[Fwd: [nsp] border configs]

Benjie Ko gerwalk1 at yahoo.com
Thu Mar 11 07:47:07 EST 2004


Hi List,

BTW, the reason I am asking is we just got hit by a
UDP flood sourced  outsde our network. At one point in
time during the attack, cisco access list was able to
log close to 600k packets on a single second (if im
reading the log correctly)
Here is the log. 

Mar 11 09:58:53 PHT: %SEC-6-IPACCESSLOGP: list 102
denied udp a.b.c.d(35716) -> w.x.y.z(110), 457329
packets
Mar 11 10:02:16 router 106: Mar 11 09:58:53 PHT:
%SEC-6-IPACCESSLOGP: list 102 denied udp
a.b.c.d(41981) -> w.x.y.z(110), 174190 packets

This was applied on our router's interface . I believe
it should have also been applied to the interface of
our upstream to prevent our router from processing it
even if there is a access list that denies the
unwanted traffic. Please correct me if Im wrong.
router is a 7206 vxr with NPE-300 which according to
the docs can theoretically do 300kpps (<600k packets).
 Interface is atm stm-1.
What measures do you guys do to prevent this?
Thanks.
> Hi list,
> 
> Im curious to know what configs you have to minimize
> any DOS attacks on your network, specifically
> interface configs on your border routers.
> Im aware of Rob's security templates
> (http://www.cymru.com/Documents/index.html) but are
> there other things you are doing aside from this. 
> Thanks.
> 
>

__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com


More information about the cisco-nsp mailing list