[c-nsp] Cisco way against DoS/DDos Attack?

Drew Weaver drew.weaver at thenap.com
Wed Jan 3 09:45:05 EST 2007


	I would recommend getting together with your ISPs and seeing if they have a proactive solution in place. Filtering at your borders is all fine and good but the traffic still hits your port, uses your bandwidth, which in turn wastes your money. You could try also seeing if your upstream provider offers BGP communities for blackholing hosts within your network. Although the way I see it this isn't really a solution because if you blackhole your customer his site/whatever goes down. 

	The only real way to mitigate a DDOS is to have more bandwidth/hardware than the ~800 cable modems which are hitting you :-)

-Drew

-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Monty Ree
Sent: Wednesday, January 03, 2007 3:37 AM
To: cisco-nsp at puck.nether.net
Subject: [c-nsp] Cisco way against DoS/DDos Attack?

Hello, list.

A friend of mine who manages network, have suffered from Dos/DDoS attack from zombie PC last night.
When the attack was going, traffic was about 2~3GBit/s over.
Now the attack is not going, but someday can be attacked again.
Surely, my network can be attacked by ddos too.
 
So, is there any cisco method against DDoS attack which send large
traffic(bps,pps) like above?

If I have been attacked, I would be do below..

1st.  find source & dst ip which related attack and null routing.
     # ip route 1.1.1.1 255.255.255.255 Null 0

2nd. filter source ip using access-list

3nd. rate-limit per ip
ex) rate-limit input access-group 150 2000000 250000 250000 conform-action transmit exceed-action drop

4nd. ????

If DDoS was attacked, filtering all source ips would not the right answer.
and firewall would't  defense because of large traffic. 

So is ther any good method or documentation or new technology against DDos Attack using cisco?

My network equipment is GSR(12008) and 6509sup2.


Thanks for your time..

_________________________________________________________________
지금 가까이 있는 싱글들을 찾아 보세요! 
http://match.kr.msn.com/channel/index.aspx?trackingid=1002127 




More information about the cisco-nsp mailing list