[c-nsp] syn flood - port 80
Tantsura, Jeff
jeff.tantsura at capgemini.com
Tue Aug 3 04:58:47 EDT 2004
Syn flood is not the headache of today.
Most difficult to mitigate attacks are distributed via botnets-->zombies
which do legitimate requests and full TCP Three way handshake.
BTW There is some QoS for tofab/frfab issues. You could start with
http://www.cisco.com/en/US/products/hw/routers/ps167/products_tech_note0
9186a00800c9332.shtml
Jeff
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of matthew zeier
Sent: Monday, August 02, 2004 9:32 PM
To: b.turnbow at twt.it; 'Roger'; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] syn flood - port 80
What do you do when you have 800Mbps of inbound syn flood? ACLs weren't
a good option.
Null routing the destination seemed to kill it off quicker but in them
meantime, my GSRs were suffering tofab/frfab issues.
--
matthew zeier, Sr. Network Engineer | "Nothing in life is to be feared.
InteleNet Communications, Inc. | It is only to be understood."
(949) 784-7904 | - Marie Curie
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
Our name has changed. Please update your address book to the following format: "recipient at capgemini.com".
This message contains information that may be privileged or confidential and is the property of the Capgemini Group. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain, copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message.
More information about the cisco-nsp
mailing list