[nsp] DoS attack Discussion

Jared Mauch jared at puck.nether.net
Wed Oct 15 09:41:52 EDT 2003


	I've found that rate-limiting ICMP echo+echo-reply packets
to about 2Mb/s for every 100Mb/s of interface speed tends to help
minimize the effects of the ICMP based DoS attacks.

	If this is the typical attack profile that you are seeing,
it may help you to do so.

	- jared

On Wed, Oct 15, 2003 at 02:38:14PM +0300, M.Palis wrote:
>   Hello all
> 
> I need to discuss with you  the way DoS attacks of high amount of traffic
> coming through a high Bandwidth backbone to lower bandwidth interfaces e.g
> less than 2Mbps are handled.
> 
> Some of our customers are facing DoS attacks and routers  where these
> customers are connected  are affected too.  I believe this is due  to the
> fact that the attack goes through our backbone to the routers  where low
> bandwidth customer connection exist. Of course we null0 the affected IPs but
> we need a solution that will help the router to handle the traffic until we
> recognise the attack and route to null0 the attacked  IPs. Do you use any
> packet rate-limit on interfaces?
> 
> Any advice will be appreciated
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.


More information about the cisco-nsp mailing list