[Fwd: [nsp] border configs]
Benjie Ko
gerwalk1 at yahoo.com
Thu Mar 11 20:46:50 EST 2004
Yes, been running flow collector
(cflowd+Flowscan+CUFlow) for quite some time now.
Thanks for all your suggestions and replies. Will
follow your advise on ACLs and null routing. Thanks.
--- james <hackerwacker at cybermesa.com> wrote:
> Along with the excellent things Joshua mentioned I
> would add
> using net-flows and being able to log this info and
> process it in
> some way. The worst time to figure out what your
> networks
> normal traffic patterns look like is during a DDoS.
> Having long term
> info in some format will clue you into what normal
> is & how
> different your present traffic is flowing.
>
> Look for opportunities to use null routing instead
> of ACL's to control
> problems. ACL's cause packets to use slower
> switching methods,
> while null routing will be switched faster.
>
> If there is an Ethernet "choke point" on your
> network where all or
> most traffic coming in from the Internet must pass
> consider using a
> mirror port to a *nix box where you can run TCPDump.
>
>
> James Edwards
> Routing and Security
> jamesh at cybermesa.com
> At the Santa Fe Office: Internet at Cyber Mesa
> Store hours: 9-6 Monday through Friday
> 505-988-9200 SIP:1(747)669-1965
>
__________________________________
Do you Yahoo!?
Yahoo! Search - Find what you’re looking for faster
http://search.yahoo.com
More information about the cisco-nsp
mailing list