[nsp] Monitoring DoS attacks with the VIP Console

From: Rob Thomas (robt@cymru.com)
Date: Sun May 27 2001 - 16:10:08 EDT


Hello, cisco-nsp folks.

I have recently authored a paper entitled "Monitoring DoS Attacks with
the VIP Console and NetFlow." This paper details a method for tracking
DoS attacks at a fine layer of granularity. Utilizing both NetFlow and
an undocumented VIP command on a Cisco router, a DoS attack can be
closely monitored and analyzed. You will find the paper at the following
URL:

http://www.cymru.com/~robt/Docs/Articles/dos-and-vip.html

Please note that this document makes use of an UNDOCUMENTED and UNSUPPORTED
Cisco IOS command. While I have successfully used the methods documented
therein during heavy DoS and DDoS attacks, your mileage may vary.

Comments and feedback are always welcome! I hope you find this to be of
use when dealing with DoS attacks.

Thanks!
Rob.

--
Rob Thomas
http://www.cymru.com/~robt
cmn_err(CE_PANIC, "Out of coffee...");



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:38 EDT