[c-nsp] Measuring SYNs to Configre CAR
Kim Onnel
karim.adel at gmail.com
Wed Nov 10 05:53:15 EST 2004
Dear List,
I would like to configure CAR to rate limit TCP syns and ICMP
echo/echo-replies to limit DDoS attacks.
I would like to know the common way to measure the amount of SYNs i
should allow, and ICMPs,
Knowing we are an ISP with Webhosting servers and ADSL/SDSL...
Should i place the rate limit on the internet gateway uplink interface ?
Any known cavetas of rate limiting TCP syns or ICMPs
Also, during a DDoS attack, would the attacker SYNs overwhelm the
legitimate ones ?
Kind Regards,
~Ahmed
--
~Kim
More information about the cisco-nsp
mailing list