[c-nsp] Safer DDOS drops

Peter Kranz pkranz at unwiredltd.com
Fri Apr 8 18:44:53 EDT 2011


Brandon, Peter, Phil thanks..

I removed 'ip accounting access-violations', used the fragments filter, and changed to ' mls rate-limit unicast ip icmp unreachable acl-drop 0' .. another >5Gbps attack in progress currently, but router CPU is happy and customer still in service.

-peter






More information about the cisco-nsp mailing list