[nsp] NAT spiking CPU
Streiner, Justin
streiner at stargate.net
Mon Sep 8 15:21:58 EDT 2003
On Mon, 8 Sep 2003, Bob Collie wrote:
> We're seeing this same trouble with our network and have not yet found a
> way to limit NAT translations. What we're seeing specifically is that a
> site with a 2610 where we're running NAT gets infected by one of the
> DDOS attacks (be it ICMP, etc.) and the sheer volume of dynamic,
> outbound NAT translations makes the router unusable.
>
> Has anyone found a way to limit this? We tried using CAR but it didn't
> make much of a difference when applied against excessive and randomized
> ICMP traffic.
For Blaster/Nachi traffic, I found that judicious use of uRPF worked very
well against infected users that were spewing out lots of tcp/135 and
ICMP echo traffic. As always, YMMV.
jms
More information about the cisco-nsp
mailing list