[c-nsp] Measuring SYNs to Configre CAR
FXCM - Brandon Palmer
bpalmer at fxcm.com
Wed Nov 10 08:21:47 EST 2004
I thinks CEF can do that for you, but.....
Rate limiting SYNS will NOT help you in the case of a SYN flood, the
amount of PPS that is seen in a synflood can totally swamp legit
traffic. My normal PPS rate w/ is around 40kpps. An attack can be
easily 900kpps+, where do you limit? If 100kpps, then only 1/9th of
your legit traffic can get through.
- Brandon
>>> Kim Onnel <karim.adel at gmail.com> 11/10/2004 5:53:15 >>>
Dear List,
I would like to configure CAR to rate limit TCP syns and ICMP
echo/echo-replies to limit DDoS attacks.
I would like to know the common way to measure the amount of SYNs i
should allow, and ICMPs,
Knowing we are an ISP with Webhosting servers and ADSL/SDSL...
Should i place the rate limit on the internet gateway uplink interface
?
Any known cavetas of rate limiting TCP syns or ICMPs
Also, during a DDoS attack, would the attacker SYNs overwhelm the
legitimate ones ?
Kind Regards,
~Ahmed
--
~Kim
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list