[c-nsp] Under attack, need help with ACL....

Rodney Dunn rodunn at cisco.com
Tue Nov 2 17:26:14 EST 2004


He wants to match on source address and since
his ACL is so short you probably wouldn't see
too much difference in CPU usage.

To do it your way you would have to do
it via policy based routing but in that you
still have to match on an ACL you might as
well just use the ACL up front.

Rodney

On Tue, Nov 02, 2004 at 02:22:28PM -0800, Dennis Nugent wrote:
> Greetings
> 
> I was under the impression that it was better to null route it rather then 
> do an ACL?
> Less load on the router
> 
> Something like:
> 
> ip route 213.159.115.0 255.255.255.0 Null0 name temp-ddos-Nov2nd
> 
> 
> Dennis Nugent
> 
> 
> > > > -----Original Message-----
> > > > From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
> > > > bounces at puck.nether.net] On Behalf Of Richard Golodner
> > > > Sent: Tuesday, November 02, 2004 3:42 PM
> > > > To: 'cisco-nsp at puck.nether.net'
> > > > Subject: [c-nsp] Under attack, need help with ACL....
> > > >
> > > >     My company is under some type of Dos and my upstream will not
> > > help
> > > > until I reach 80% saturation. I need to block all hosts from netblock
> > > > 213.159.115.0-255 and have created this ACL:
> > > > access-list 10 deny   213.159.115.0 0.0.0.255
> > > > access-list 10 permit any
> > > >     I am hoping that someone could give me a clue off list please.
> > > >                             Thank you, Richard Golodner
> > > >                             rgolodner at aetea.com
> > > > _______________________________________________
> 
> Dennis Nugent
> WCIX.Net, Inc.
> 350 S Center St Suite 500
> Reno, NV  89501
> dennis at wcix.net
> (209) 743-6018
> fax (877) 640-6608
> 


More information about the cisco-nsp mailing list