[c-nsp] (no subject)

Security security at cytanet.com.cy
Fri Jul 8 10:07:18 EDT 2005


Hello all

I have a few STM-1 lines connected to upstream providers and I will like to
configure on the interfaces permanent rate-limit commands in order to rate
limit the number of packets in case of a DoS attack. We are constantly
measuring the number of packets using Cricket which under normal network
behavior is about 40K packets per second. (maximum). Under a DoS attack the
number of packets passing through increases to about 60k or even 70K and we
are experiencing performance problems.

Any suggestion of how to apply constant rate-limit on number of packets per
interface will be appreciated.


More information about the cisco-nsp mailing list