[c-nsp] Safer DDOS drops
Dobbins, Roland
rdobbins at arbor.net
Fri Apr 8 23:01:41 EDT 2011
On Apr 9, 2011, at 5:44 AM, Peter Kranz wrote:
> I removed 'ip accounting access-violations', used the fragments filter, and changed to ' mls rate-limit unicast ip icmp unreachable acl-drop 0' .. another >5Gbps attack in progress currently, but router CPU is happy and customer still in service.
You can configure S/RTBH and use it to dynamically block attack sources:
<https://files.me.com/roland.dobbins/dweagy>
-----------------------------------------------------------------------
Roland Dobbins <rdobbins at arbor.net> // <http://www.arbornetworks.com>
The basis of optimism is sheer terror.
-- Oscar Wilde
More information about the cisco-nsp
mailing list