[c-nsp] Safer DDOS drops
Łukasz Bromirski
lukasz at bromirski.net
Fri Apr 8 16:27:47 EDT 2011
On 2011-04-08 22:18, Peter Kranz wrote:
> So today one of our customers was being hit with a DDOS attack with the
> following signature; basically a bunch of UDP junk of about 5 Gbps in
> volume..
> The device facing the customer is a 6500 with a Sup720-3BXL running
> 12.2(33)SXI3..
> Attempted to alleviate the customer port congestion by adding the following
> to the port (an etherchannel made up of 2 1G ports on a WS-X6516-GBIC)
> access-list 101 remark DOS Attack blocker
> access-list 101 deny udp any host 208.71.159.144
> access-list 101 permit ip any any
> ip access-group 101 out
Let me guess - the 'no ip unreachables' wasn't configured, and you
didn't have mls rate-limits nor CoPP configured?
--
"There's no sense in being precise when | Łukasz Bromirski
you don't know what you're talking | jid:lbromirski at jabber.org
about." John von Neumann | http://lukasz.bromirski.net
More information about the cisco-nsp
mailing list