[nsp] DoS attack Discussion
Jared Mauch
jared at puck.nether.net
Wed Oct 15 09:41:52 EDT 2003
I've found that rate-limiting ICMP echo+echo-reply packets
to about 2Mb/s for every 100Mb/s of interface speed tends to help
minimize the effects of the ICMP based DoS attacks.
If this is the typical attack profile that you are seeing,
it may help you to do so.
- jared
On Wed, Oct 15, 2003 at 02:38:14PM +0300, M.Palis wrote:
> Hello all
>
> I need to discuss with you the way DoS attacks of high amount of traffic
> coming through a high Bandwidth backbone to lower bandwidth interfaces e.g
> less than 2Mbps are handled.
>
> Some of our customers are facing DoS attacks and routers where these
> customers are connected are affected too. I believe this is due to the
> fact that the attack goes through our backbone to the routers where low
> bandwidth customer connection exist. Of course we null0 the affected IPs but
> we need a solution that will help the router to handle the traffic until we
> recognise the attack and route to null0 the attacked IPs. Do you use any
> packet rate-limit on interfaces?
>
> Any advice will be appreciated
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only mine.
More information about the cisco-nsp
mailing list