack
going through it can severely impact a 75xx's.... stream.c may be
able to do the same, if not more damage. There were several threads
on this the past few weeks either on inet-access and/or nanog...
/Sean
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:10 EDT