[c-nsp] DOS attack
Heath Jones
hj1980 at gmail.com
Tue Aug 3 18:45:43 EDT 2010
the way i'm reading that is that source mac 0018.742f.b380 is passing icmp
ttl expired frames.
sending ttl expired icmp messages is a known dos attack.
On 3 August 2010 23:16, sherif mostafa <sherifmka2004 at hotmail.com> wrote:
>
> Dears,
>
> Could anyone help please as I've faced an error message "DOS" below that
> caused high CPU usage:
>
>
> ERROR 08/02/2010 16:22:46 CAI dosProtection: Flow is suspicious:
> GigabitEthernet11/0.410 for control protocol: IP TTL Expired source MAC
> 0018.742f.b380 with rate 241 pps
> ERROR 08/02/2010 16:24:11 CAI dosProtection: Flow is suspicious:
> GigabitEthernet11/0.410 for control protocol: IP TTL Expired source MAC
> 0018.742f.b380 with rate 11 pps
> ERROR 08/02/2010 16:24:38 CAI dosProtection: Flow is suspicious:
> GigabitEthernet11/0.410 for control protocol: IP TTL Expired source MAC
> 0018.742f.b380 with rate 10 pps
> ERROR 08/02/2010 16:24:59 CAI dosProtection: Flow is suspicious:
> GigabitEthernet11/0.410 for control protocol: IP TTL Expired source MAC
> 0018.742f.b380 with rate 10 pps
> ERROR 08/02/2010 16:26:57 CAI dosProtection: Flow is suspicious:
> GigabitEthernet11/0.410 for control protocol: IP TTL Expired source MAC
> 0018.742f.b380 with rate 20 pps
>
>
>
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list