[c-nsp] cisco 7500 UDP attack

Schahzad. Z Choudhry schahzad at khyber.net.pk
Thu Sep 21 00:24:19 EDT 2006 

Thanks Rubens
Nope i dont use logs, i have very powerful system for processing netflow 
exports, we already use it for traffic analysis at very much deeper 
level,like voice video traffic, protocol based traffic , our ip class 
patterns etc etc.The same system i use to capture attacks or show ip cache 
flow command.

i was intrested if cisco has developed something to break Dos attack or you 
folks using something to fight with Dos attacks because these things are a 
continous pain in neck, all the time you are at risk any time it can be 
started and in some cases you just sit and watch how they are screwing your 
internet bandwith even if u block them at core routers.

Regards


----- Original Message ----- 
From: "Rubens Kuhl Jr." <rubensk at gmail.com>
To: "Schahzad. Z Choudhry" <schahzad at khyber.net.pk>
Cc: <cisco-nsp at puck.nether.net>
Sent: Wednesday, September 20, 2006 7:32 PM
Subject: Re: [c-nsp] cisco 7500 UDP attack


> When you configure deny clauses on ACLs, are you configuring them to log ?
> Logging is CPU intensive, and you should avoid it on DoS reactions. If
> you need logs, packet drops are sent to Netflow export with a
> destination interface of 0, and you could use the flow records instead
> of syslog entries.
>
> Rubens
>
>
> On 9/20/06, Schahzad. Z Choudhry <schahzad at khyber.net.pk> wrote:
>> Hello,
>>
>> i am using a cisco 7500 as my core router gateway to internet. some time 
>> i got 1000s of udp requests on any one of my ip address even if the 
>> machine is down.random source port random destination ports some time 
>> even random source ip (may be spoofed).
>>
>> now because the flood is on random ports acls can only be applied on ip 
>> address but in that case some time 7500 stops to respond even on 
>> ethernet.
>>
>> whenever there is any Dos attack i am in same situation do you guys 
>> recomend something to fight with dos attacks specially when its passing 
>> through cisco and stuking it.
>>
>> i know about stoping Half open tcp connection and udp one way blocking at 
>> pix but is there any thing on cisco 7500 which can help.
>>
>> IOS verios is 12.0(10)
>> 7500 is with one e3 HSSi interface and some serials and fastethernet with 
>> rsp card.
>>
>> Hope to get some hint
>> Thanks and Regards
>> Schahzad
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>

More information about the cisco-nsp mailing list