[c-nsp] cisco 7500 UDP attack
Stephen Kratzer
kratzers at pa.net
Fri Sep 22 12:02:06 EDT 2006
On Thursday 21 September 2006 00:24, Schahzad. Z Choudhry wrote:
> Thanks Rubens
> Nope i dont use logs, i have very powerful system for processing netflow
> exports, we already use it for traffic analysis at very much deeper
> level,like voice video traffic, protocol based traffic , our ip class
> patterns etc etc.The same system i use to capture attacks or show ip cache
> flow command.
>
> i was intrested if cisco has developed something to break Dos attack or you
> folks using something to fight with Dos attacks because these things are a
> continous pain in neck, all the time you are at risk any time it can be
> started and in some cases you just sit and watch how they are screwing your
> internet bandwith even if u block them at core routers.
>
> Regards
When a deny entry in an ACL is matched, an ICMP administratively prohibited
unreachable message is sent back to the source which adds to the CPU pegging
during a DOS. A slightly better tactic might be to create an ACL with only
permit statements (and the implicit deny), and use a route map to match on
that ACL and set the destination interface to null0.
Stephen Kratzer
CTI Networks, Inc.
More information about the cisco-nsp
mailing list