[c-nsp] syn flood - port 80
matthew zeier
mrz at intelenet.net
Mon Aug 2 15:58:35 EDT 2004
After we discovered the destination host, the Null route seemed to really
help. But before then, every interface was showing millions of input errors
and sometimes enough that the oc12 or oc48 would drop. That's what hurt the
most.
----- Original Message -----
From: "Robert A. Hayden" <rhayden at geek.net>
To: "matthew zeier" <mrz at intelenet.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Monday, August 02, 2004 12:57 PM
Subject: Re: [c-nsp] syn flood - port 80
> We use a blackhole routing system address issues like this. BH the
> target. Works good if your IP is virus infected as well.
>
> On Mon, 2 Aug 2004, matthew zeier wrote:
>
> >
> > What do you do when you have 800Mbps of inbound syn flood? ACLs weren't
a
> > good option.
> >
> > Null routing the destination seemed to kill it off quicker but in them
> > meantime, my GSRs were suffering tofab/frfab issues.
> >
> >
> >
> > --
> > matthew zeier, Sr. Network Engineer | "Nothing in life is to be feared.
> > InteleNet Communications, Inc. | It is only to be understood."
> > (949) 784-7904 | - Marie Curie
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list