[c-nsp] cisco 7500 UDP attack

Shakeel Ahmad shakeelahmad at gmail.com
Thu Sep 21 02:13:18 EDT 2006 

Well sometime we have to be on provider's stake and now it all depends how
competent & customer centric they are :)

Give a little but study to RFC 3882 , it lists how you can prevent DOS
attack by BGP manipulation as back holing etc...But then again it depends if
you have BGP session with upstream.


Shakeel


On 9/21/06, Schahzad. Z Choudhry <schahzad at khyber.net.pk> wrote:
>
> Thanks Rubens
> Nope i dont use logs, i have very powerful system for processing netflow
> exports, we already use it for traffic analysis at very much deeper
> level,like voice video traffic, protocol based traffic , our ip class
> patterns etc etc.The same system i use to capture attacks or show ip cache
> flow command.
>
> i was intrested if cisco has developed something to break Dos attack or
> you
> folks using something to fight with Dos attacks because these things are a
> continous pain in neck, all the time you are at risk any time it can be
> started and in some cases you just sit and watch how they are screwing
> your
> internet bandwith even if u block them at core routers.
>
> Regards
>
>
> ----- Original Message -----
> From: "Rubens Kuhl Jr." <rubensk at gmail.com>
> To: "Schahzad. Z Choudhry" <schahzad at khyber.net.pk>
> Cc: <cisco-nsp at puck.nether.net>
> Sent: Wednesday, September 20, 2006 7:32 PM
> Subject: Re: [c-nsp] cisco 7500 UDP attack
>
>
> > When you configure deny clauses on ACLs, are you configuring them to log
> ?
> > Logging is CPU intensive, and you should avoid it on DoS reactions. If
> > you need logs, packet drops are sent to Netflow export with a
> > destination interface of 0, and you could use the flow records instead
> > of syslog entries.
> >
> > Rubens
> >
> >
> > On 9/20/06, Schahzad. Z Choudhry <schahzad at khyber.net.pk> wrote:
> >> Hello,
> >>
> >> i am using a cisco 7500 as my core router gateway to internet. some
> time
> >> i got 1000s of udp requests on any one of my ip address even if the
> >> machine is down.random source port random destination ports some time
> >> even random source ip (may be spoofed).
> >>
> >> now because the flood is on random ports acls can only be applied on ip
> >> address but in that case some time 7500 stops to respond even on
> >> ethernet.
> >>
> >> whenever there is any Dos attack i am in same situation do you guys
> >> recomend something to fight with dos attacks specially when its passing
> >> through cisco and stuking it.
> >>
> >> i know about stoping Half open tcp connection and udp one way blocking
> at
> >> pix but is there any thing on cisco 7500 which can help.
> >>
> >> IOS verios is 12.0(10)
> >> 7500 is with one e3 HSSi interface and some serials and fastethernet
> with
> >> rsp card.
> >>
> >> Hope to get some hint
> >> Thanks and Regards
> >> Schahzad
> >> _______________________________________________
> >> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> >> https://puck.nether.net/mailman/listinfo/cisco-nsp
> >> archive at http://puck.nether.net/pipermail/cisco-nsp/
> >>
> >
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list