Hello, cisco-nsp folks.
I have recently authored a paper entitled "Monitoring DoS Attacks with
the VIP Console and NetFlow." This paper details a method for tracking
DoS attacks at a fine layer of granularity. Utilizing both NetFlow and
an undocumented VIP command on a Cisco router, a DoS attack can be
closely monitored and analyzed. You will find the paper at the following
URL:
http://www.cymru.com/~robt/Docs/Articles/dos-and-vip.html
Please note that this document makes use of an UNDOCUMENTED and UNSUPPORTED
Cisco IOS command. While I have successfully used the methods documented
therein during heavy DoS and DDoS attacks, your mileage may vary.
Comments and feedback are always welcome! I hope you find this to be of
use when dealing with DoS attacks.
Thanks!
Rob.
-- Rob Thomas http://www.cymru.com/~robt cmn_err(CE_PANIC, "Out of coffee...");
This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:38 EDT