[c-nsp] cisco 7500 UDP attack

Rubens Kuhl Jr. rubensk at gmail.com
Wed Sep 20 10:32:25 EDT 2006


When you configure deny clauses on ACLs, are you configuring them to log ?
Logging is CPU intensive, and you should avoid it on DoS reactions. If
you need logs, packet drops are sent to Netflow export with a
destination interface of 0, and you could use the flow records instead
of syslog entries.

Rubens


On 9/20/06, Schahzad. Z Choudhry <schahzad at khyber.net.pk> wrote:
> Hello,
>
> i am using a cisco 7500 as my core router gateway to internet. some time i got 1000s of udp requests on any one of my ip address even if the machine is down.random source port random destination ports some time even random source ip (may be spoofed).
>
> now because the flood is on random ports acls can only be applied on ip address but in that case some time 7500 stops to respond even on ethernet.
>
> whenever there is any Dos attack i am in same situation do you guys recomend something to fight with dos attacks specially when its passing through cisco and stuking it.
>
> i know about stoping Half open tcp connection and udp one way blocking at pix but is there any thing on cisco 7500 which can help.
>
> IOS verios is 12.0(10)
> 7500 is with one e3 HSSi interface and some serials and fastethernet with rsp card.
>
> Hope to get some hint
> Thanks and Regards
> Schahzad
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list