[c-nsp] Anyone who have set PBR against worm or dos?
Monty Ree
chulmin2 at hotmail.com
Fri Feb 23 01:16:59 EST 2007
Hello list.
I have saw some cisco security documents against worm attack.
It was named PBR and it would be great against worm or dos attack.
because most packet size of the worms and dos attacks are same size.
But I'm afraid that it cause lots of cpu load at my system or not.
So is there anyone who have done PBR at your cisco equipment?
My systems are C6509sup2 and C6509sup720 and the normal traffic is over
6-7G bps.
The link which I saw is below.
http://archives.neohapsis.com/archives/cisco/2003-q3/0010.html
---------------- example ---------------------------------
access-list 199 permit icmp any any echo
access-list 199 permit icmp any any echo-reply
route-map nachi-worm permit 10
! --- match ICMP echo requests and replies (type 0 & 8)
match ip address 199
! --- match 92 bytes sized packets
match length 92 92
! --- drop the packet
set interface Null0
interface <incoming-interface>
! --- it is recommended to disable unreachables
no ip unreachables
! --- if not using CEF, enabling ip route-cache flow is recommended
ip route-cache policy
! --- apply Policy Based Routing to the interface
ip policy route-map nachi-worm
Thanks for your time.
_________________________________________________________________
º¸´Ù ºü¸¥ ¼Ò½Ä, º¸´Ù ºü¸¥ Á¤º¸, MSN ´º½º¿¡¼ È®ÀÎÇϼ¼¿ä.
http://news.msn.co.kr/
More information about the cisco-nsp
mailing list